Forum Widgets
Latest Discussions
502 Bad Gateway error for Azure Application Gateway
I am facing a challenge where in App GW can't connect to a backend ubuntu VM when Azure VMSS is being used. When I tested, my python application is responding with 200 status code locally. curlhttps://0.0.0.0:8000/v2/get_api_version-k {"code":200,"message":"AI API 2.0","version":2.1,"api date":"October 2021"} When accessing the URL from browser it is timing out with a message, "This site can't be reached". The App GW health probe responding with, "Cannot connect to backend server. Check whether any NSG/UDR/Firewall is blocking access to the server. Check if application is running on correct port". I made sure that port 8000 is added to NSG inbound security rule, Load balancer rule and listens to port 8000 on App GW. This VM is pingable but can be accessed from other devices on the same subnet. There were no firewalls that's blocking the incoming traffic. I tried to follow majority of the recommendations but nothing seems to be working. I understand the incoming traffic is blocked which is causing 502 bad gateway error. Appreciate your suggestions or sharing your experiences. Thank youVasuDundiOct 27, 2023Copper Contributor13KViews0likes3CommentsUnable to connect to resources via site to site vpn using Meraki VMX100
Hi. We have established a site to site vpn between our Azure Meraki vmx100 (managed Azure service/app) and our on premise mx64. Although the tunnel is up, running and passing traffic, I can't rdp to my resources in Azure. I spoke to Cisco and they confirmed my vmx100 is configured correctly and traffic is reaching the Azure resources however traffic from Azure VM is not being passed back. I need, specifically, to be able to rdp to the VMs in Azure. I have set up routes but obviously they are not correct or else this would be working! I have also set up network security groups allowing inbound and outbound traffic to port 3389 (rdp). When I run the connection test it tells me that access has been granted. However, when I try to rdp using the MS rdp client, I get the generic unable to connect message. When I try to rdp using the Azure rdp client, it tells me another computer has disconnected my session which is not possible since I'm the only one setting this up. Anyone out there that has successfully set up a Cisco Meraki VMX100 in Azure and is able to access the resources in Azure behind the vmx100? Thanks, Sharyn_SSharyn_SOct 21, 2020Copper Contributor11KViews0likes7Commentsazure site to site vpn setup connected but no traffic either way
hi team, I have setup vpn connection between my azure portal and on-premises windows server 2019 machine (rras server), however i am not seeing any traffic. My setup is as follows: my azure vm has private ip of 10.1.0.4 and public ip of 20.180.x.x. my on-premises windows server ethernet adaptor ip add : 10.0.2.15 netmask 255.255.255.0 gateway 10.0.2.2 ppp adaptor ip add 169.254.0.x netmask 255.255.0.0 my azure vm network details ip add v6 10.1.0.4 netmask 255.255.255.192 gateway 10.1.0.1 from windows server , ping 10.1.0.4 fails as request timed out from azure vm ping 10.0.2.15 fails as request timed out I can rdp and ping public ip address of azure vm from windows servercharneetOct 03, 2020Copper Contributor10KViews0likes3CommentsAzure Windows Desktop VM - Two Public IPs, One for VPN and One for RDP?
