Azure firewall application rule does not support non-http80/http8080/https443 protocol, for example SMTP. Please add the new feature.
In order to inspect access to smtp.office365.com through Azure firewall, and leverage target FQDN in application rule, please add SMTP protocol support since currently AFW does not support non-http80/http8080/https443 protocol.
Azure Firewall supports HTTP/S and MSSQL in application rules. We are adding FQDN filtering in network rules based on DNS resolution for all TCP/UDP protocols. Tentative preview is early Q3 CY2020.
What is the status of this? There are plenty of use cases for this. Even some examples in the documentation about AKS and Firewall are ridiculous (you allow all outbound on port 9000 and 22 because app rules don't support those ports). This is massively needed
Wojtek Piegsa commented
We need this feature too to clone repositories from Azure Repos.
Currently we have only 3 options (which are not that great):
- Use a MS own git credential manager which is hosted in RPM to connect via HTTPS
- Update the Firewall once a week to allow SSH connections to an weekly changing number of hosts (https://www.microsoft.com/en-us/download/details.aspx?id=56519)
- Or allow SSH connections to all IPs
Scott Judson commented
We need this too.
Guys, WE NEED IT! We recently created en environment and our devs use SMTP.GMAIL.COM:587, there are push notification services for Apple and Android. Those are on completely different ports!
And we will have PCI compliance certification!