BGP Routing from and to VPN Gateway
Hello All, I am setting up a lab concerning vWAN connection to onprem via SDWAN and I have some issues getting the routing to work properly. I have a hub which symbolizes the on-premises hub with a VPN gateway (gw-onprem) and a VM (on-prem-hubvm) deployed. Attached to the onprem-hub is a) on-prem spoke with a VM (on-prem VM). b) two vnets that symbolize the sdwan. Both of which have a VPN gateway as well as one VM each deployed (gw-sd-1/2) The SDWan Gateways are connected via s2s to two different vWAN hubs in two different locations. The vWAN has a third Hub which is not directly connected to on-prem What I am trying to lab is what direction the traffic is tacking from the vWAN Hubs to the last on-premise VM. The traffic currently goes all the way through the s2s vpn connection, but it gets dropped afterwards. I am struggling to set-up the routing from the sd-gw's to the on-premises machine. The routing needs to work through BGP The goal of the Lab is to see which path to on-premises is preferred if the hub preference is AS Path (shortest BGP Path). BGP is enabled on all VPN Gateways The SD GWs are peered to the onprem Hub GW but no vnet peering. The on-premises Vnets are peered. Somehow the VPN Gateways are not learning the routes to on-premises. I tried pointing the way with UDRs but somehow it also isnt working I've tried setting up UDRs so that the traffic would be the following vWAN Hub -> sd GW > sd VM > GW-onprem (> on-prem-hubvm) > on-prem VMAz-firewall-mon(itor) - near real time Azure Firewall flow log analyser
Hello, networking expert! I’m excited to share with you an update on my personal open source project: az-Firewall-mon: Az-firewall-monitor is an open-source tool that helps you answer to the following question: what is happening in my azure Firewall right now? It provides an alternative and opinionable way to access and inspect Azure Firewall logs, without using Log Analytics or Kusto queries. It provides a simple and intuitive interface that shows you what is happening on your firewall right now (or almost). to filter your data you can use both a full text search or natural language thanks to his integration with chatGPT4. Here a sample full text search interaction: here a sample natural language interaction Try out az-firewall-monitor at https://az-firewall-mon.duckiesfarm.com or have a look at the source code on GitHub at https://github.com/nicolgit/azure-firewall-mon Thank you!Internal API : Virtual Network support for Power Platform
Hello Everyone, We are using Custom Connectors from Power Automate Flows to initiate a call to the Internal API that is hosted in Azure through the MuleSoft Data Gateway. Since we are unable to activate the private endpoint for this internal API, we are seeking guidance on how to securely connect to the API via V-Net integration. Please advise. As per the Microsoft Documentation : Use custom connectors (preview) to securely connect to your services that are protected by private endpoints in Azure or services that are hosted within your private network. https://learn.microsoft.com/en-us/power-platform/admin/vnet-support-overview Thanks, -Sri
Issue with Azure VM Conditional Access for Office 365 and Dynamic Public IP Detection
Hi all, I have a VM in Azure where I need to allow an account with MFA to bypass the requirement on this specific server when using Office 365. I've tried to achieve this using Conditional Access by excluding locations, specifically the IP range of my Azure environment. Although I’ve disconnected any public IPs from this server, the Conditional Access policy still isn’t working as intended. The issue seems to be that it continues to detect a public IP, which changes frequently, making it impossible to exclude. What am I doing wrong?Azure SD-WAN
Hi, I'm looking for good SD-WAN options for connecting our branches to our Azure vWAN with secured hubs (Azure Firewall). The plan is to ditch our current on-prem network circuit + express route and move to Azure vWan as the central hub with branch offices connecting over SD-WAN. I've had a look at Azure Virtual WAN partners, regions, and available locations | Microsoft Learn. We currently do have Fortigate NGFW on-prem but doesn't belong to us as its managed by a vendor. Besides, deploying dual role Fortigate NGFW into the vWan hub seems like an over-kill since we already have Azure Firewall Premium? Would be grateful for your experience \ suggestions. Thanks
Azure vwan - default subnetmasks
Hello I have a question regarding the default subnetmasks assigned to the subnets in Vwan. According to the Vwan FAQ documentation https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq#what-is-the-recommended-hub-address-space-during-hub-creation a /23 is recommended for the vnet. And it mentions that when using an NVA that the nva subnet will be a /28 or /27 (with multiple NVAs). But what are the default subnetmasks for the ExpressRoute, site-to-site VPN, point-to-site VPN, Azure Firewall and Virtual hub Router subnets? a /27? Is it also /27 when using a vwan hub address space of /24? Is it correct to assume that when picking a /16 network address space for the vwan hub that the subnets will become /24? Thank you for any extra information regarding this topic.Using Azure Bastion via through vWAN Virtual Hub
I have a feedback about Azure Bastion. I am using the ability to use Azure Bastion with multiple virtual networks via vNET Peering. I would like to extend this feature to use it via a Virtual WAN hub. However, the current Azure Bastion does not seem to detect peering through a virtual hub. I hope Azure Bastion to be able to connect to VM hosts on different virtual networks via a virtual hub.IKEv2 and Windows 10/11 drops connectivity but stays connected in Windows
I’ve seen this with 2 different customers using IKEv2 User VPNs (virtual wan) and Point to Site gateways in hub and spoke whereby using the VPN in a Always On configuration (device and user tunnel) that after a specific amount of time (56 minutes) the IKEv2 connection will drop the tunnel but stay connected in Windows. To restore the connection, you just reconnect. has anyone else had a similar experience? I’ve seen the issue with ExpressRoute and with/without Azure firewalls in the topology too.Live webinar - Optimizing Cloud Experience with Cisco SD-WAN and Microsoft Azure Networking
Join our team of experts today, Tuesday, November 30th @ 11:30 PM UTC (3:30 PM Pacific time) for a joint live webinar between Microsoft and Cisco to get exclusive insight on how we are extending our existing partnership with Cisco to improve network connectivity to cloud-based applications. During the session, you'll hear from the Microsoft and Cisco product teams on industry first innovations designed to improve the integration between Microsoft 365 and Cisco SD-WAN Cloud OnRamp for SaaS. These enhancements will give users more control over traffic flow, insight into deep metrics, and automated policy integration. You’ll also learn how customers can extend their Cisco SD-WAN from branch sites to their workloads on Azure using virtual WAN, access workloads with little or no additional configuration, provide end-to-end automation from branch to cloud, and leveraging Azure global backbone for regional connectivity. Register for the event here: Optimizing Cloud Experience with Cisco SD-WAN and Microsoft Azure Networking (cvent.com)