Problem I'm actually trying to solve: I have an Azure Windows Desktop VM set up that I need to RDP into and then connect to a VPN on that VM. Connecting to the VPN breaks the connection because split tunneling is not enabled (nor will it be allowed). I'm trying to find a way to stay RDP'd into the VM while connected to the VPN. Disclaimer: Neither networking nor Azure are my wheelhouse. And after burning through a couple of days of Googling and trying various hacks, I'm caving and asking here. 😉 My latest attempt at getting this to work involves configuring two NICs in the VM and giving each a public IP, along with each being on a separate private/internal subnet. The thought being that I could get the VPN to use one NIC while I RDP through the other interface (kind of like a management network on a server). However, the network gods are laughing at my feeble attempt. I can RDP into either of the public IPs, but as soon as the VPN connects, I'm booted from the RDP. I imagine that, at least in part, this has to do with the fact that the Windows route table shows two default routes: one over each of the interfaces. So, I have to ask...has anyone here been able to successfully pull something like this off? Or without split tunnel, am I just wasting my time? Thanks!zactrueloveNov 16, 2022Copper Contributor9.8KViews0likes2CommentsARM Template To create Multiple NSG's associate with existing Subnet
Hi All, I am trying to create Multiple NSG with multiple rules associate with subnets. Can anyone give me the Template file which is used as single Template file for Multiple NSG. Attached is the current files used by me for creating NSG. The problem in the below script is, It is not creating more than 2 NSG's. So that i am expecting to have a single Template and parameter file to create multiple NSG's. More likely to use copy loops. Template File: { "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.1", "parameters": { "virtualNetworkName": { "type": "String" }, "networkSecurityGroupName1": { "type": "String" }, "subnetName1": { "type": "String" }, "networkSecurityGroupRules1": { "type": "Array" }, "networkSecurityGroupName2": { "type": "String" }, "subnetName2": { "type": "String" }, "networkSecurityGroupRules2": { "type": "Array" } }, "variables": {}, "resources": [ { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2018-03-01", "name": "[parameters('networkSecurityGroupName1')]", "location": "[resourceGroup().location]", "properties": { "securityRules": "[parameters('networkSecurityGroupRules1')]" } }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2017-08-01", "name": "apply-nsg-to-subnet1", "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]" ], "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ { "apiVersion": "2018-03-01", "type": "Microsoft.Network/virtualNetworks/subnets", "name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName1'))]", "location": "[resourceGroup().location]", "properties": { "addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName1')), '2018-03-01').addressPrefix]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]" } } } ] } }, "resourceGroup": "[resourceGroup().name]" }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2018-03-01", "name": "[parameters('networkSecurityGroupName2')]", "location": "[resourceGroup().location]", "properties": { "securityRules": "[parameters('networkSecurityGroupRules2')]" } }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2017-08-01", "name": "apply-nsg-to-subnet2", "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]" ], "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ { "apiVersion": "2018-03-01", "type": "Microsoft.Network/virtualNetworks/subnets", "name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName2'))]", "location": "[resourceGroup().location]", "properties": { "addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName2')), '2018-03-01').addressPrefix]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]" } } } ] } }, "resourceGroup": "[resourceGroup().name]" } ], "outputs": {} }SolvedvigneshkrcegmailcomNov 11, 2020Brass Contributor8.3KViews0likes19CommentsAzure Web Application Firewall (WAF) REGEX for Match Variable Selector
Hi Experts, We are trying to migrate our WAF solution to Azure WAF, and some validation rules use REGEX to match the Variable Selector. We are trying to implement the same on Azure WAF and are not sure if that is supported. The Azure Application Gateway WAF document does not cover that. Basically what we are trying to achieve is, to implement this (attached image): Match type: String Match variable: PostArgs Post args selector:arg\d{1,4} Followed by Operation and Action I am not sure if this is supported as the Azure Application Gateway WAF document does not mention it. We need a way to implement this rule so that it can cover multiplearg##instead of us having to create one rule for each. It is going to be difficult when we have, let's say, 100 args (arg1, arg2, arg3,......, arg100) or more. Is it supported on Azure Application Gateway WAF? If not, what are the other ways/workaround to implement the same? Thanks in advance!Sibba_SailorMar 24, 2023Copper Contributor6.6KViews0likes3CommentsIs it possible to authenticate to a proxy server on a VM from my local machine?
I have a proxy server set up/ simulated on an Azure VM, by using "FreeProxy Internet Suite". So the VM now has a simulated proxy server. I have gone to my Windows 10 Home machine , I can ping the VM using the public ip address provided by Azure. On my local remote machine I have changed the Proxy settings in Windows to use Manual proxy setup and set the Address in Manual proxy setup as the Public IP address of the VM given by Azure. The port also has been set as 808 in the FreeProxy Suite and that was set in the Manual proxy setup on the local machine. But when I browse the internet , I would have thought it would have asked for credentials, but instead it says "No Internet connection". How can i set my Manual proxy setup on the Windows Host in order to connect to the VM's proxy server to be authenticated ?KarenSaund888Apr 23, 2021Copper Contributor6.5KViews0likes2CommentsCreate a Network Security Group (NSG) with PowerShell in Azure and assign it to an existing subnet!
