Forum Widgets
Latest Discussions
Please clarify for required certificates for P2S connection in Azure
Hi, For Point-to-Site connection in Azure, certificates of Windows are exported. Depending on Windows system, I have seen different situation in certmgr.msc as below 1st Windows system 2nd Windows system 3rd Windows system Please let me know Which certificates we need to export at certmgr.msc? If we need to export Personal certificate, what I need to do, if no certificates are showing or another certificates (like Adobe) are showing at Personal? Please clarify with additional required information. We’ll be thankful for your assistance. With Regards NndnG
Front door with private link service
Has anyone successfully used frontdoor with private link service? I have a typical setup that a VM with only private interface running IIS. In the same subnet as the VM, I created an internal load balancer. In the Front Door (Premium), I created the site and the origin has the private link service enabled, and approved. However, I can't reach to the site through frontdoor no matter what, though I can hit the load balancer directly and show the page without issue. One question I have is, in the frontdoor origin --> Host Name, what do you use there? Is that the private IP of the load balancer or the frontdoor url or the custom url for the site? Can't seem to find a clear document that has some details on.
Azure traffic to storage account
Hello, I’ve set up a storage account in Tenant A, located in the AUEast region, with public access. I also created a VM in Tenant B, in the same region (AUEast). I’m able to use IP whitelisting on the storage account in Tenant A to allow traffic only from the VM in Tenant B. However, in the App Insights logs, the traffic appears as 10.X.X.X, likely because the VM is in the same region. I'm unsure why the public IP isn't reflected in the logs. Moreover, I am not sure about this part https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security-limitations#:~:text=You%20can%27t%20use%20IP%20network%20rules%20to%20restrict%20access%20to%20clients%20in%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20IP%20network%20rules%20have%20no%20effect%20on%20requests%20that%20originate%20from%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20Use%20Virtual%20network%20rules%20to%20allow%20same%2Dregion%20requests. This seems contradictory, as IP whitelisting is working on the storage account. I assume the explanation above applies only when the client is hosted in the same tenant and region as the storage account, and not when the client is in a different tenant, even if it's in the same region. I’d appreciate it if someone could shed some light on this. Thanks, MohsenAzure VPN client vs OpenVPN network peering transit behaviour
Hello, We currently use an OpenVPN access server running on an Azure VM, connected to VNet B which is peered with VNet A and VNet C. VNets A, B and C are all peered with one another and are 10.x.x.x networks. When connected to OpenVPN client, which routes all 10.0.0.0/8 traffic to VNet B connections succeed to VMs on VNets A, B and C. I want to transition from OpenVPN to the Azure point-to-site VPN configured on VNet B, but in testing, I am unable to connect (transit) to VNets A or C via the Azure P-2-S client connection. I have added a custom route to the VPN Gateway on VNet B, advertising 10.0.0.0/8 - the same as the OpenVPN client, but unlike with OpenVPN which facilitates routing to VNets A and C, the Azure VPN client connection, only connects to VMs on VNet B. Why would my OpenVPN client route traffic via peerings from Vnet B to Vnets A and C but the Azure VPN client does not do the same and only connects (routes) to VNet B. Thanks in advance for any advice
Missing description field for Azure Firewall Policy Rule Collection Group rules
In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the `description` field is listed as valid for individual rules: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/firewallpolicies/rulecollectiongroups?pivots=deployment-language-bicep#firewallpolicyrulecollection-objects However, the `description` property is not visible in the portal, or when querying rules with PowerShell, even when the rules are deployed with this property set. Is this an error in the API definition/resource schema? Would be very useful if this property is 1) Actually represented in the resource properties in Azure 2) Visible in the portal (via Firewall Manager)
Not able to setup azure private endpoint url as webservice/backend for Azure API Management service
Hi all, I have integrated Private endpoint connected to private link service. Private link service is created by azure standard load balancer created by kubernetes load balancer service using below annotations . annotations: service.beta.kubernetes.io/azure-load-balancer-internal: "true" service.beta.kubernetes.io/azure-pls-create: "true" service.beta.kubernetes.io/azure-pls-name: myPLS service.beta.kubernetes.io/azure-pls-ip-configuration-subnet: YOUR SUBNET service.beta.kubernetes.io/azure-pls-ip-configuration-ip-address-count: "1" service.beta.kubernetes.io/azure-pls-ip-configuration-ip-address: SUBNET_IP service.beta.kubernetes.io/azure-pls-proxy-protocol: "false" service.beta.kubernetes.io/azure-pls-visibility: "*" # does not apply here because we will use Front Door later service.beta.kubernetes.io/azure-pls-auto-approval: "YOUR SUBSCRIPTION ID" i am getting expected response i.e response from kubernetes service from Private endpoint ip which confirms that private link and private endpoint integration is working fine. we now want to integrate above private endpoint service with azure api management service so we tried adding private endpoint url as web service url for api management service but api management service is returning 500 error { "statusCode": 500, "message": "Internal server error", "activityId": "76261291-7121-4814-b0e4-66b52284d76c" } I also tried api management service Troubleshoot & analysis page for exact error its showing below error: BackendConnectionFailure An attempt was made to access a socket in a way forbidden by its access permissions <private_endpoint_url>:80 Please help me what i am doing wrong in this implementation Our requirement is to have kubernetes private load balancer and integrate it with azure api management service. so user can access api only through api management service and only api management service should be able to access load balancer service. Thanks in advance
Secondary ISP link missing in the configuration file of Site to Site VPN under VHUB
Hi, We have VHUB created in Azure and under VHUB, we have site. under the site we have 2 ISP liniks (Primary and Secondary). Primary is working fine. recently we have added secondary link for failover. we have added secondary link properly. but whenever we are downloading the configuration file of Site to Site VPN the secondary link details is missing in to it. Can anyone help us to fix the same. Thanks, P Anand
Multiple on-premises VPN devices
Hi All, I have a requirement to build a VPN tunnel from Azure to On Premise .On Premise,we have 2 VPN Gateway as Primary and Secondary . I believe we will have to create 2 VPN TUnnels to on premise . But I am confused how do I route the traffic to Primary and then to secondary (if Primary Fails) without using BGP Please helpEvent Hub Security (Networking)
Hello all, I have a logic app that streams enriched events into an event Hub. I noticed for this to work; I need to have the event Hub configured to "All Networks" as we currently do not have any Vnets or Private endpoints associated with the resource group. Does anyone have input on if the use of a private endpoint or vnet would help to secure the event hub? And if so where to begin in configuring said solution? Any input is greatly appreciated!
