User Profile
sachip-msft
Microsoft
Joined 4 years ago
User Widgets
Recent Discussions
Azure Firewall Public IP and DDoS protection
Hi, We have a zero trust network setup where we use Azure Firewall Standard Edition with hub/spoke model, there is mandatory requirement to assign few Public IP addresses to the firewall, we have included these assigned public IP addresses to a DDoS plan as well. There is no ingress in this environment (It is backend message processing system which does not need any internet / frontend web APIs). As we are running this in production, we see many DDoS mitigation alerts on firewall Public IPs. We are thinking of reducing cost and removing DDoS protection plan because only resources that are the plan are firewall's public IP addresses, hence the questions are: 1. how the azure firewall will behave if assigned public IPs are not included in DDoS protection plan? 2. Do azure firewall internally have bult in mechanism to defend against DDoS attacks on its public IPs 3. Is there standard recommendation that when Azure firewall is deployed, customers also must use DDoS plan?4.1KViews0likes2Comments