Forum Discussion
SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you
missed the live session.
*************************************************************
Please join us in this Ask Me Anythin...
Will we be having RBAC based ACLs for Firewall or VPNs?
Scenario - I have 5 VNets in my environment, VNet1......VNet5. All in hub and spoke architecture. with HUB having Azure VPN and possibility of Azure firewall is also there.
I have 3 users, User1.......User3.
All these users are using P2S VPN to connect to Azure.
Conditions -
User1 should only be allowed to access Vnet1 and VNet3.
user2 should be allowed to access VNet2,Vnet3 and VNet5
user3 should be allowed to access only VNet5.
This is one of the major requirements which currently isn't fulfilled by either Azure VPN or Azure Firewall, and I have customers switching to a different NVA provider like Barracuda just for this.
Do we have this feature anywhere in the roadmap?
Thanks!
Scenario - I have 5 VNets in my environment, VNet1......VNet5. All in hub and spoke architecture. with HUB having Azure VPN and possibility of Azure firewall is also there.
I have 3 users, User1.......User3.
All these users are using P2S VPN to connect to Azure.
Conditions -
User1 should only be allowed to access Vnet1 and VNet3.
user2 should be allowed to access VNet2,Vnet3 and VNet5
user3 should be allowed to access only VNet5.
This is one of the major requirements which currently isn't fulfilled by either Azure VPN or Azure Firewall, and I have customers switching to a different NVA provider like Barracuda just for this.
Do we have this feature anywhere in the roadmap?
Thanks!
- SaleemBseeu
Microsoft
For best insights into our roadmap and an opportunity to actively contribute your valuable feedback to our product team, we invite you to join our private community. You can access the community by visiting: https://aka.ms/PrSecCom
To effectively handle scenarios like these, I would recommend utilizing IP groups. With IP groups, you can categorize users based on their source IPs, such as administrators, sales teams, and accounting departments, and then configure your firewall rules accordingly. - 1.how we can backup our rules in firewall?
2.whats best practice for north-south and east west traffic?
3.do we need to have ELB in front of firewall ?- gusmodena
Rahulggupta25, please find my comments below:
1.how we can backup our rules in firewall? Answer: Take a look at the following blog post describing the steps to backup your Azure Firewall.
2.whats best practice for north-south and east west traffic? Answer: Could you elaborate more? You can use the same Azure Firewall deployment to protect both north-south and east-west traffic. Check the recommendations at this Well-Architected Framework document for Azure Firewall.
3.do we need to have ELB in front of firewall? Answer: No, you don't need to create an ELB in front of Azure Firewall. Azure Firewall is high available by design. - sorry new here - is there a webinar link or ? I'm all signed up but not seeing a link...
thx
