On This Page
Microsoft Azure
Azure Network Security Group (NSG)
- Access Requests
- Auto suggest target
- Risk Analysis
- Topology mode only
- Add Access
- Risk Analysis
- Verifier
- Designer
- Update Device
- Remove Access
- Verifier
Azure Firewall
- Access Requests
- Auto suggest target
- Risk Analysis
- Topology mode only
- Add Access
- Verifier
- Designer
- Remove Access
- Verifier
Notes for Azure NSG and Azure Firewall:
-
The GET Verifier Results API for Azure devices will not return the list of implementing or violating rules. It will only return whether the ticket and its access requests are verified or not.
-
In the Verifier results, for each policy presented:
-
Installed on modules field is empty. In order to see the relevant firewalls, review the Target field in the Access Request.
-
Revision Number is not available. To find the revision used for Verifier's calculations, check the Changes or Compare tabs in SecureTrack. In the Received On column, look for a date that matches the one in the Verifier results. Keep in mind that the Verifier's results may be based on a higher-level device revision. If there is no match in the firewall revisions, also check the parent device dates.
-
-
For Azure NSG only:
- Designer does not support overlapping addresses in a single rule.
- If you modify a rule with overlapping addresses, Designer suggests creating a new rule instead.
- If Designer must create a rule with overlapping addresses, it returns an error.
- Designer suggestions include only network addresses and services, unless Application Security Groups (ASG) are selected in the Access Request.
- Sharing a Network Security Group (NSG) across multiple VNETs is not supported. Designer models the NSG separately for each VNET, which results in conflicting instructions. This causes the Update Device process to fail.
- The Update Device process sets rule priority based on the location defined in Designer. If required, it reorders existing rules to place the new rule in the correct position.
- Designer does not support overlapping addresses in a single rule.
-
For Azure Firewall only:
-
Designer will not suggest creating rule collections or rule collection groups. If you need to create rule collections or rule collection groups, you must add them manually.
-
Designer will return an error when URL category is selected in Access Request.
-
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague