question

gayatriramachandran-5536 avatar image
0 Votes"
gayatriramachandran-5536 asked ·

Azure NSG and Auditing Complexity

The NSG rules in azure are based on IP . How to use NSG and make it support CDN endpoints or DNSes which have multiple IP addresses. Is it possible in Azure?

Also Auditing is complex with NSG in place, as NSG use IP Addresses and Azure Policies created are based on DNS for outbound.

azure-virtual-machines-networking
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Is there an update? Please 'Accept as answer' if the answer provided below helped you, so that it can benefit others in the community.

0 Votes 0 · ·
VaibhavChaudhari avatar image
1 Vote"
VaibhavChaudhari answered ·

You might not get the answer here as this forum is for Azure devtest lab. Please follow up your same post on correct forum:
https://social.msdn.microsoft.com/Forums/en-US/6e78bc37-dd5d-4b1c-bb9c-0c3eca5ef8e5/azure-nsg-and-auditing-complexity?forum=WAVirtualMachinesVirtualNetwork



If the response helped, do "Mark as answer" and upvote it


· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

gayatriramachandran-5536 avatar image
0 Votes"
gayatriramachandran-5536 answered ·

Thanks Vaibhav.
Actually none of the other tags were suited for this question, had to choose one..

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kongouae-0068 avatar image
2 Votes"
kongouae-0068 answered ·

I understand that you want to permit the outbound access to CDN by using FQDN. NSG can't fulfill your request because you can use only IP address in NSG.

In this scenario, you need to use Azure Firewall or Network Virtual Appliance. These equipments support to use FQDN in its security rule.

Best regards.

· 1 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Like described above, NSG's are simple ACLs, IP source, Dest, Protocol and Port. They made some enhancements to group well known Azure resource, Internet and your internal Vnets but if its not an Azure service or a application group inside your subscription you are out of luck.

If you want more advanced stuff like on Domain names or more next gen features you need an Virtual Appliance from the market place. There are lots of them. NSG's are not going to help you.

0 Votes 0 · ·