Azure Networking | Microsoft Community Hub

Connect with experts and redefine what’s possible at work – join us at the Microsoft 365 Community Conference May 6-8. Learn more >

Forum Widgets

Latest Discussions

ARM Template To create Multiple NSG's associate with existing Subnet
Hi All, I am trying to create Multiple NSG with multiple rules associate with subnets. Can anyone give me the Template file which is used as single Template file for Multiple NSG. Attached is the current files used by me for creating NSG. The problem in the below script is, It is not creating more than 2 NSG's. So that i am expecting to have a single Template and parameter file to create multiple NSG's. More likely to use copy loops. Template File: { "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.1", "parameters": { "virtualNetworkName": { "type": "String" }, "networkSecurityGroupName1": { "type": "String" }, "subnetName1": { "type": "String" }, "networkSecurityGroupRules1": { "type": "Array" }, "networkSecurityGroupName2": { "type": "String" }, "subnetName2": { "type": "String" }, "networkSecurityGroupRules2": { "type": "Array" } }, "variables": {}, "resources": [ { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2018-03-01", "name": "[parameters('networkSecurityGroupName1')]", "location": "[resourceGroup().location]", "properties": { "securityRules": "[parameters('networkSecurityGroupRules1')]" } }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2017-08-01", "name": "apply-nsg-to-subnet1", "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]" ], "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ { "apiVersion": "2018-03-01", "type": "Microsoft.Network/virtualNetworks/subnets", "name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName1'))]", "location": "[resourceGroup().location]", "properties": { "addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName1')), '2018-03-01').addressPrefix]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName1'))]" } } } ] } }, "resourceGroup": "[resourceGroup().name]" }, { "type": "Microsoft.Network/networkSecurityGroups", "apiVersion": "2018-03-01", "name": "[parameters('networkSecurityGroupName2')]", "location": "[resourceGroup().location]", "properties": { "securityRules": "[parameters('networkSecurityGroupRules2')]" } }, { "type": "Microsoft.Resources/deployments", "apiVersion": "2017-08-01", "name": "apply-nsg-to-subnet2", "dependsOn": [ "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]" ], "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "resources": [ { "apiVersion": "2018-03-01", "type": "Microsoft.Network/virtualNetworks/subnets", "name": "[concat(parameters('virtualNetworkName'), '/', parameters('subnetName2'))]", "location": "[resourceGroup().location]", "properties": { "addressPrefix": "[reference(resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), parameters('subnetName2')), '2018-03-01').addressPrefix]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('networkSecurityGroupName2'))]" } } } ] } }, "resourceGroup": "[resourceGroup().name]" } ], "outputs": {} }
Solved
vigneshkrcegmailcom
Brass Contributor
Nov 11, 2020
8.4KViews
0likes
19Comments
Access storage account (SMB file share) via private endpoint in a Hub-Spoke setup
Hello community, I am struggeling with this issue since days now. I need to access a SMB share (=private endpoint in spoke Vnet) from a VM (Zscaler App Connector) in the Hub Vnet. The traffic flow is going throgh the Azure firewall (UDRs in place) and i can see the traffic 10.2.1.100 > 10.3.15.8:445 as allowed. The connection from On Prem 10.1.1.00 > 10.3.15.8:445 is working fine. Only from the Server Subnet in the Hub Vnet i can not access the SMB share. telnet 10.3.15.8 445 from 10.2.1.100 is not successful Interestingly a tcp dump on 10.2.1.100 shows that i get RESET packets after a couple of SYNs from 10.13.15.8 Any ideas are highly appreciated. Thanks Stephan
slache
Copper Contributor
Mar 17, 2024
1.5KViews
0likes
11Comments
Need For Local Network Gateway when connecting Azure S2S tunnel to AWS
Greetings. According to this article and several others I've read on connecting Azure to AWS resources, a Local Network Gateway is required to be provisioned and configured along with an Azure VPN Gateway on the Azure side. My question is, why is this the case? I don't need to have a Local Network Gateway for any other S2S tunnels I've provisioned to on-prem locations, so why is this needed for connectivity to AWS? Is it because of some compatibility issues between Azure and Amazon VPN gateways, or is it due to something else? I'd just like to understand why. Thanks in advance for any light that can be shed! Brian
Solved
AzureBrian
Brass Contributor
Apr 16, 2021
4.6KViews
0likes
7Comments
Unable to connect to resources via site to site vpn using Meraki VMX100
