Allowing a method of transparent interception for network/security appliances to allow them to operate, but still be able to take advantage of configuring new applications completely via ARM.
e.g. new app has external load balancer, 3 tier of VMs etc. But we could slot an IPS in between Ext Load Balancer and Web tier, or outside ELB etc.. Without having to also configure a Layer 3 policy & NAT on security appliance.
Ideally have options of both inline, and "SPAN" mode. and be able to attach to Load Balancers, NICs, and where there are tags, eg 'Internet' routes.9 votes
Hi Peter, Thanks for the suggestion, Looks like you are looking for a way to be able to get ERSPAN or port mirroring functionality that can be transparently switched on any VM , and if you slot in a IPS/advanced inline processing functionality of your choice that acts a collector to obtain and do what it needs to do, that would do the job, is that right?
This should be the accepted standard for secure Internet communications. Not sure why Microsoft refuses to commit to this after so many customer requests. Instead, charging customers high prices to communicate securely continues. Google Cloud has already implemented this feature.3 votes
Thanks for your feedback. Can you please elaborate on what specifically you want to see happen? Are you referring to obtaining free SSL certificates or do you want to see a specific product offer a new feature? Thank you.
Microsoft Azure should have predefined access rules for every region.
For example, if someone wants to block traffic for every region except only one, should choose to allow for the specific one and add block rule for every other region.
That would be good for DDos attacks3 votes
Thank you for your suggestion. Did you have the chance to review our NSG documentation? Also, stay tuned for an announcement on our upcoming DDoS solution.
apply filter ip origen azure in NGS.
This option is like "Allow access to Azure services" in "SQL server Azure"3 votes
Thanks for the feedback
We need additional details on how the idea should be implemented, we currently support source and destination on NSG rules
- Don't see your idea?