question

pallab avatar image
1 Vote"
pallab asked ·

Will Azure PaaS Services work if traffic is routed through Palo Alto Firewalls from Azure?

My customer is planning to implement two sets of firewalls , total 4 VMs of Palo Alto NVA These 2 sets of NVAs of Palo Alto would be present in the Hub VNET in two different subnets. There are like 2 spoke VNETS that has VNET peering with the Hub and traffic is routed via the Hub, means transitive peering is enabled via Hub to the On Prem via Express Route. They will also use few PaaS Services like Web Apps and SQL PaaS etc. So my question is , is it mandatory to enable outbound Internet from Azure for these PaaS Services to work properly ? What if UDRs are created in the NVA and no egress internet traffic is allowed from Azure directly for example and everything has to be inspected by the Palo Alto NVA and then to the On Prem firewall and then outbound to Internet, will that break Azure PaaS Services and create a problem for their effective functioning ? Security team doesn't want any outbound Internet Traffic directly from Azure without being inspected by Azure Palo Alto NVA and On Prem Firewall.

azure-information-protectionazure-webapps-securityazure-webapps-availability
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers