Forum Discussion
Deny traffic between VNETs when using peering Bastion Host VNET?
Like many fans of Bastion Host, I was really excited to see that Bastion Host can be used across peered VNETs. I gave this a bit of thought before going ahead and seeking thoughts on below. ...
You could add a Deny All if you worried about it, then look at Application Security groups to group your servers and only allow specific traffic between them (ie between App and DB servers only).
Then it is visibility, so either a Network Virtual Appliance or look at implementing Traffic Analytics - https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
Then it is visibility, so either a Network Virtual Appliance or look at implementing Traffic Analytics - https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics
- Thanks Luke. That's a bit better, but unless I'm mistaken, doesn't address the main issue.
In my scenario, the peering is purely for Bastion Host, no need for any traffic between the VMs directly. So specifying which traffic between the VMs is allowed won't address this.
