Hello All
I am working on a project to migrate a telco software to Azure and I have a specific technical question in this context.
Thanks in advance
Ravi
I'm trying to poll some data about the Firewall using the Java SDK and I can't figure out how am I supposed to do so?
I'm using version 1.22.0 of azure and azure-mgmt-network
Please help
Hi Team,
I've Internet leased line which is operational but not in used, can i use in any way to connect to Azure network and access the azure resources.
Basically like can i connect the Leased line from router on premise to the azure vpn gateway. can the Leased line be utilized in anyway for azure environment.
thanks regards
Amey Naik
Amey naik
Apparently I can't include an image until my account had been verified...
...But I can't see a link anywhere to allow that to happen.
So: How does one verify an account on these 'ere forums?
Hi,
I've deployed a Ubuntu machine latest LTS on prem, and configured this to send logs to Azure Sentinel.I can see the server in the dashboards and heartbeats etc, but no syslog data.
When I check the on prem server, I can see it receiving syslog info from other on prem devices, by using command "tcpdump -A -ni any port 514 -vv" When I use the following command "tcpdump -A -ni any port 25226 -vv" to see if the OMS Agent installed as part of the Azure Sentinel setup is receiving anything, nothing is returned.
I used these two posts to help with the setup, as the pure "other syslog connection" is not complete.
https://docs.microsoft.com/en-us/azure/sentinel/connect-syslog
https://docs.microsoft.com/en-us/azure/sentinel/connect-cisco
My VPN Point-to-site configuration keeps failing with a generic error: "The current operation failed due to an intermittent error with gateway.....". Also, the configuration takes more than 30 minutes to try and save my changes and then fails.
Hi
We are trying to create a redundant VPN configuration.
- We have one Active/Active VPN Gateway in Azure with two public IPs and BGP enabled
- We have two FortiGate Firewalls configured in Active / Active configuration and internet connection terminated on both firewalls hence having two public IPs as well.
We are trying to create Two Site to Site VPN to Azure from each of the public IP on the FortiGate firewalls.
The idea is if one of the Azure Gateway or one of the Firewalls or one of the ISP goes offline, we still have connectivity.
We have successfully configured two VPN tunnel for each Public IP on the Firewall to both Azure Gateways (Active/ Active) using BGP.
The problem is traffic flow where we have intermitted drops and unable to communicate with virtual machines
where VM in that VNet is trying to send traffic via one gateway while BGP in Azure is trying to talk to firewall using the second gateway and vice versa.
Does anyone have any experience around Azure Active/Active VPN with FortiGate Active/Active Firewalls using BGP?? Any help would be great.
Thanks.
Regards
We need to record the client IP, but the vm behind the Azure Firewall doesn't seem to leave the client IP.
Can I add an x-forwarded-for header in Azure Firewall? Or is there another way?
I currently have a single instance of a web app, and I have a custom domain to use for that. I know the IP address of the web app, and in the DNS manager of the custom domain, I have the A record pointing to that IP address, and additionally a www.domain.com CNAME record pointing to the url of my Azure web app myappname.azurewebsites.net
In an attempt to get ready for some higher traffic levels, I've clones my web app across several app service plans, and set up a traffic manager, and all appears to be fine when I access the traffic manager via its url name myappname.trafficmanager.net.
I'd like to redirect my custom domain DNS to the TM from the single instance of the web app. My DNS provider does not allow for Domain Forwarding, which is the only solution that I have found for this issue.
I could reassign the A Record in my DNS manager, but Azure TM does not make the IP address of the TM known to me, so I can't redirect my A record.
I can redirect my www.domain.com CNAME record to the TM url (myappname.trafficmanager.net), so I think if the user types in www.mydomain.com, the traffic will go to the TM, but if the user types just mydomain.com, the traffic will go to the original, single instance web app, which is not what I want.
Is there a way to find the actual IP address of the TM, and if not, is there another way I can redirect my custom domain to the TM besides domain forwarding?
Any thoughts would be appreciated. Thank you.
hello!
I try to setup custom NVA (simple router with application specific functions) for my azure VNET.
My network:
internet <->subnet 1 with NIC1(NVA) <-> subnet 2 with NIC2 (NVA) and VM
I wish to filter in NVA VM traffic to/from internet.
As far as i understand i can use UDR to route outgoing traffic from VM to internet via NVA (and also i set forwarding flag on NVA NICs).. this step work ...
But after that i have problem . my simple NVA just forward packet from one interface to another (its simple router) - > so packet from NIC2 (with src IP of VM, and dst IP of internet service) forwarded to NIC1 and send to subnet 1 with original src IP (with src IP of VM, and dst IP of internet service)... and i cant see any answer from internet service.
