Forum Discussion
Valon_Kolica
Microsoft
MicrosoftSEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you
missed the live session.
*************************************************************
Please join us in this Ask Me Anythin...
Will we be having RBAC based ACLs for Firewall or VPNs?
Scenario - I have 5 VNets in my environment, VNet1......VNet5. All in hub and spoke architecture. with HUB having Azure VPN and possibility of Azure firewall is also there.
I have 3 users, User1.......User3.
All these users are using P2S VPN to connect to Azure.
Conditions -
User1 should only be allowed to access Vnet1 and VNet3.
user2 should be allowed to access VNet2,Vnet3 and VNet5
user3 should be allowed to access only VNet5.
This is one of the major requirements which currently isn't fulfilled by either Azure VPN or Azure Firewall, and I have customers switching to a different NVA provider like Barracuda just for this.
Do we have this feature anywhere in the roadmap?
Thanks!
Scenario - I have 5 VNets in my environment, VNet1......VNet5. All in hub and spoke architecture. with HUB having Azure VPN and possibility of Azure firewall is also there.
I have 3 users, User1.......User3.
All these users are using P2S VPN to connect to Azure.
Conditions -
User1 should only be allowed to access Vnet1 and VNet3.
user2 should be allowed to access VNet2,Vnet3 and VNet5
user3 should be allowed to access only VNet5.
This is one of the major requirements which currently isn't fulfilled by either Azure VPN or Azure Firewall, and I have customers switching to a different NVA provider like Barracuda just for this.
Do we have this feature anywhere in the roadmap?
Thanks!
SaleemBseeuMicrosoft
MicrosoftFor best insights into our roadmap and an opportunity to actively contribute your valuable feedback to our product team, we invite you to join our private community. You can access the community by visiting: https://aka.ms/PrSecCom
To effectively handle scenarios like these, I would recommend utilizing IP groups. With IP groups, you can categorize users based on their source IPs, such as administrators, sales teams, and accounting departments, and then configure your firewall rules accordingly.
To effectively handle scenarios like these, I would recommend utilizing IP groups. With IP groups, you can categorize users based on their source IPs, such as administrators, sales teams, and accounting departments, and then configure your firewall rules accordingly.