Hi. We have established a site to site vpn between our Azure Meraki vmx100 (managed Azure service/app) and our on premise mx64. Although the tunnel is up, running and passing traffic, I can't rdp to my resources in Azure. I spoke to Cisco and they confirmed my vmx100 is configured correctly and traffic is reaching the Azure resources however traffic from Azure VM is not being passed back. I need, specifically, to be able to rdp to the VMs in Azure. I have set up routes but obviously they are not correct or else this would be working! I have also set up network security groups allowing inbound and outbound traffic to port 3389 (rdp). When I run the connection test it tells me that access has been granted. However, when I try to rdp using the MS rdp client, I get the generic unable to connect message. When I try to rdp using the Azure rdp client, it tells me another computer has disconnected my session which is not possible since I'm the only one setting this up. Anyone out there that has successfully set up a Cisco Meraki VMX100 in Azure and is able to access the resources in Azure behind the vmx100? Thanks, Sharyn_S
Sharyn_S
Copper Contributor
Oct 21, 2020
11KViews
0likes
7Comments
Azure DNS Private Resolver Query
HI All, Need help to understand more about Azure DNS Private Resolver. When Azure Private Resolver released my understanding was it is for Azure private endpoint DNS resolution from on premises to Azure Private DNS, as initially we had to create a VM in Azure and in on premises DNS we have to provide Azure DNS VM IP as a forwarder in the on premises DNS, after reading Azur Private DNS Resolver in details I now have an understanding that does not matter the on-premises environment needs it or not Private resolver should be created in the VNET and it will help to resolve DNS Queries, the exact simple question is do i have to provision it even if my on-prem environment does not need to resolve the Azure Private DNS for Private Endpoint? how about in HUB/Spoke scenario do i need to provision Azure Private DNS Resolver in a HUB VNET even my on premises environment does not need to resolve the Azure Private DNS for Private Endpoint? In a single subscription scenario where i do not have HUB/Spoke model i have one subscription i do not have On premises DNS resolution requirement, do I still need to provision Private Resolver? I believe not because linking to private DNS Zone will do the needful but not sure if something is changed. Thanks
Skhatri
Copper Contributor
Mar 20, 2023
Azure DNS
azure private link
virtual network
2.9KViews
0likes
6Comments
Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?
AB21805
Bronze Contributor
Jun 25, 2024
Application Gateway
Azure Bastion
azure ddos protection
Azure DNS
azure expressroute
1.3KViews
0likes
5Comments
Public IPs on Azure
Hi, I have been trying to read documentation, but most likely I have used wrong search terms. But does anybody knows if the following kind of setup is possible on Azure? The main idea behind this question is, if I have servers and willing to have centralized FW control for the traffic coming in or out to/from these VMs, is this an option? Or if I assign the public IP to the VM, that can go out directly and skipping the centralized FW? All documents what I have see are speak about assigning the Public IP to the VMs, or having NATing, but with that we hit to the problem when port ranges extends widely.
Petri-X
Bronze Contributor
Feb 06, 2024
azure firewall
virtual network
1.2KViews
0likes
5Comments
Errors in Virtual Networks - Address space overlaps
Hi, We have warnings like this from a few days in all the virtual networks: Address space '10.100.0.0/17' overlaps with address space '10.100.0.0/17' of virtual network 'vnet-eu-we-glb-sandbox'. Virtual networks with overlapping address space cannot be peered. If you intend to peer these virtual networks, change address space '10.100.0.0/17'. But we don't have any network with this address space. And it appears in all the virtual networks, but we don't do changes in the infrastructure. It's a big problem for us, as we created two new virtual networks, the warning appears and we can't create peering between them. How can we solve it? Thanks
Solved
mgfeal
Brass Contributor
Apr 19, 2023
2.1KViews
1like
5Comments
Outbound endpoint ip address of Azure DNS Private Resolver
Hi, we need to find out the ip address that's used in the outbound endpoint of Private Resolver for configuring our onPrem firewall. We cannot find anything about this in the docs or in Azure portal. How to find it? Regards Sven
Solved
SvenGloeckner5
Brass Contributor
Mar 31, 2023
2.5KViews
0likes
5Comments
Typical latency to expect between Azure VMs of the same Proximity Placement Group
Hello, I was looking at measuring and improving latency between VMs of the same PPG. I wonder what the values are that could be expected, in order to know whether the values I am seeing are "normal" or "bad". I need low latency between Windows and Linux VMs, so the steps provided here: Test Azure virtual machine network latency in an Azure virtual network | Microsoft Learn don't help to measure exact latency unfortunately. However, I used hrPing to determine the values outside of working hours and am still getting 1.3ms on average. I know VM size affects the results, so my sizes for reference: Linux: Standard E48ds v4 (48 vcpus, 384 GiB memory), w/accelerated networking Windows: Standard B12ms (12 vcpus, 48 GiB memory), w/accelerated networking Is that a reasonable result to expect? Kindly let me know your thoughts. Thank you! Joerg.
Solved
Joerg_Aldinger
Copper Contributor
Oct 20, 2022
6KViews
1like
5Comments

Resources

Tags

Share