Forum Widgets
Latest Discussions
Azure traffic to storage account
Hello, I’ve set up a storage account in Tenant A, located in the AUEast region, with public access. I also created a VM in Tenant B, in the same region (AUEast). I’m able to use IP whitelisting on the storage account in Tenant A to allow traffic only from the VM in Tenant B. However, in the App Insights logs, the traffic appears as 10.X.X.X, likely because the VM is in the same region. I'm unsure why the public IP isn't reflected in the logs. Moreover, I am not sure about this part https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security-limitations#:~:text=You%20can%27t%20use%20IP%20network%20rules%20to%20restrict%20access%20to%20clients%20in%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20IP%20network%20rules%20have%20no%20effect%20on%20requests%20that%20originate%20from%20the%20same%20Azure%20region%20as%20the%20storage%20account.%20Use%20Virtual%20network%20rules%20to%20allow%20same%2Dregion%20requests. This seems contradictory, as IP whitelisting is working on the storage account. I assume the explanation above applies only when the client is hosted in the same tenant and region as the storage account, and not when the client is in a different tenant, even if it's in the same region. I’d appreciate it if someone could shed some light on this. Thanks, Mohsen
Azure Express Route Peering with on Prem Firewall
Is there any way we can have express route peer BGP directly with on Prem Firewall via /29 subnet The firewall has active / standby and VIP. The express route peering require two /30 . if I have an active standby and VIP on the firewall how is that going to work ?
Storage not reachable from network using service endpoint.
Hello, Here is the situation. The storage (File share )had assigned networks to allow access. We refresh some changes in the NSG from the network using bicep code ( Outbound was permitted all- no change. Inbound - we updated a name of a rule). What happened: no more access to the storage. No more connection on SMB port. The port was reported as closed. We removed the storage configuration of allowed networks ( the status was still Green), we add it back and magically it started to work. Any hints of what could have went wrong? Thank you
CloudNetDraw – Instantly generate Azure network diagrams
Hi everyone, I wanted to share a tool I’ve built that might help some of you who regularly document or review Azure network topologies. CloudNetDraw is a free tool that generates Azure network diagrams (HLD and MLD) directly from your environment. It supports both user login and service principals — or you can self-host it. What it does: Visualizes hub and spoke topology Shows all subnets with CIDRs Highlights NSG and UDR presence Exports editable Draw.io files Hosted version available, or deploy it yourself Open source on GitHub Try it here: https://www.cloudnetdraw.com GitHub repo: https://github.com/krhatland/cloudnet-draw Privacy & Security: CloudNetDraw does not collect any information about your network resources or environment. Drawings are generated in memory and deleted immediately after use. We do not store, access, or analyze your topology data. Would love to hear your thoughts or suggestions! Thanks, KristofferMonitor Azure network components
Hi team, Hope you're doing well. Today, I need some advices to implement monitoring on network resources. For one of my clients, I'm in charge of deploying the dedicated infrastructure foundation for each project. This foundation is essentially composed of: A virtual network (VNET), One or more subnets (SNETs), A Route Table (RT) dedicated to a subnet, User Defined Routes (UDRs) associated with an RT, This infrastructure foundation is consumed by the project, so it's imperative that we have a dashboard view to assess the health of each component. To provide visual monitoring, I want to leverage Azure Monitor. I therefore want to create a Network dashboard, where I can see the status of resources at a glance. The problem is that the metrics currently offered by Azure Monitor for dashboard creation are quite limited, according to the official Microsoft documentation. Here is the list of official Microsoft links for Azure resources that offer metrics: VNEt and subnets - Virtual Networks: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/supported-metrics/microsoft-network-virtualnetworks-metrics I also checked on Network Insights, and unfortunately, the solution don't support the mentioned components. I know it's also possible to use workbooks to retrieve certain information. Are there any native Azure solutions that provide visual monitoring of these resources? Thank you for your help.Az Virtual Network Manager Multi-Region Hub-Spoke Topology
I'm evaluating Network Manager for a customer with a fairly default topology scenario being multi-region hub-spoke with inter-region meshed hubs. However, I find the existing documentation unclear and the product not intuitive enough on how to achieve this. There is a matching graphic on this following learn article, but the accompanying text above rather mentions the global mesh option to connect spokes in different regions, not hubs... https://learn.microsoft.com/en-us/azure/architecture/networking/architecture/hub-spoke#automation-with-azure-virtual-network-manager My configuration approach so far is: Network groups containing all VNets of a region Hub & spoke connectivity configuration applied with group and selecting matching regional hub VNet Network group of hub VNets Mesh connectivity configuration with global mesh enabled applied to group However, when I look at the visualization, there seems to be no connection among the hubs. Is this the right way or did I miss/misinterpret something?Azure Load Balancer and security headers
Hi, If I need to set Access-Control-Allow-Origin (something else than *) in the server. Does anybody have experiences if that is header is traveling through the Azure Load Balancer? Some documentations are saying that LB needs to be able to support these headers. I'm asking this in this way, as this is kind of preparing for the future, while not be able to test that yet. Neither I was not able to find any Azure documentation for this.
DNS Private Resolver forwarding ruleset resiliency
We are using DNS Private Resolver for all our tenant's Azure DNS resolution. We have a DNS forwarding ruleset set up that forwards all DNS requests for "ourcompany.com." to 10.0.0.100 (primary onprem DNS server IP) and 10.0.0.200 (secondary onprem DNS server IP). This is all working fine. We have just been looking at the resiliency of this setup. If both IPs were unreachable for five minutes, would the DNS private resolver return any cached DNS results for *.ourcompany.com or would the queries simply fail? If only the primary IP (10.0.0.100) were unavailable, presumably DNS queries would still succeed due to use of the secondary IP, but would there be any noticeable increase in the time to respond to DNS queries as a result?