Hi Azure friends, I used the PowerShell ISE for this configuration. But you are also very welcome to use Visual Studio Code, just as you wish.Please start with the following steps to begin the deployment (the Hashtags are comments): #The first two lines have nothing to do with the configuration, but make some space below in the blue part of the ISE Set-Location C:\Temp Clear-Host #So that you can carry out the configuration, you need the necessary cmdlets, these are contained in the module Az (is the higher-level module from a number of submodules) Install-Module -Name Az -Force -AllowClobber -Verbose #Somevariables $location="westeurope" #LogintoAzure Connect-AzAccount #Selectthecorrectsubscription Get-AzSubscription Get-AzSubscription-SubscriptionName"VisualStudioEnterprise-Abonnement"|Select-AzSubscription Get-AzContext #Listexistingnetworksecuritygroups Get-AzNetworkSecurityGroup (Get-AzNetworkSecurityGroup).Name #SearchforResourceGroups (Get-AzResourceGroup).ResourceGroupName #Createadetailednetworksecuritygroup $rule1=New-AzNetworkSecurityRuleConfig-Namerdp-rule-Description"AllowRDP"` -AccessAllow-ProtocolTcp-DirectionInbound-Priority300-SourceAddressPrefix` Internet-SourcePortRange*-DestinationAddressPrefix*-DestinationPortRange3389 $rule2=New-AzNetworkSecurityRuleConfig-Nameweb-rule-Description"AllowHTTP"` -AccessAllow-ProtocolTcp-DirectionInbound-Priority400-SourceAddressPrefix` Internet-SourcePortRange*-DestinationAddressPrefix*-DestinationPortRange80,443 $nsg=New-AzNetworkSecurityGroup-ResourceGroupNametw-azuredemo-rg-Location$location-Name` "NSG-FrontEnd"-SecurityRules$rule1,$rule2 #ListallVnetsintheSubscription (Get-AzVirtualNetwork).Name #Let'screateavariable $VNet=Get-AzVirtualNetwork-Name'tw-vnet-workload' #Weneedthenameofthesubnet Get-AzVirtualNetworkSubnetConfig-VirtualNetwork$VNet|Select-ObjectName,AddressPrefix #Wesavetheinformationinavariable $VNetSubnet=Get-AzVirtualNetworkSubnetConfig-VirtualNetwork$VNet-Nameworkload #Weassociatethensgtothesubnet Set-AzVirtualNetworkSubnetConfig-Name$VNetSubnet.Name-VirtualNetwork$VNet-AddressPrefix$VNetSubnet.AddressPrefix-NetworkSecurityGroup$nsg #Update ourvirtualnetwork $VNet|Set-AzVirtualNetwork #Let'schecktheconfiguration (Get-AzVirtualNetwork-Name'tw-vnet-workload').Subnets Now you have used the PowerShell to create aNetwork Security Group (NSG) andassign it to an existing subnet! Congratulations! I hope this article was useful. Best regards, Tom Wechsler P.S.All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on github!https://github.com/tomwechsler6.4KViews0likes0CommentsExpressRoute and multiple tenants
Hi, We have a working ExpressRoute going into our main tenant. We apparently need to a have another tenant and the folks here, would like to have it connected through the same ExpressRoute. Is this possible? Let VNet in TenantB use the ExpressRoute in TenantA? Would this be as simple as connecting a new Vnet in another subscription, through creating a circuit authorization and use the authorization key in the new tenant? And then of course use routed subnets in the new tenants VNet? Number of VNets in both tenants is limited (less than 10) Thanks,hjeppesenNov 23, 2022Copper Contributor6.1KViews0likes2Comments
Resources
Tags
- virtual network42 Topics
- VPN Gateway22 Topics
- Azure Firewall21 Topics
- Virtual WAN15 Topics
- Application Gateway13 Topics
- Load Balancer11 Topics
- Azure Private Link9 Topics
- Azure Front Door8 Topics
- Azure ExpressRoute8 Topics
- Network Watcher7 Topics