You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-faq.yml
+3-5Lines changed: 3 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -34,14 +34,16 @@ sections:
34
34
35
35
- question: What are some Azure Firewall concepts?
36
36
answer: |
37
-
Azure Firewall supports rules and rule collections. A rule collection is a set of rules that share the same order and priority. Rule collections are executed in order of their priority. Network rule collections are higher priority than application rule collections, and all rules are terminating.
37
+
Azure Firewall supports rules and rule collections. A rule collection is a set of rules that share the same order and priority. Rule collections are executed in order of their priority. DNAT rule collections are higher priority network rule collections, which are higher priority than application rule collections, and all rules are terminating.
38
38
39
39
There are three types of rule collections:
40
40
41
41
* *Application rules*: Configure fully qualified domain names (FQDNs) that can be accessed from a Virtual Network.
42
42
* *Network rules*: Configure rules that contain source addresses, protocols, destination ports, and destination addresses.
43
43
* *NAT rules*: Configure DNAT rules to allow incoming Internet connections.
44
44
45
+
For more information, see [Configure Azure Firewall rules](rule-processing.md).
46
+
45
47
- question: Does Azure Firewall support inbound traffic filtering?
46
48
answer: |
47
49
Azure Firewall supports inbound and outbound filtering. Inbound protection is typically used for non-HTTP protocols like RDP, SSH, and FTP protocols. For inbound HTTP and HTTPS protection, use a web application firewall such as [Azure Web Application Firewall (WAF)](../web-application-firewall/overview.md) or the TLS offload and deep packet inspection capabilities of [Azure Firewall Premium](./premium-features.md).
@@ -188,10 +190,6 @@ sections:
188
190
- question: Are there any firewall resource group restrictions?
189
191
answer: Yes. The firewall, VNet, and the public IP address all must be in the same resource group.
190
192
191
-
- question: When configuring DNAT for inbound Internet network traffic, do I also need to configure a corresponding network rule to allow that traffic?
192
-
answer: |
193
-
No. NAT rules implicitly add a corresponding network rule to allow the translated traffic. You can override this behavior by explicitly adding a network rule collection with deny rules that match the translated traffic. To learn more about Azure Firewall rule processing logic, see [Azure Firewall rule processing logic](rule-processing.md).
194
-
195
193
- question: How do wildcards work in target URLs and target FQDNs in application rules?
196
194
answer: |
197
195
- **URL** - Asterisks work when placed on the right-most or left-most side. If it is on the left, it can't be part of the FQDN.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments