Hello,
I have a Azure VM which is behind Azure Firewall - After adding a rule under "NAT rule collection" in FW to translate FW IP into Azure VM private IP and then tried RDP to Azure VM using Firewall IP - It worked.
I wanted to check if I can directly connect to Azure VM using it's public IP but got following error.
[Window Title]
Remote Desktop Connection
[Content]
Remote Desktop can’t connect to the remote computer for one of these reasons:
1) Remote access to the server is not enabled
2) The remote computer is turned off
3) The remote computer is not available on the network
Make sure the remote computer is turned on and connected to the network, and that remote access is enabled.
[OK] [Help]
Then I added a new rule under "NAT rule collection" for translating the public IP of Azure VM into Private IP of Azure VM - Rule couldn't be saved and failed with below message.
Failed to update the firewall 'FW'. Error: AzureFirewallRule NATRule2: Invalid DNat destination address, destination address other than AzureFirewall PublicIP address is not supported.
Later I added a new rule under "Network rule collection" to by keeping * in source and public IP of Azure VM as destination with Allow action - Rule got saved but RDP still doesn't work with public IP.
I would like to ask if there is a way to connect to Azure VM using it's public IP after it's been behind Azure firewall - Just want to know for conceptual clarity. Since firewall is deployed for security reasons, exposing any resource directly to internet including Azure VM does weaken the security if allowed.
Kindly share your thoughts. Thank you.