Questions tagged as ['azure-networking']
While creating the Virtual network gateway and selecting the vnet, it says the VNet is "in use".
VNET address space is 10.0.0.0/16
Any idea why I'm getting this error?
I created a new subnet and it has no devices connected to it.
The connected devices are not on GatewaySubnet.
I've got an Azure FrontDoor (preveiw) Premium endpoint setup and I'm trying to add a custom wildcard domain (*.example.com) so that I can use the Rule Set to direct traffic between server environments setup as origin groups.
I am using Azure DNS, and Azure KeyValut to hold the secret.
The problem I'm facing is that when adding the *.example.com custom domain, it will not let me select the wildcard c ...
To the best of my knowledge, VPN software shows up in the system as virtual network adapters, which seems to be system-wide. I am trying to find a VPN-like solution for enabling connectivity to a remote network which would affect only current user session, but my research shows nothing by far.
More about my case: there are multiple cloud VNets (on Azure) associated with projects. Developers, QA, ...
Suppose I have an Azure SQL Database Elastic Pool and I am accessing it from an Azure Web App via Firewall rules and everything is working fine.
Now suppose I want to add a new Private Endpoint to the Azure SQL Database Elastic Pool. This would NOT block access via the existing Firewall rules / access outside of the newly created Private Endpoint - is that right?
In other words, adding a Private En ...
- If I am a company with my registered account on AZURE,
- and I want 2 separate tenants (not subscriptions),
- that both need to connect to my single on-prem services only - not to each other, then:
- do I need 2 site-2site VPNs?
- or can we share a single site2site VPN? (I suspect so but cannot find an authoritative source).
- that both need to connect to my single on-prem services only - not to each other, then:
- and I want 2 separate tenants (not subscriptions),
I have 2 different azure subscriptions for which I want to create a VPN tunnel. The obvious choice would be to create a VNet-to-VNet tunnel but as I understand this would cost extra resources.
So I opted for an IPsec tunnel, I created the connection on both sides pointing to each other public IP of the gateway but no connection has been established.
My question: is it this technically possible or ha ...
We cloned a VM (with significant help from an MS tech). It now sits on 52.158.131.150 and is supposed to be the new home for HOPL. However, things aren't going so well.
We've pointed hopl.info to the new IP address, but when I tracert to the new address it goes nowhere. Pinging times out. Browsing times out.
When I run the Network Diagnostics from inside the VM I get the following dialog:
. Obvious ...
How to restrict users from uploading files from Azure Virtual Desktop(AVD) to personal or public sites like gmail, google drive, personal onedrive, personal office365 account, dropbox, box, github, gitlab, bitbucket, azure git, etc. such site. Basically we want to restrict users from uploading files to any websites via browser or cli. Only exception should be to the sites which we want to allow. How to ...
I'm trying to configure a Load Balancer for my AKS server using Bicep/ARM. I am using the NGinx Ingress Controller in kubernetes and it does seem to work but when I first spin things up I am encountering an error.
Mainly I'm wondering what is the equivalent ARM or Bicep template for this step in the Azure documentation?
https://docs.microsoft.com/en-us/azure/aks/static-ip#create-a-service-using-the- ...
VNET Peering:
Once virtual networks are peered, resources in both virtual networks can communicate with each other, with the same latency and bandwidth as if the resources were in the same virtual network.
So, with this diagram:
I see that VNETs Virtual Network, VNET1, VNET2, and On-premise can all access the SQL database.
Then:
Scenario
- What say SQL 1 and SQL 2 databases exist.
- SQL 1 DB has a Private ...
Looking at the below:
Here we see a single AZURE Corporate Account X. See "azsql1.database.windows.net". You can access that from on-prem.
What if for arguments sake I had a second AZURE env. configured exactly the same - AZURE Corporate Account Y, with "azsql1.database.windows.net".
It's theoretical, but I would like to know how the on-prem reolves this if one tries to use "azsql1.database.window ...
I can see how we can make an AZURE database, say COSMOS DB, a private IP address with Private link, that is fine.
