What is Azure Firewall Basic and How to Deploy it

Поделиться
HTML-код
  • Опубликовано: 23 дек 2024

Комментарии • 13

  • @randomcrap763
    @randomcrap763 Год назад

    Awesome video as usual Travis!!! :)

  • @NoufalEdappal
    @NoufalEdappal Год назад

    Thank you so much, folowed exact and it works

  • @TheRealDeniBoy
    @TheRealDeniBoy 6 месяцев назад

    Great Video and would do you have anything regarding adding the Azure Security hub with the Azure firewall

  • @AhmadHassanUetian
    @AhmadHassanUetian 4 месяца назад

    Hi,
    I have an FTP server configured behind an Azure Firewall. In passive mode, it is able to establish the control connection successfully but fails to establish data connection occasionally with the error "Data Peer IP [x.x.x.x] differ from control peer IP [x.x.x.x]: This should not happen, aborting the data connection.". Note that these IPs are private IPs from Private Address Space CIDR of the firewall. What configuration are required to ensure that single internal IP is used for both control and data connections? FTP server does not have a private IP and I have configured DNAT rule in firewall. For testing purpose, I only configured 5 ports in DNAT rule for passive mode.

  • @MatthewTang-k1s
    @MatthewTang-k1s Месяц назад

    Awesome tutorial

  • @adamzachary6947
    @adamzachary6947 Год назад

    Layer 3 and layer 7? What about layer 4???

  • @MrBross-ey8yp
    @MrBross-ey8yp Год назад +1

    your shirt is awesome

  • @alozborne
    @alozborne Год назад +2

    Azure Firewall Basic is an overpriced offering with better third party alternatives. Why use this vs PFSense, for example?

    • @Ciraltos
      @Ciraltos  Год назад +3

      It's not a bad option at under $300 US per month. It's a PaaS service with zonal HA and provides central management with policies. The price of any NVA would be x2 for HA and requires the overhead of OS management. Factor in licensing costs for premium NVAs and in most cases the basic firewall will be cheaper. I just wish filtering with web categories were available, that's a big limitation for enterprise customers.

    • @alozborne
      @alozborne Год назад

      @@Ciraltos Good points but we use DNS based web filtering, which unfortunately malware can bypass by making DNS queries via DoH. So, we need SSL inspection and specifically the ability to block by MIME type any DoH packets hiding in HTTPS streams.

    • @alozborne
      @alozborne Год назад +1

      ​@@Ciraltos I should also add that the Basic SKU should be bandwidth limited only, all other features should have parity with the other SKUs. In terms of feature set, the Basic SKU is simply too limited and doesn't provide good enough value