Podcast
Questions and Answers
What is a Virtual Network (VNet) in Microsoft Azure?
What is a Virtual Network (VNet) in Microsoft Azure?
What can Virtual Networks (VNets) in Azure be used for?
What can Virtual Networks (VNets) in Azure be used for?
What is a key functionality of Virtual Networks (VNets) in Azure?
What is a key functionality of Virtual Networks (VNets) in Azure?
How can VNets in Azure securely extend your data center?
How can VNets in Azure securely extend your data center?
Signup and view all the answers
What is the purpose of creating a dedicated private cloud-only VNet in Azure?
What is the purpose of creating a dedicated private cloud-only VNet in Azure?
Signup and view all the answers
What technology is used to provide a secure connection between corporate VPN gateway and Azure in hybrid cloud scenarios?
What technology is used to provide a secure connection between corporate VPN gateway and Azure in hybrid cloud scenarios?
Signup and view all the answers
What is the default limit of virtual networks per subscription per region in Azure?
What is the default limit of virtual networks per subscription per region in Azure?
Signup and view all the answers
How are public IP addresses used in Azure?
How are public IP addresses used in Azure?
Signup and view all the answers
What is the purpose of network security groups (NSGs) in Azure?
What is the purpose of network security groups (NSGs) in Azure?
Signup and view all the answers
How are virtual networks segmented in Azure?
How are virtual networks segmented in Azure?
Signup and view all the answers
What is the role of service endpoints in Azure virtual networks?
What is the role of service endpoints in Azure virtual networks?
Signup and view all the answers
How are PowerShell commands used in Azure virtual networks?
How are PowerShell commands used in Azure virtual networks?
Signup and view all the answers
What is the purpose of NAT rules in Azure Firewall?
What is the purpose of NAT rules in Azure Firewall?
Signup and view all the answers
What is the main function of Azure DNS?
What is the main function of Azure DNS?
Signup and view all the answers
What is required for non-HTTP/S traffic to flow through Azure Firewall?
What is required for non-HTTP/S traffic to flow through Azure Firewall?
Signup and view all the answers
What must be done to delegate a domain to Azure DNS?
What must be done to delegate a domain to Azure DNS?
Signup and view all the answers
What is a key feature of Azure Firewall's threat intelligence-based filtering?
What is a key feature of Azure Firewall's threat intelligence-based filtering?
Signup and view all the answers
What is the recommended network topology for deploying Azure Firewall?
What is the recommended network topology for deploying Azure Firewall?
Signup and view all the answers
What is the default behavior of Azure Firewall regarding traffic?
What is the default behavior of Azure Firewall regarding traffic?
Signup and view all the answers
What is the purpose of Application Rules in Azure Firewall?
What is the purpose of Application Rules in Azure Firewall?
Signup and view all the answers
What is the verification process for custom domain names in Azure DNS?
What is the verification process for custom domain names in Azure DNS?
Signup and view all the answers
Virtual networks in Azure can only be used for creating hybrid cloud scenarios.
Virtual networks in Azure can only be used for creating hybrid cloud scenarios.
Signup and view all the answers
Azure Virtual Networks can be linked with other VNets in Azure, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
Azure Virtual Networks can be linked with other VNets in Azure, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
Signup and view all the answers
The main purpose of a Virtual Network (VNet) in Microsoft Azure is to provide a physical representation of the network in the cloud.
The main purpose of a Virtual Network (VNet) in Microsoft Azure is to provide a physical representation of the network in the cloud.
Signup and view all the answers
Azure Firewall supports NAT rules to allow outbound traffic from the secured network.
Azure Firewall supports NAT rules to allow outbound traffic from the secured network.
Signup and view all the answers
Virtual networks in Azure do not support traditional site-to-site (S2S) VPNs for securely extending data center capacity.
Virtual networks in Azure do not support traditional site-to-site (S2S) VPNs for securely extending data center capacity.
Signup and view all the answers
Azure DNS is not a key functionality of Virtual Networks (VNets) in Azure.
Azure DNS is not a key functionality of Virtual Networks (VNets) in Azure.
Signup and view all the answers
Azure Firewall allows inbound HTTP/S and Azure SQL traffic to specified FQDNs.
Azure Firewall allows inbound HTTP/S and Azure SQL traffic to specified FQDNs.
Signup and view all the answers
Azure Firewall can be associated with up to 100 public IP addresses.
Azure Firewall can be associated with up to 100 public IP addresses.
