Configuring Azure Firewall

Asked 2 years ago, Updated 2 years ago, 51 views

Understanding Firewall Settings

Symptom: AzureVM Cannot Connect to Azure (Connect-AzAccount, Cannot Send Error)

How to Improve: Change Azure Firewall Settings

source protocol:type of port destination   Destination
"AzureVM Private IPAddress" 80,443 IP Address*

The above settings have been newly added to Network Rules.I was able to connect to Azure. (Connect-AzAccount was successful.)

ASK:
If you specify "*" as the destination, I think it is dangerous for AzureVM to be safe."
I would like to specify a minimum destination so that I can connect to Azure (Connect-AzAccount, Storageaccount, and AzureBackup).
Could you tell me about the destination settings?

azure

2022-09-29 21:51

2 Answers

If you want to use Azure PowerShell to manipulate storage accounts and backups, you can use Azure Firewall application rules to allow:(We have not verified the operation.)

  • login.microsoftonline.com
  • management.azure.com


2022-09-29 21:51

I think there's something wrong with the premise

Is it really the purpose of hitting Azure's API from the VM?

Because of the system's reasons, I don't understand the assumption that the VM hitting the API is "dangerous to be able to connect via HTTP/HTTPS other than Azure'sFor example, how do you update the operating system or install software?

Apart from that, if you really want to block other communications, you can filter them by hostname.

Normally, it's better to use a URL-based filter with Proxy, but since Proxy servers can access any site, they're likely to be called "dangerous", so you'll have to use a third-party firewall where you can write policies based on hostname


2022-09-29 21:51

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.