If you want to access that private link / IP address database from on-premise via site2site vpn, with a tool like Spotfire or Tableau, how do we specify the connection string that goes via the ExpressRoute or Site2SiteVPN? I cannot find any examples on that and how that occurs.
It must b ...
I am configuring an AVS instance in Azure using ExpressRoute to connect to my on-prem network. How can I add a firewall or ACL to restrict who can get the the management network? My ExpressRoute connected to a WAN cloud, so I have the enforce policy at the Azure side.
I have an SPA webapp deployed on Azure Blob Storage which the URL is public. E.g. https://example.z23.web.core.windows.net/
I would like to use Azure Front Door with WAF to increase security. Is there a way to block direct access at the blob URL? I googled it and found many answers out there, one of them is to simply allow only AzureFrontDoor.Backend IPs at Storage Account networking configurations. I tri ...
I'm currently seeking some advice and guidance whether deploying additional Windows Server 2019 VM in Azure to run Active Directory Domain Controller / Global Catalog in separate AD sites called 'Azure' is really have any benefits or not?
At the moment my AD domain is just single forest AD, spread across multiple geographical locations throughout Asia Pacific.
Azure AD Connect runs Password Hash Syn ...
I have a feeling there's something about this I don't understand.
I have a working point-to-site VPN connection between my computer (using Windows' native rasphone component), and our Azure Virtual Network Gateway. The gateway uses a self-signed root certificate that I created, and my computer has a client certificate signed by the root which it uses to authenticate.
In the VPN configuration on my co ...
We have Cisco ASAv appliance on Azure with Loadbalancer setup. while setting up IKEv2 IPSec tunnel we saw phase 1 is up and phase 2 is failing over peer ID validation, while debugging we saw that Cisco ASAv is taking private IP as peer IP rather than public IP on external interface.
Is there's a setting which can be done to fix that?
I'm going to sign up for Windows 365 and have a few questions that will help me with my decisions.
Currently, we do have an Azure Subscription but do not have a VNET. We also use Azure Active Directory and do NOT have any on-prem network or domain controllers. So, we're 100% cloud based.
With that said, do I need Windows AD to use Windows 365? I'm just watching some of the videos and they kind of go ...
I have Hub Spoke VNet Architecture and and express route attached to my hub VNet. I want to understand following points and see if there's something that can be done to solutionize this ?
- Since Express Route is private peering and attached to hub VNet all my VNets are published over express route, Is there's a way i can restrict what needs to be published and what not over express route from azure. ...
In the diagram, we have one vnet, two subnets, and three systems.
- Azure "IP Forwarding" is enabled on the router interfaces.
- Routing tables are created for "trust" and "untrust" subnets
- Static routes are created on the machines (the obscured routes are host routes to make sure I don't cut myself off)
We can see that bob is successfully pinging alice.
Despite bob's default route being the router, the ...
When creating a VM, I didn't give it a public ip address to RDP into it since that won't be secure. I made a public load balancer and added the VM to the backend pool and created an inbound nat rule with the VM as the target using port 3389.
How does using an Inbound NAT in Load balancer help in terms of security?, since it would forward all RDP's to our VM anyway making it feel as if the public ...
I am unable to associate a IPv6 public address to an existing network interface for a VM.
When I try to add a secondary IP configuration for the IPv6 address I get the following error:
IP version for Public IP address and network interface IP configuration version must match.
As seen here:
However I believe I have everything set up correctly.
The address space on the virtual network has an IPv6 pref ...
Good Afternoon,
I have an Azure Data Lake (storage container) with two file shares.
Test-NetConnection to the file share over 445 is successful as well as over CommonTCPPort SMB.
When I try to map or browse the share as a drive, I get an "unable to reach "azuredatalake"".
Network Security Group rules have the correct ips and ports open.
I am able to access from an Azure-Joined machine, but not domain-join ...
I have the following network configuration.
On premise network : 192.168.13.31
Azure VN : 100.1.0.0/16
Azure vpn gateway : 51.136.4.136
I have S2S IKEV2 connection between on premise and azure. I'm able to ping from azure server to on premise server.
I have P2S openvpn connection to Azure. Address pool is 172.28.200.0/24. I'm able to ping from VPN Client to VN in azure but i can't ping the on premi ...