Tag: azure firewall

Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

by erjosito

I have recently expanded my SDWAN in hub-and-spoke networks design guide to include SDWAN-to-firewall routing. Initially I didn’t have this point, but recent conversations have made me realize that not everybody understand this. The main difficulty in this topic is related to the fact that you cannot inspect the effective routes of your Virtual Network … Continue reading Do not let ExpressRoute, VPN and SDWAN traffic bypass your firewall

Designing your SDWAN and Firewall into Azure Hub and Spoke

by erjosito

Designing network connectivity in public cloud can very quickly become a daunting task. Of course, public cloud providers do offer native networking services, and with those it is fairly easy. This should always be your primary route (pun intended). For example, in the case of Azure, using Virtual WAN and its native integration with both … Continue reading Designing your SDWAN and Firewall into Azure Hub and Spoke

Deploy (Azure) Network-as-Code as a champ

by erjosito

Virtually every expert out there recommends following an Infrastructure-as-Code approach to manage Azure Networks, and even more so when dealing with traffic segmentation features such as firewall rulesets and network security groups (those tend to change more frequently than other resources). And yet, there is surprisingly little guidance on how to do so, and about … Continue reading Deploy (Azure) Network-as-Code as a champ

Virtual Network Gateways routing in Azure

by erjosito

If you have ever used Azure, you probably have used one of these Virtual Network Gateways too: whether it is to connect your branches and headquarters with Azure via IPsec VPN or ExpressRoute, or to provide connectivity to your mobile workers or external partners through Point-to-Site VPNs. In this post I will go deep on … Continue reading Virtual Network Gateways routing in Azure

Filtering AKS egress traffic with Virtual WAN

by erjosito

If you are reading my blog you probably know what Virtual WAN and Azure Kubernetes Service are. You probably know as well that you can configure AKS so that egress traffic is sent through an Azure Firewall by using Azure routing as described in the article Control Egress Traffic in AKS. That article explains how … Continue reading Filtering AKS egress traffic with Virtual WAN

Combining Azure Firewall and Flow Log analysis

by erjosito

As you might already know, there are a couple of ways of filtering traffic in Azure Virtual Networks: Network Security Groups (NSGs) and Azure Firewall. NSGs offer unlimited performance for Layer 4 filtering, while Azure Firewall is more powerful with features like deep packet inspection or application-level intelligence. However, even if these solutions follow a … Continue reading Combining Azure Firewall and Flow Log analysis

Importing Palo Alto policies to Azure Firewall

by erjosito

I recently had a project where we had the chance to convert a Palo Alto ruleset to an Azure Firewall Policy. I had recently created a script to generate a Firewall Policy for Microsoft 365 endpoints, so the challenge was using that work as a basis to generate an Azure Firewall Policy out of the … Continue reading Importing Palo Alto policies to Azure Firewall

Azure Firewall rules for Office 365

by erjosito

This post is going to be a bit different than the rest, because I have no complex network designs with many boxes and IP addresses. Instead, I have been confronted with a different challenge: how can you configure Azure Firewall to allow traffic to Office 365 endpoints? Why would you want to do that? There … Continue reading Azure Firewall rules for Office 365

Azure Firewall’s sidekick to join the BGP superheroes

by erjosito

Azure Firewall is a fantastic product: oversimplifying, an architecture that scales out great, provides traffic forwarding and security in Azure, and is very easy to integrate in a network. Some times you need to manipulate the default routing of Azure VNets, and Azure Route Server offers an invaluable tool for that. However, Azure Route Server … Continue reading Azure Firewall’s sidekick to join the BGP superheroes