Signup and view all the answers
NAT rules in Azure Firewall are processed before Application Rules.
NAT rules in Azure Firewall are processed before Application Rules.
Signup and view all the answers
Azure DNS provides different credentials, APIs, tools, and billing compared to other Azure services.
Azure DNS provides different credentials, APIs, tools, and billing compared to other Azure services.
Signup and view all the answers
Custom domain names in Azure DNS must be verified by adding a DNS record (MX or TXT).
Custom domain names in Azure DNS must be verified by adding a DNS record (MX or TXT).
Signup and view all the answers
DNS zones in Azure must have a unique name within the resource group.
DNS zones in Azure must have a unique name within the resource group.
Signup and view all the answers
Azure DNS automatically creates authoritative NS records for delegated domains.
Azure DNS automatically creates authoritative NS records for delegated domains.
Signup and view all the answers
Azure Firewall by default allows all outbound traffic.
Azure Firewall by default allows all outbound traffic.
Signup and view all the answers
True or false: Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network broadcast address
True or false: Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network broadcast address
Signup and view all the answers
True or false: By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to 500 by contacting Azure support
True or false: By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to 500 by contacting Azure support
Signup and view all the answers
True or false: Public IP addresses are used for communication with the Internet and can be statically or dynamically assigned
True or false: Public IP addresses are used for communication with the Internet and can be statically or dynamically assigned
Signup and view all the answers
True or false: NSGs are evaluated independently, with an 'allow' rule needed at both subnet and NIC levels for traffic to flow
True or false: NSGs are evaluated independently, with an 'allow' rule needed at both subnet and NIC levels for traffic to flow
Signup and view all the answers
True or false: Inbound security rules in NSGs deny all inbound traffic except from the virtual network and Azure load balancers, while outbound rules allow traffic to the Internet and the virtual network
True or false: Inbound security rules in NSGs deny all inbound traffic except from the virtual network and Azure load balancers, while outbound rules allow traffic to the Internet and the virtual network
Signup and view all the answers
True or false: Azure Firewall offers features such as built-in high availability, support for availability zones, and application FQDN filtering rules
True or false: Azure Firewall offers features such as built-in high availability, support for availability zones, and application FQDN filtering rules
Signup and view all the answers
Virtual networks in ______ can be used to provision and manage virtual private networks (VPNs) in ______. You can link VNets with other VNets in ______, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
Virtual networks in ______ can be used to provision and manage virtual private networks (VPNs) in ______. You can link VNets with other VNets in ______, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
Signup and view all the answers
Azure Virtual Network (VNet) is a representation of your ______ in the cloud. VNet is a logical isolation of the Azure cloud dedicated to your subscription.
Azure Virtual Network (VNet) is a representation of your ______ in the cloud. VNet is a logical isolation of the Azure cloud dedicated to your subscription.
Signup and view all the answers
Virtual networks can be created in many ways. Create a dedicated private ______-only VNet. When you create a VNet, your services and VMs within your VNet can communicate directly and securely with each other in the ______.
Virtual networks can be created in many ways. Create a dedicated private ______-only VNet. When you create a VNet, your services and VMs within your VNet can communicate directly and securely with each other in the ______.
Signup and view all the answers
You can build traditional site-to-site (S2S) ______s to securely scale your datacenter capacity. S2S ______s use IPSEC to provide a secure connection between your corporate ______ gateway and Azure.
You can build traditional site-to-site (S2S) ______s to securely scale your datacenter capacity. S2S ______s use IPSEC to provide a secure connection between your corporate ______ gateway and Azure.
Signup and view all the answers
VNets give you the flexibility to support a range of ______ cloud scenarios.
VNets give you the flexibility to support a range of ______ cloud scenarios.
Signup and view all the answers
VNets can be used to provision and manage virtual private networks (VPNs) in Azure. You can link VNets with other VNets in Azure, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
VNets can be used to provision and manage virtual private networks (VPNs) in Azure. You can link VNets with other VNets in Azure, or with on-premises IT infrastructure to create hybrid or cross-premises solutions.
