Hi Team,
We would like to capture the client machine IP address on in an application hosted on Azure VM and request is being passed through traffic manager.
Environment or Issue details:
Currently we are getting the firewall's IP address in the HTTP Server Variables.
Kindly guide us to achieve this.
Hello everyone,
let me elaborate my topology so that it makes sense to you guys.
i have public azure loadbalancer which is connected to my Palo alto firewall . My trust zone nic is connected to the front-end of azure Local load-balancer and local LB is finally connected to my webserver-set.
now things i have done on each appliance .
1. Azure public LB : it has one front-end ip and its backend has Palo Alto un-trust ip . i am using public LB for natting only . in nat rule i have implemented frontend ip translate to backend.
2. Palo Alto : i have created D-NAT rule which states the incoming traffic should be natted to my Local LB ip .and bi-directional policy which allows http traffic.
3. Local LB : on my local LB my back end has vm-pool . i have created health probe and also load-balance rule which states that on port 80 load-balance between respective vm .
4. UDR : i have created UDR for both vm which states that next hop is Local LB-frontend ip.
is there anything that i am missing or anything that i have added extra which should be fixed ?
Regards
Sadaat
Looking for experts to chime in on design information on Azure VPN Gateway Configurations. Current documentation docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq states that the subnet on a VPN gateway is recommended to be a /27 range which in most cases will get you @30 ip addresses. My question is specifically for planning and design, what would I use 30 IP addresses for(services, virtual nic, other things?) in that subnet, the documentation already states I cant put VM's out there, what ip based services should I be planning for that will use up the /27 recommended range as opposed to a /28 or /28 - What do I need to plan for that I am missing?
Murray
Hi,
We were using az extension add --name front-door command for front-door extension to run the front-door related scripts in AZ CLI task for DevOps.
As of now its not there in the available extensions. Let us know if something has been changed as related document doesn't have any modifications.
Refer snapshot for more details:
Please respond asap.
Hemant Kaushik
Is there a way through Azure CLI / Powershell / REST API to retrieve the Front Door Affinity cookies for the respective backend host names?
When session affinity is on, Front Door responds with a"ASLBSA" cookie value which corresponds to a backend.
With Azure Web Apps, these affinity values can be obtained with through Azure rest API.
Also, how reliable are these cookie values? How often does these cookie values change?
It would be nice to have some more documentation around this.
I haven't been able to find a maximum or default limit in Azure documentation for the max amount of public IP addresses that can be assigned to a single network interface. Private IP address max is 256 I believe, but haven't seen anything for public IP - I imagine it would be the same but just wanted to confirm. Thank you.
Unable to connect to a VM via name, only via IP address.
Any ideas how to resolve this?
Thank you
Decio
I have a vNet in Thai with one subscription ID. And I have another vNet in Hong Kong with another subscription ID and gateway with VPN connected to another network. They are policy gateway. All the resources are running.
I would like to sync the vNets but I don't know how to do it with the mentioned link.
Is it suitable by Global vNet peering in this case?
Can you please advise me?
Hi,
i created VM behide Azure Load Balancer. i want to use custom domain to Load Balance Public IP. for example i want to access url like 'xx.mvg.com' instead Load Balance Public IP from internet. how i can do it?
i tried to did followed reference link 'https://docs.microsoft.com/en-us/azure/dns/dns-custom-domain' but still not working.
Please recommend how to register my domain name i wish, i want map my domain name to my application running on VM behide Azure Load Balancer.
and Azure have service about internet domain registrar?
Thanks You,
za_phu
Hi
I am trying to play with traffic flow on PlaoAlto firewall with UDR. I created three interfaces (trusted, untrusted, dmz) in virtual PaloAlto firewall. Also created nsg for each interface subnet allowing rdp traffic. I have a host in dmz subnet natted to public ip. That public ip is configured as a secondary ip in the untrusted interface of firewall (not sure if its a right way). I configured the nat and acl inside the firewall to allow rdp access from a specific source ip (my home pc). When I try to rdp to that dmz host, it fails. when I check the firewall log, it shows the traffic gets hit on the firewall and it fails. When I check the Azure IP Flow tool providing Local IP, remote IP and ports, it shows traffic successful. Can somebody give me some tips on how can I troubleshoot traffic flow inside the azure and nail down where its being blocked.
