Azure Insights: Firewall IP Groups; Container Registry, Helm charts; Bring Your Own Key; Monitoring tools

User Review
0 (0 votes)

Microsoft Azure pros share their thoughts on Firewall IP Groups, working with Container Registry and Helm charts, or the role of Bring Your Own Key and monitoring tools.

Leveraging Azure Firewall IP Groups

Microsoft MVP Joe Carlyle, writing on We Do Azure shared his thoughts on Azure Firewall IP Groups. For the moment, these are still in-preview. IP Groups can contain one or more IP addresses and IP address ranges, and are used for Network, Application, and DNAT rules in Azure Firewall. Currently, they are limited to 5000 individual IP addresses per firewall instance, for 50 IP Groups or less. He wrote:

What this means is that while your rules should already be scoped accurately, you may need to use a couple of extra IP groups if you’re working with large address ranges. A simple example is a /16 will simply not work in an IP Group, /20 is basically your limit per IP Group. If you’ve worked with Azure Firewall, I’m sure you’ve already thought of several places these rules can really help. For me, it was within Network Rule Collections. 

An added limitation is that Azure portal won’t let users add an IP Group as a destination. Users must exercise tremendous caution if they have Firewall in production because they can easily overwrite collections. Carlyle demonstrated some code as a workaround.

Container Registry and Helm charts

FREE Membership Required to View Full Content:

Become a MemberLogin

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates. 
Learn more about us here