Azure Networking
Load Balancers
vNet Peering
Name Resolution
NSGs
Monitoring
Public
Internal
GWLB
Varia
Session Persistence
- by default None means 5 Tuple
- See: Link
Floating IP
- When enabled Azure changes the IP address mapping to the Frontend IP address of the Load Balancer
- See: Link
Cisco Firewall
Palo Firewall
Other Ref
GWLB Setup
Community Document
- See: Link Loadbalancer Integration (good drawings, LB, SNAT, DNAT)
- See: Cisco Azure Blog
Varia
Other Resources
- See: LTRSEC-3052
- See: BRKSEC-3023 - AWS Azure Integration Evoluton Details (good)
- See: BRKSEC-3039 - ARM yourself using NGFWv and ASAv
- See: BRKSEC-2109 - Azure GWLB and FTD
- See: BRKSEC-2130 - Design, implement FTDv in Public and rivate cloud (GWLB, ALB, CLB, NLB, CloudWatch, Lambda in AWS) (SR-IOV etc on prem)
- See: Blog FTD AWS - 2020 older designs
- See: BRKSEC-2150 - ZTP FTDv Azure/AWS Terraform ARM
- See: BRKSEC-1831 - AWS Security Controls explained, FTD in AWS options (not 1000er level)
- See: Digital 2013 - VPP, SR-IOV, NUMA, etc.
- See: FPR Like TAC - TECSEC-3004
Basic vs Standard
- Standard supports HA Port to load-balance all flows that arrive on all ports. Used e.g. for NVAs. Link
- Standard supports cross zone LB = LB across availability zone (AZ)
click to edit
NVA (Network Virtual Appliance)
ISV (Integrated Software Vendor?)
UDR (User Defined Routes)
Custom Routes in a route table
UDR is associated with a subnet
UDR routes override Azure’s default system routes
Repos
- See: DevNet Secure FW (Azure/AWS Terraform, ARM Templates)
- See: FMC Ansible collection - also in DevNet Secure FW Github repo
- See: Terraform FMC Provider - Also in DevNet Secure FW Github repo
- See: [FMC Rest API] https://github.com/SD123456789/FMC-RESTAPI-LABS/tree/master
Beacon
Courses
- Cloud NGFW for Azure, Cloud NGFW for AWS
- Software Firewall PCSFE - AWS, Azure, GCP, NSX-T, Intro, CN
Repos
- See: Autoscaling Azure
YouTube Channel
- See: NetSec
- See: AnubhavSwami