Thoughts from the clouds
This post will explore the functionality in Azure Application Gateway for Containers (AGC) to integrate with an Istio service mesh in Kubernetes. This blog is part of a series: If you are here, you probably know what Application Gateway for Containers (AGC) is, if not, please refer to the previous posts in this series. You might not … Continue reading Application Gateway for Containers: Istio integration (6)
This post will explore the new support in Azure Application Gateway for Containers (AGC) for Web Application Firewall (WAF) as documented in https://aka.ms/agc/waf. This blog is part of a series: Before we start, kudos need to go to the great Christof Claessens, author of this extremely useful Azure Monitor Workbook to triage WAF logs. Is WAF a big … Continue reading Application Gateway for Containers: Web Application Firewall support (5)
In my recent blog series Private Link reality bites I briefly mentioned the possibility of inspecting Service Endpoints with Azure Firewall, and many have asked for more details on that configuration. Here we go! First things first: what the heck am I talking about? Most Azure services such as Azure Storage, Azure SQL and many … Continue reading Azure Firewall and Service Endpoints
This one is going to be quick. The question is the following: if you have an Network Security Group rule in Azure that matches any protocol, but a specific TCP or UDP port number, what is the effect? Would protocols such as ICMP be matched as well? To verify this I have this NSG: If … Continue reading NSG: any protocol, specific port?
Azure Traffic Analytics and NSG flow logs are one of Azure’s best kept secrets. In short, you can log every single network flow going through your Network Security Groups (NSGs), including the number of packets and its ingress/egress bandwidth. Traffic Analytics already makes a great job at showing interesting stuff: the scenarios documented in the … Continue reading Azure Traffic Analytics and Breach Detection
Cloudtrooper 