Microsoft Azure

Azure Network Security Group (NSG)

Access Requests
Auto suggest target
Risk Analysis
Topology mode only
    Add Access
    Risk Analysis
    Verifier
    Designer
    Remove Access
    Verifier

Azure Firewall

Access Requests
Auto suggest target
Risk Analysis
Topology mode only
    Add Access
    Verifier
    Designer
    Remove Access
    Verifier

Notes for Azure NSG and Azure Firewall:

  • The GET Verifier Results API for Azure devices will not return the list of implementing or violating rules. It will only return whether the ticket and its access requests are verified or not.

  • In the Verifier results, for each policy presented:

    • Installed on modules field is empty. In order to see the relevant firewalls, review the Target field in the Access Request.

    • Revision Number is not available. To find the revision used for Verifier's calculations, check the Changes or Compare tabs in SecureTrack. In the Received On column, look for a date that matches the one in the Verifier results. Keep in mind that the Verifier's results may be based on a higher-level device revision. If there is no match in the firewall revisions, also check the parent device dates.

  • For Azure NSG only:

    • When creating or modifying rules, Designer suggestions include only network addresses. Application Security Groups (ASG) or any other objects are not suggested.

    • Designer may suggest adding multiple protocols in NSG rule's service, although it is not supported on the device.

  • For Azure Firewall only:

    • Designer will not suggest creating rule collections or rule collection groups. If you need to create rule collections or rule collection groups, you must add them manually.

    • Designer will return an error when URL category is selected in Access Request.