Signup and view all the answers
By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to ______ by contacting Azure support
By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to ______ by contacting Azure support
Signup and view all the answers
PowerShell commands can be used to create and manage virtual networks and ______, and private IP addresses are used within Azure virtual networks and on-premises networks
PowerShell commands can be used to create and manage virtual networks and ______, and private IP addresses are used within Azure virtual networks and on-premises networks
Signup and view all the answers
NSGs are evaluated independently, with an 'allow' rule needed at both subnet and NIC levels for traffic to ______
NSGs are evaluated independently, with an 'allow' rule needed at both subnet and NIC levels for traffic to ______
Signup and view all the answers
Public IP addresses are used for communication with the Internet and can be statically or ______ assigned
Public IP addresses are used for communication with the Internet and can be statically or ______ assigned
Signup and view all the answers
NSGs can be assigned to subnets to create protected screened subnets, and NSG rules enable filtering of network traffic based on various ______
NSGs can be assigned to subnets to create protected screened subnets, and NSG rules enable filtering of network traffic based on various ______
Signup and view all the answers
Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network ______ address
Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network ______ address
Signup and view all the answers
Azure Firewall allows limiting outbound HTTP/S and Azure SQL traffic to specified FQDNs, with the capability to create centrally managed allow or deny network filtering rules based on source and destination IP addresses, ports, and ______
Azure Firewall allows limiting outbound HTTP/S and Azure SQL traffic to specified FQDNs, with the capability to create centrally managed allow or deny network filtering rules based on source and destination IP addresses, ports, and ______
Signup and view all the answers
Azure Firewall can be associated with multiple public IP addresses (up to 100) and is recommended to be deployed in a hub-spoke network topology to centralize services, overcome subscription limits, and separate workloads ______
Azure Firewall can be associated with multiple public IP addresses (up to 100) and is recommended to be deployed in a hub-spoke network topology to centralize services, overcome subscription limits, and separate workloads ______
Signup and view all the answers
NAT rules are used to translate firewall public IP and port to a private IP and port, and must be matched by a Network Rule to allow traffic to ______
NAT rules are used to translate firewall public IP and port to a private IP and port, and must be matched by a Network Rule to allow traffic to ______
Signup and view all the answers
Application Rules define FQDNs that can be accessed from a subnet, with settings for source addresses, protocol, port, and target FQDNs, including the use of wildcards and FQDN tags for Microsoft ______
Application Rules define FQDNs that can be accessed from a subnet, with settings for source addresses, protocol, port, and target FQDNs, including the use of wildcards and FQDN tags for Microsoft ______
Signup and view all the answers
Custom domain names in Azure DNS must be verified before use, and verification is performed by adding a DNS record (MX or TXT), with only one directory allowed to use a domain ______
Custom domain names in Azure DNS must be verified before use, and verification is performed by adding a DNS record (MX or TXT), with only one directory allowed to use a domain ______
Signup and view all the answers
DNS zones in Azure host DNS records for a domain, with the zone name needing to be unique within the resource group, and root/parent domain being registered at the registrar and pointed to Azure ______
DNS zones in Azure host DNS records for a domain, with the zone name needing to be unique within the resource group, and root/parent domain being registered at the registrar and pointed to Azure ______
Signup and view all the answers
To delegate a domain to Azure DNS, the name server names for the zone need to be known, and Azure DNS automatically creates authoritative NS records in the zone once the name servers are ______
To delegate a domain to Azure DNS, the name server names for the zone need to be known, and Azure DNS automatically creates authoritative NS records in the zone once the name servers are ______
Signup and view all the answers
Azure DNS enables hosting DNS records for domains on Azure infrastructure, providing the same credentials, APIs, tools, and billing as other Azure ______
Azure DNS enables hosting DNS records for domains on Azure infrastructure, providing the same credentials, APIs, tools, and billing as other Azure ______
Signup and view all the answers
Explain the purpose and functionality of Azure Virtual Networks (VNets) in Microsoft Azure.
Explain the purpose and functionality of Azure Virtual Networks (VNets) in Microsoft Azure.
Signup and view all the answers
What are the different implementation types for Azure Virtual Networks (VNets) and how do they differ?
What are the different implementation types for Azure Virtual Networks (VNets) and how do they differ?
Signup and view all the answers
How do Network Security Groups (NSGs) enhance the security of Azure virtual networks?
How do Network Security Groups (NSGs) enhance the security of Azure virtual networks?
Signup and view all the answers
What are the key benefits of using Azure Firewall in a virtual networking environment?
What are the key benefits of using Azure Firewall in a virtual networking environment?
Signup and view all the answers
Explain the process of creating hybrid cloud scenarios using Azure Virtual Networks (VNets) and their significance.
Explain the process of creating hybrid cloud scenarios using Azure Virtual Networks (VNets) and their significance.
Signup and view all the answers
What is the significance of DNS in the context of Azure Virtual Networks (VNets) and how does Azure DNS contribute to this?
What is the significance of DNS in the context of Azure Virtual Networks (VNets) and how does Azure DNS contribute to this?
Signup and view all the answers
Explain the main function of Azure Firewall in network management.
Explain the main function of Azure Firewall in network management.
Signup and view all the answers
What is the purpose of threat intelligence-based filtering in Azure Firewall?
What is the purpose of threat intelligence-based filtering in Azure Firewall?
Signup and view all the answers
Describe the role of NAT rules in Azure Firewall.
Describe the role of NAT rules in Azure Firewall.
Signup and view all the answers
What is the significance of deploying Azure Firewall in a hub-spoke network topology?
What is the significance of deploying Azure Firewall in a hub-spoke network topology?
Signup and view all the answers
Explain the purpose of Application Rules in Azure Firewall.
Explain the purpose of Application Rules in Azure Firewall.
Signup and view all the answers
What is the process for verifying custom domain names in Azure DNS?
What is the process for verifying custom domain names in Azure DNS?
Signup and view all the answers
What is the key functionality of DNS zones in Azure?
What is the key functionality of DNS zones in Azure?
Signup and view all the answers
Explain the purpose of delegating a domain to Azure DNS.
Explain the purpose of delegating a domain to Azure DNS.
Signup and view all the answers
Explain the purpose and functionality of service endpoints in Azure virtual networks.
Explain the purpose and functionality of service endpoints in Azure virtual networks.
Signup and view all the answers
Describe the default behavior of Azure virtual networks in routing network traffic between subnets.
Describe the default behavior of Azure virtual networks in routing network traffic between subnets.
Signup and view all the answers
What are the key features and capabilities of Azure network security groups (NSGs)?
What are the key features and capabilities of Azure network security groups (NSGs)?
Signup and view all the answers
Explain the role and significance of public IP addresses in Azure virtual networks.
Explain the role and significance of public IP addresses in Azure virtual networks.
Signup and view all the answers
Discuss the default limits and options for increasing the number of virtual networks per subscription per region in Azure.
Discuss the default limits and options for increasing the number of virtual networks per subscription per region in Azure.
Signup and view all the answers
What are the evaluation criteria and requirements for network security group (NSG) rules to enable traffic flow within Azure virtual networks?
What are the evaluation criteria and requirements for network security group (NSG) rules to enable traffic flow within Azure virtual networks?
Signup and view all the answers
Match the Azure networking component with its description:
Match the Azure networking component with its description:
Signup and view all the answers
Match the VNet implementation type with its description:
Match the VNet implementation type with its description:
Signup and view all the answers
Match the Azure Firewall capability with its description:
Match the Azure Firewall capability with its description:
Signup and view all the answers
Match the Azure DNS functionality with its description:
Match the Azure DNS functionality with its description:
Signup and view all the answers
Match the key feature of VNets with its description:
Match the key feature of VNets with its description:
Signup and view all the answers
Match the NSG capability with its description:
Match the NSG capability with its description:
Signup and view all the answers
Match the following Azure network security features with their descriptions:
Match the following Azure network security features with their descriptions:
Signup and view all the answers
Match the following Azure network security features with their functions:
Match the following Azure network security features with their functions:
Signup and view all the answers
Match the following Azure network security features with their default behaviors:
Match the following Azure network security features with their default behaviors:
Signup and view all the answers
Match the following Azure virtual network features with their descriptions:
Match the following Azure virtual network features with their descriptions:
Signup and view all the answers
Match the following Azure DNS features with their purposes:
Match the following Azure DNS features with their purposes:
Signup and view all the answers
Match the following Azure Firewall features with their functionalities:
Match the following Azure Firewall features with their functionalities:
Signup and view all the answers
Match the following features with their descriptions in Azure Firewall:
Match the following features with their descriptions in Azure Firewall:
Signup and view all the answers
Match the following statements with their descriptions in Azure DNS:
Match the following statements with their descriptions in Azure DNS:
Signup and view all the answers
Match the following Azure Firewall capabilities with their descriptions:
Match the following Azure Firewall capabilities with their descriptions:
Signup and view all the answers
Match the following Azure DNS functionalities with their descriptions:
Match the following Azure DNS functionalities with their descriptions:
Signup and view all the answers
Study Notes
Azure Firewall and DNS Management in Azure
- Azure Firewall allows limiting outbound HTTP/S and Azure SQL traffic to specified FQDNs, with the capability to create centrally managed allow or deny network filtering rules based on source and destination IP addresses, ports, and protocols.
