Azure Insights: FQDN network rules; Data migration; Debugging containers

February 16 2021

Microsoft Azure pros discuss FQDN network rules for Azure Firewall, migrating data and debugging containers.

FQDN rules network rules for Azure Firewall

Aidan Finn explored how to use FQDN-based rules for Azure Firewall with DNS servers, proxy and features. Firewall supports Application Rules to control outbound access to services with DNS names like SQL Server and Azure SQL. Some services in VNets need to make outbound connections and users may also need to create inbound connections to FQDN for platform resources network connected to private endpoints.

According to Finn, network rules allow flows in and out of sources to destinations for a particular protocol or source destination port. He shared a list of addresses, noting that they change often and encouraging users to enable DNS in the firewall. He wrote:

With this feature enabled, the Azure Firewall can support FQDNs in the Network Rules, opening up the possibility of using any of the supported protocol/port combinations, expanding your name-based rules beyond just HTTP/S and SQL. By default, the Azure Firewall will use Azure DNS. That’s “OK” for traffic that will only ever be outbound and simple. But life is not normally that simple unless you host a relatively simple point solution behind your firewall.

However, in reality users might need to do site-to-site networking and other scenarios.

Migrating data to the cloud

About MSCN Reporter

More about MSCN Reporter