When I bypass the UDR and map the dmz host directly to public ip and try to rdp , it works just fine.
I currently have a single instance of a web app, and I have a custom domain to use for that. I know the IP address of the web app, and in the DNS manager of the custom domain, I have the A record pointing to that IP address, and additionally a www.domain.com CNAME record pointing to the url of my Azure web app myappname.azurewebsites.net
In an attempt to get ready for some higher traffic levels, I've clones my web app across several app service plans, and set up a traffic manager, and all appears to be fine when I access the traffic manager via its url name myappname.trafficmanager.net.
I'd like to redirect my custom domain DNS to the TM from the single instance of the web app. My DNS provider does not allow for Domain Forwarding, which is the only solution that I have found for this issue.
I could reassign the A Record in my DNS manager, but Azure TM does not make the IP address of the TM known to me, so I can't redirect my A record.
I can redirect my www.domain.com CNAME record to the TM url (myappname.trafficmanager.net), so I think if the user types in www.mydomain.com, the traffic will go to the TM, but if the user types just mydomain.com, the traffic will go to the original, single instance web app, which is not what I want.
Is there a way to find the actual IP address of the TM, and if not, is there another way I can redirect my custom domain to the TM besides domain forwarding?
Any thoughts would be appreciated. Thank you.
Hi
We are trying to create a redundant VPN configuration.
- We have one Active/Active VPN Gateway in Azure with two public IPs and BGP enabled
- We have two FortiGate Firewalls configured in Active / Active configuration and internet connection terminated on both firewalls hence having two public IPs as well.
We are trying to create Two Site to Site VPN to Azure from each of the public IP on the FortiGate firewalls.
The idea is if one of the Azure Gateway or one of the Firewalls or one of the ISP goes offline, we still have connectivity.
We have successfully configured two VPN tunnel for each Public IP on the Firewall to both Azure Gateways (Active/ Active) using BGP.
The problem is traffic flow where we have intermitted drops and unable to communicate with virtual machines
where VM in that VNet is trying to send traffic via one gateway while BGP in Azure is trying to talk to firewall using the second gateway and vice versa.
Does anyone have any experience around Azure Active/Active VPN with FortiGate Active/Active Firewalls using BGP?? Any help would be great.
Thanks.
Regards
Hi,
despite me adding a CNAME on the DNS user interface of my domain provider I cannot validate a www subdomain for my website.
I correctly redirected the root domain using an A type entry and a TXT one, but when it comes to add a CNAME nothing changes despite following correctly the instructions and waiting more than 48 hours the button to add the domain on Azure is greyed out and the ownership of the domain is still labeled in red as missing. What is happening?
Can this be related to the datacenter choice I made for my app service and database (north europe instead of the default one) ?
Thanks in advance for any help.
Hi,
We were using az extension add --name front-door command for front-door extension to run the front-door related scripts in AZ CLI task for DevOps.
As of now its not there in the available extensions. Let us know if something has been changed as related document doesn't have any modifications.
Refer snapshot for more details:
Please respond asap.
Hemant Kaushik
Hi,
I provisioned a VM and a Azure Firewall. I created a public IP for the VM and added a DNAT on the Firewall. It works fine when I access from the Internet to the VM by using its public IP. However, I notice when I am in the VM and reach out to the Internet, the Firewall's public IP instead of the VM's public IP is used. How do I ensure the outgoing traffic is translated to the VM's public IP if it's initiated from the VM? I imagine using SNAT but can't figure out how.
Thank you.
Apparently I can't include an image until my account had been verified...
...But I can't see a link anywhere to allow that to happen.
So: How does one verify an account on these 'ere forums?