- It is fully stateful, capable of distinguishing legitimate packets for different connection types, and can enforce and log rules across multiple subscriptions and virtual networks.
- Threat intelligence-based filtering can be enabled to alert and deny traffic from/to known malicious IP addresses and domains, sourced from the Microsoft Threat Intelligence feed.
- Azure Firewall can be associated with multiple public IP addresses (up to 100) and is recommended to be deployed in a hub-spoke network topology to centralize services, overcome subscription limits, and separate workloads efficiently.
- Azure Firewall by default blocks all traffic and has three kinds of rules: Network Rules, Application Rules, and NAT Rules, which are processed in that order.
- NAT rules are used to translate firewall public IP and port to a private IP and port, and must be matched by a Network Rule to allow traffic to pass.
- Network Rules are required for non-HTTP/S traffic to flow through the firewall and must be configured with protocol, source and destination addresses, and ports.
- Application Rules define FQDNs that can be accessed from a subnet, with settings for source addresses, protocol, port, and target FQDNs, including the use of wildcards and FQDN tags for Microsoft services.
- Azure DNS enables hosting DNS records for domains on Azure infrastructure, providing the same credentials, APIs, tools, and billing as other Azure services.
- Custom domain names in Azure DNS must be verified before use, and verification is performed by adding a DNS record (MX or TXT), with only one directory allowed to use a domain name.
- DNS zones in Azure host DNS records for a domain, with the zone name needing to be unique within the resource group, and root/parent domain being registered at the registrar and pointed to Azure NS.
- To delegate a domain to Azure DNS, the name server names for the zone need to be known, and Azure DNS automatically creates authoritative NS records in the zone once the name servers are assigned.
Azure Virtual Network and Security Features
- Azure allows secure connection of cloud-based applications to on-premises systems such as mainframes and Unix systems
- Virtual networks can be segmented into subnets to provide logical divisions within the network, with each subnet containing a range of IP addresses
- Azure routes network traffic between all subnets in a virtual network by default, but this can be overridden through a network virtual appliance
- Service endpoints can limit access to Azure resources in specific subnets, and network security groups contain rules allowing or denying traffic to and from sources and destinations
- Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network broadcast address
- By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to 500 by contacting Azure support
- PowerShell commands can be used to create and manage virtual networks and subnets, and private IP addresses are used within Azure virtual networks and on-premises networks
- Public IP addresses are used for communication with the Internet and can be statically or dynamically assigned
- Network security groups contain security rules that allow or deny inbound or outbound network traffic, and can be associated with subnets or network interfaces
- NSGs can be assigned to subnets to create protected screened subnets, and NSG rules enable filtering of network traffic based on various parameters
- Inbound security rules in NSGs deny all inbound traffic except from the virtual network and Azure load balancers, while outbound rules allow traffic to the Internet and the virtual network
- NSGs are evaluated independently, with an "allow" rule needed at both subnet and NIC levels for traffic to flow, and Azure Firewall offers features such as built-in high availability, support for availability zones, and application FQDN filtering rules
Azure Firewall and DNS Management in Azure
- Azure Firewall allows limiting outbound HTTP/S and Azure SQL traffic to specified FQDNs, with the capability to create centrally managed allow or deny network filtering rules based on source and destination IP addresses, ports, and protocols.
- It is fully stateful, capable of distinguishing legitimate packets for different connection types, and can enforce and log rules across multiple subscriptions and virtual networks.
- Threat intelligence-based filtering can be enabled to alert and deny traffic from/to known malicious IP addresses and domains, sourced from the Microsoft Threat Intelligence feed.
- Azure Firewall can be associated with multiple public IP addresses (up to 100) and is recommended to be deployed in a hub-spoke network topology to centralize services, overcome subscription limits, and separate workloads efficiently.
- Azure Firewall by default blocks all traffic and has three kinds of rules: Network Rules, Application Rules, and NAT Rules, which are processed in that order.
- NAT rules are used to translate firewall public IP and port to a private IP and port, and must be matched by a Network Rule to allow traffic to pass.
- Network Rules are required for non-HTTP/S traffic to flow through the firewall and must be configured with protocol, source and destination addresses, and ports.