So I have questions:
- can i create working solution for my case (when NVA not using NAT)
- can somebody tell me why my traffic drop somewhere and i can not see anwer in VM (i understand that traffic must not go thru my NVA, but why i can not see answer?)
- has Azure roadmap any plan to support source-based routing policy (as linux have) in UDR ?
Hi, I have set an outbound NSG rule to allow traffic toward an ldap server on port 389, however it seems the rule is not applied, cause when i do a telnet form the server it is not allowed.
For further test i have set a high priority rule denying all traffic any any in the outbound NSG rule, but all traffic is still allowed, except my ldap server, it seems NSG rules do not apply to my subnet even if it seems to be applied.
Any idea?
best regards
Hi
I am trying to play with traffic flow on PlaoAlto firewall with UDR. I created three interfaces (trusted, untrusted, dmz) in virtual PaloAlto firewall. Also created nsg for each interface subnet allowing rdp traffic. I have a host in dmz subnet natted to public ip. That public ip is configured as a secondary ip in the untrusted interface of firewall (not sure if its a right way). I configured the nat and acl inside the firewall to allow rdp access from a specific source ip (my home pc). When I try to rdp to that dmz host, it fails. when I check the firewall log, it shows the traffic gets hit on the firewall and it fails. When I check the Azure IP Flow tool providing Local IP, remote IP and ports, it shows traffic successful. Can somebody give me some tips on how can I troubleshoot traffic flow inside the azure and nail down where its being blocked.
When I bypass the UDR and map the dmz host directly to public ip and try to rdp , it works just fine.
Hello all,
I have configured a Virtual Network (10.0.0.0/16)
With two subnets (10.0.0.0/24 and 10.0.1.0/24)
There is a VM at 10.0.0.4 and one at 10.0.1.4
I have created a VN Gateway in my VNet (10.0.2.0/27)
It is assigned a Public IP
It is configured as
-Gateway Type: VPN
-VPN Type: Route-Based
-SKU: VPNGw1
I have configured a Point-to-Site configuration with the address pool 192.168.1.0/24
I have created Root and Client certificates
I have installed client certificate onto my test PC, along w/ the VPN Client connection software.
I can initiate and connect to my VPN setup using it.
I do see an assigned IP address of 192.168.1.2 assigned to my test PC.
I am not able to RDP to either of my VMs
Also, when I go to VNet Gateway and click on the P-to-S config, there is nothing listed under the "Allocated IP addresses" section of the screen, even though my PC does have an IP assigned by my setup.
I have used these two step by step write ups:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal
https://techcommunity.microsoft.com/t5/ITOps-Talk-Blog/Step-By-Step-Creating-an-Azure-Point-to-Site-VPN/ba-p/326264
What am I missing?
Why am I not able to access the two VM's I have setup?
Thank you
Seth
Our AKS cluster is now "fronted" with an Azure Application Gateway.
When I log in our custom asp.net core 3.0 app with Azure AD authentication, I get:
<center>Previously - when running in Webapps for containers, we were able to resolve that issue with the following setting:
.ConfigureKestrel(
(context, options) =>{options.Limits.MaxRequestHeadersTotalSize = 50 * 1024;}
)
So is this a settings that is available in the Application Gateway as well?
--
Apart from that, my colleagues are not having this issue, so it seems to be linked with all the claims/groups in Azure AD linked to my AD account. Filtering on the claims in the cookies sent back an forth could be a more future proof solution, although that is off-topic here ;)
--
cfr. https://twitter.com/IBruyninckx/status/1148255152157184001?s=20
Hi All
Does anyone know of a way that we can complete the configuration of a custom hostname binding on an appservice hosted website, or front door front-end server before the DNS has been configured?
We are looking at moving a significant number of sites over in the near future and would make the transition a lot smoother if we could configure the Azure end ready before the DNS records have been updated. I'm specifically concerned about users hitting the servers between when we update the DNS records and us getting everything configured on Az
Thanks in advance for any thoughts you have
Mark
unable to add SQL node behind a basic SKU load balancer?
I have done this previously last year when there with the basic sku LB and when the standard sku LB was not yet available.
However now when I attempt to add a SQL IaaS from the azure store to a basic LB it states that you must use a standard sku LB.
What is going on?? why does it not want to configure behind basic sku LB?
dsk
Hi,
I am creating a new MS Wan. When I try to associate the site and hub, I receive the following error:
{ "status": "Failed", "error": { "code": "ResourceDeploymentFailure", "message": "The resource operation completed with terminal provisioning state 'Failed'.", "details": [ { "code": "ConnectionOverlappingAddressSpaces", "message": "This gateway connection creates an address space overlap between two networks. The overlapping addresses are '10.1.100.0/24' and '10.1.100.0/24'.", "details": [] } ] } }
Has any one seen this? When I try to change the overlapping IP. It won't let me.