Azure Networking | Microsoft Community Hub

Forum Widgets

Latest Discussions

How to setup Internet access after All Basic IPs be retired on September 30, 2025
As subject, what can I do to maintain Internet access
Solved
JasonIp
Copper Contributor
Sep 23, 2025
48Views
0likes
1Comment
Hub spoke design with NVA firewall
I have my Azure landing zone setup but it isn't working as i expected. So i have a vnet named vnet-lz-fw-001 with 2 subnets. External and Trusted. I then have a NVA Watchguard Firewall with an interface on each subnet. I then have 2 further vnets, vnet-lz-prod-001 and vnet-lz-id-001. Each of these vnets has peering to vnet-lz-fw-001 but no peering between each other. vnet-lz-prod-001 and vnet-lz-id-001 have user defined routes to point to each other via the trusted interface on the Watchguard NVA The Watchguard firewall has static routes to point to each subnet in the vnets via the Trusted interface gateway address. Virtual machines in both vnet-lz-prod-001 and vnet-lz-id-001 can ping each other, but when they do its not routing via the Watchguard firewall. Is this as expected behavior? Virtual machines in both vnet-lz-prod-001 and vnet-lz-id-001 can ping the trusted interface on the Watchguard Firewall ok
Solved
jlhall1000
Copper Contributor
Sep 10, 2025
virtual network
80Views
0likes
1Comment
Azure Firewall has no capacity to maintain source IP on outbound traffic?
Hello all, My use case: To have multiple static public IP addresses attached to Azure Firewall with SNAT rules configured so that the public IP isn't just randomly selected. We have multiple services that have whitelisting configured for specific public load balancer IPs and now we are trying to move them behind Azure Firewall. Since there is whitelisting on the destination, the public IP being randomly selected won't work. My resources: One instance of premium SKU Azure Firewall. Hub and spoke architecture. Route tables being used to force traffic through Firewall (routed to private IP of firewall) The research I have conducted: I have tried absolutely everything I can think of before coming to this forum and from what I can tell the 4 ways of outbound connectivity provided by Azure are: Default outbound connectivity. Against best practice to do this and won't work since its routing through a virtual appliance (firewall) Associate a NAT gateway to a subnet. This won't work since we have only one instance of Azure Firewall and the requirement for multiple public IPs to be used. Assign a public IP to a virtual machine. Not applicable, sitting in backend pool of a load balancer, single public IP to be used for multiple member servers. Using the frontend IP address(es) of a load balancer for outbound via outbound rules. Needs to go through the firewall, impossible unless we can somehow integrate the firewall between the load balancer and the backend pool? Expanding more on the load balancer scenario, I ran across this documentation in Microsoft Learn. This looks great to tackle the asymmetric routing issue, however, we are only interested in maintaining the source IP for outbound traffic, this would again just use the firewalls public IP for outbound traffic and again randomly select it. Consensus: It seems bizarre to me that Azure has no capacity for static SNAT configuration like most firewalls do. I would have thought a large amount of use cases would require this function. Am I missing something? Is there another workaround? Or is Azure just behind the 8ball with networking. Thanks heaps in advance for any help :) Much Appreciated, usernameone101
Solved
usernameone101
MCT
Jan 03, 2025
azure firewall
load balancer
535Views
0likes
2Comments
The Subscribtion Dioes not Containst any Registered ASNs
https://learn.microsoft.com/en-us/azure/internet-peering/howto-subscription-association-portal I have follow this documentation and enable Microsoft.Peering. But When I try to add asn it says your subscription Does not contain any registered ASN. Please help me to fix this issue. https://i.is.cc/sEq7Idf.png TrackingID#2407180030009866 This is my Tracking ID please check this issue and response my email which was not address from last 48 hours untill now
Solved
wajid4226594
Copper Contributor
Jul 22, 2024
741Views
0likes
3Comments
Network assessment
hi folks, for a customer we have to made a "Network assessment" within his current azure environment. Task we plan to use is for a 1st step to use the Network from Insights to see the health, connectivity and traffic information. Next where we want to look is under Network - monitoring-Diagram. Do you have further services, solutions to look or add to make a assessment of the customer network? Thanks for your replies
Solved
carlicht
Copper Contributor
Jun 17, 2024
1.1KViews
0likes
2Comments
Azure Function with public access disabled
I have disabled public acess of Azure Function. The function is not integrated with VNet and does not have any private endpoint. I confirmed that if I call the function Url from Postman I get 403 Ip Forbidden, which is expected. However, when I configure the function as backend for Api Management intgrated with VNet , I am still able to call it and get 200 Ok response. How is this possible?
Solved
kaushikc139
Copper Contributor
Apr 20, 2024
virtual network
1.7KViews
0likes
3Comments
Express route: dedicated and/or private
To my understanding, Expressroute provides a DEDICATED connection via a partner provider to the Azure cloud; avoiding the public internet. Now from what I understand (please someone correct me); this connection is dedicated but not actually private. It private because it avoid the public internet, but not private as far if the connection was intercepted, data by default is not encrypted? So for it to be a private connection as well as dedicated, you need to establish a VPN tunnel(or related privacy enabled configuration) between your on premise and azure hosted service/resource/vnet/etc. Is this correct, or is the connection from on premise to the azure platform via expressroute, is automatically encrypted end to end? but not once into the azure platform itself? At what pointy if any, is express route not private (encrypted)? I'm studying for az104, and I'm trying to get a solid answer, if by default, is express route, dedicated and private; encrypted not just "private by avoiding the public internet". the latter is not truly private, its just segregated from public traffic.
Solved
Charles_morales
Copper Contributor
Mar 19, 2024
962Views
0likes
2Comments
NAT GW operation
In a course, the below image is used to illustrate the operation of NAT GW. What I don't understand here is how asymmetric traffic is avoided. If an Azure resource is accessed over its associated public IP and the response comes back via the NAT GW performing SNAT using a different IP address, then most probably this traffic would be dropped by any well-behaving source entity. For instance, assuming HTTP traffic, I can't imagine a TCP session established like that. How does this work ?
Solved
lafrankhu
Copper Contributor
Feb 02, 2024
626Views
0likes
2Comments
azure dns and access from a azure vpn connection (openvpn ssl)
Hi there, We are trying to configure a dns server within our private virtual network. We managed to make it working within the virtual networks no issues there. We have users using the Azure VPN client connecting to the Azure private networks via the VPN network gateway. These users can connect to the VMs using the IP addresses but not the DNS names of these VMs. Anyone might now what the issue could be? we first tried the firewall DNS, then we tried a dns running on a VM instance to no avail. Thank you
Solved
jmoriss7
Copper Contributor
Jan 11, 2024
993Views
0likes
3Comments
Azure Resource Health
Hi, How to get the exact Resource Health view(as above) using Azure Resource Graph Explorer query
Solved
DivyaSampath
Microsoft
Oct 26, 2023
461Views
0likes
1Comment

Resources

Tags

virtual network48 Topics
vpn gateway24 Topics
azure firewall23 Topics
virtual wan17 Topics
application gateway13 Topics
load balancer12 Topics
azure private link10 Topics
azure expressroute9 Topics
azure dns9 Topics
azure front door8 Topics