Thoughts from the clouds
This one is going to be quick. The question is the following: if you have an Network Security Group rule in Azure that matches any protocol, but a specific TCP or UDP port number, what is the effect? Would protocols such as ICMP be matched as well? To verify this I have this NSG: If … Continue reading NSG: any protocol, specific port?
Virtually every expert out there recommends following an Infrastructure-as-Code approach to manage Azure Networks, and even more so when dealing with traffic segmentation features such as firewall rulesets and network security groups (those tend to change more frequently than other resources). And yet, there is surprisingly little guidance on how to do so, and about … Continue reading Deploy (Azure) Network-as-Code as a champ
As you might already know, there are a couple of ways of filtering traffic in Azure Virtual Networks: Network Security Groups (NSGs) and Azure Firewall. NSGs offer unlimited performance for Layer 4 filtering, while Azure Firewall is more powerful with features like deep packet inspection or application-level intelligence. However, even if these solutions follow a … Continue reading Combining Azure Firewall and Flow Log analysis
Azure Traffic Analytics and NSG flow logs are one of Azure’s best kept secrets. In short, you can log every single network flow going through your Network Security Groups (NSGs), including the number of packets and its ingress/egress bandwidth. Traffic Analytics already makes a great job at showing interesting stuff: the scenarios documented in the … Continue reading Azure Traffic Analytics and Breach Detection
If you are reading this, you probably already know what Azure Private Link is: a representation of a service such as Azure Storage, Azure SQL Database, Azure Application Service, or even some application running in a different Virtual Network, in your own Virtual Network with a private IP address of your own. This is a … Continue reading Filtering traffic to Private Endpoints with Azure Firewall
Hey there, welcome to yet another instance of the wonderful networking world of Kubernetes. Today I will explore some new cool stuff that recently came to Azure Kubernetes Service (AKS), plus one thing I did not have in previous blogs. First things first, this is a blog series, you can find previous installments here: Part … Continue reading A Day in the Life of a Packet in AKS (part 4): NSGs
Cloudtrooper 