Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Explicit Proxy feature for Azure Firewall Policy #27581

Closed
1 task done
girishmotwani opened this issue Oct 11, 2023 · 1 comment · Fixed by Azure/azure-cli-extensions#7164
Closed
1 task done

Support Explicit Proxy feature for Azure Firewall Policy #27581

girishmotwani opened this issue Oct 11, 2023 · 1 comment · Fixed by Azure/azure-cli-extensions#7164
Assignees
@necusjz
Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request Network az network vnet/lb/nic/dns/etc...
Milestone
Backlog

Comments

@girishmotwani
Copy link

Preconditions

  • No need to upgrade Python SDK or the Python SDK is ready.

Related command

az network firewall policy

Resource Provider

Microsoft.Network/firewallPolicies

Description of Feature or Work Requested

We have added support to allow the Azure Firewall to be configured as an explicit proxy. Prior to this, Azure firewall could only be configured as a transparent proxy - and would require customers to setup a UDR to direct their application traffic to be inspected by the Azure Firewall.

With Explicit proxy set on the outbound path, you can configure a proxy setting on the sending application (such as a web browser) with Azure Firewall configured as the proxy. As a result, traffic from the sending application goes to the firewall's private IP address and therefore egresses directly from the firewall without the using a UDR.

With the Explicit proxy mode (supported for HTTP/S), you can define proxy settings in the browser to point to the firewall private IP address. You can manually configure the IP address on the browser or application, or you can configure a proxy auto config (PAC) file. The firewall can host the PAC file to serve the proxy requests after you upload it to the firewall.

Minimum API Version Required

N/A

Swagger PR link / SDK link

Azure/azure-rest-api-specs#15017

Additional PR to add one more field - Azure/azure-rest-api-specs#19011

Request Example

(https://github.com/Azure/azure-rest-api-specs/blob/main/specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/FirewallPolicyPut.json)
https://github.com/Azure/azure-rest-api-specs/blob/main/specification/network/resource-manager/Microsoft.Network/stable/2023-05-01/examples/FirewallPolicyGet.json

Target Date

2023-11-01

PM Contact

mgakman@microsoft.com

Engineer Contact

uditmisra@microsoft.com

Additional context

https://github.com/Azure/azure-rest-api-specs/pull/15017/files

powershell PR - Azure/azure-powershell#18642
@microsoft-github-policy-service microsoft-github-policy-service bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. Network az network vnet/lb/nic/dns/etc... labels Oct 11, 2023
@microsoft-github-policy-service microsoft-github-policy-service bot added Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Oct 11, 2023
@yonzhan
Copy link
Collaborator

yonzhan commented Oct 11, 2023

Thank you for opening this issue, we will look into it.

@yonzhan yonzhan added this to the Backlog milestone Oct 12, 2023
@yonzhan yonzhan removed the question The issue doesn't require a change to the product in order to be resolved. Most issues start as that label Oct 12, 2023
@ZengTaoxu ZengTaoxu mentioned this issue Jan 9, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@necusjz necusjz

Labels
Auto-Assign Auto assign by bot Azure CLI Team The command of the issue is owned by Azure CLI team customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request Network az network vnet/lb/nic/dns/etc...
Projects
None yet
Milestone
Backlog
3 participants
@necusjz @girishmotwani @yonzhan