- Application Rules define FQDNs that can be accessed from a subnet, with settings for source addresses, protocol, port, and target FQDNs, including the use of wildcards and FQDN tags for Microsoft services.
- Azure DNS enables hosting DNS records for domains on Azure infrastructure, providing the same credentials, APIs, tools, and billing as other Azure services.
- Custom domain names in Azure DNS must be verified before use, and verification is performed by adding a DNS record (MX or TXT), with only one directory allowed to use a domain name.
- DNS zones in Azure host DNS records for a domain, with the zone name needing to be unique within the resource group, and root/parent domain being registered at the registrar and pointed to Azure NS.
- To delegate a domain to Azure DNS, the name server names for the zone need to be known, and Azure DNS automatically creates authoritative NS records in the zone once the name servers are assigned.
Azure Virtual Network and Security Features
- Azure allows secure connection of cloud-based applications to on-premises systems such as mainframes and Unix systems
- Virtual networks can be segmented into subnets to provide logical divisions within the network, with each subnet containing a range of IP addresses
- Azure routes network traffic between all subnets in a virtual network by default, but this can be overridden through a network virtual appliance
- Service endpoints can limit access to Azure resources in specific subnets, and network security groups contain rules allowing or denying traffic to and from sources and destinations
- Azure reserves five IP addresses within each subnet, including the network address, reserved IPs for default gateway and Azure DNS, and the network broadcast address
- By default, up to 50 virtual networks per subscription per region can be created, but this limit can be increased to 500 by contacting Azure support
- PowerShell commands can be used to create and manage virtual networks and subnets, and private IP addresses are used within Azure virtual networks and on-premises networks
- Public IP addresses are used for communication with the Internet and can be statically or dynamically assigned
- Network security groups contain security rules that allow or deny inbound or outbound network traffic, and can be associated with subnets or network interfaces
- NSGs can be assigned to subnets to create protected screened subnets, and NSG rules enable filtering of network traffic based on various parameters
- Inbound security rules in NSGs deny all inbound traffic except from the virtual network and Azure load balancers, while outbound rules allow traffic to the Internet and the virtual network
- NSGs are evaluated independently, with an "allow" rule needed at both subnet and NIC levels for traffic to flow, and Azure Firewall offers features such as built-in high availability, support for availability zones, and application FQDN filtering rules
Azure Firewall and DNS Management in Azure
- Azure Firewall allows limiting outbound HTTP/S and Azure SQL traffic to specified FQDNs, with the capability to create centrally managed allow or deny network filtering rules based on source and destination IP addresses, ports, and protocols.
- It is fully stateful, capable of distinguishing legitimate packets for different connection types, and can enforce and log rules across multiple subscriptions and virtual networks.
- Threat intelligence-based filtering can be enabled to alert and deny traffic from/to known malicious IP addresses and domains, sourced from the Microsoft Threat Intelligence feed.
- Azure Firewall can be associated with multiple public IP addresses (up to 100) and is recommended to be deployed in a hub-spoke network topology to centralize services, overcome subscription limits, and separate workloads efficiently.
- Azure Firewall by default blocks all traffic and has three kinds of rules: Network Rules, Application Rules, and NAT Rules, which are processed in that order.
- NAT rules are used to translate firewall public IP and port to a private IP and port, and must be matched by a Network Rule to allow traffic to pass.
- Network Rules are required for non-HTTP/S traffic to flow through the firewall and must be configured with protocol, source and destination addresses, and ports.
- Application Rules define FQDNs that can be accessed from a subnet, with settings for source addresses, protocol, port, and target FQDNs, including the use of wildcards and FQDN tags for Microsoft services.
- Azure DNS enables hosting DNS records for domains on Azure infrastructure, providing the same credentials, APIs, tools, and billing as other Azure services.
- Custom domain names in Azure DNS must be verified before use, and verification is performed by adding a DNS record (MX or TXT), with only one directory allowed to use a domain name.
- DNS zones in Azure host DNS records for a domain, with the zone name needing to be unique within the resource group, and root/parent domain being registered at the registrar and pointed to Azure NS.
- To delegate a domain to Azure DNS, the name server names for the zone need to be known, and Azure DNS automatically creates authoritative NS records in the zone once the name servers are assigned.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge of Azure Firewall and DNS management in Azure with this quiz. Explore topics such as network filtering rules, threat intelligence-based filtering, NAT rules, application rules, Azure DNS hosting, domain verification, and domain delegation.