{"id":91995,"date":"2023-11-22T23:52:20","date_gmt":"2023-11-23T05:22:20","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=91995"},"modified":"2023-11-22T23:52:20","modified_gmt":"2023-11-23T05:22:20","slug":"filter-inbound-traffic-azure-firewall","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/","title":{"rendered":"How to Filter Inbound Internet Traffic with Azure Firewall Policy DNAT"},"content":{"rendered":"<p><span style=\"font-size: 16px; font-weight: 400;\">Filtering inbound internet traffic with <strong>Azure Firewall policy DNAT (Destination Network Address Translation)<\/strong> is a crucial aspect of securing your network infrastructure.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNAT allows you to redirect traffic from a specific port or IP address on the public-facing side of the firewall to different internal resources, such as specific virtual machines or applications within a virtual network.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this blog, you will learn how to filter out inbound internet traffic with the help of <\/span><a href=\"https:\/\/www.whizlabs.com\/blog\/azure-web-application-firewall\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Azure firewall <\/span><\/a><span style=\"font-weight: 400;\">DNAT using real-time hands-on labs. <\/span><em><span style=\"font-weight: 400;\">Let\u2019s dive in!<\/span><\/em><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/#What_is_Azure_Firewall_DNAT\" >What is Azure Firewall DNAT?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/#What_are_DNAT_rules_on_Azure_Firewall\" >What are DNAT rules on Azure Firewall?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/#How_to_filter_inbound_internet_traffic_with_Azure_Firewall_policy_DNAT_A_step-by-step_guide\" >How to filter inbound internet traffic with Azure Firewall policy DNAT: A step-by-step guide<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/#FAQs\" >FAQs<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/filter-inbound-traffic-azure-firewall\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"What_is_Azure_Firewall_DNAT\"><\/span><strong>What is Azure Firewall DNAT?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Azure firewall DNAT is one of the features of the Azure firewall and it helps to <strong>redirect the traffic from a specific IP address<\/strong> or port to a different destination within the <\/span><a href=\"https:\/\/www.whizlabs.com\/blog\/what-is-microsoft-azure\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Azure cloud platform<\/span><\/a><span style=\"font-weight: 400;\">. DNAT can be employed in scenarios such as where you want to expose internal resources to the web or change the traffic direction to specific services or servers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Azure Firewall pricing varies based on factors such as the number of rules, data processing, and availability zones, and can be obtained from the official Azure pricing page.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The key characteristics of <\/span><span style=\"font-weight: 400;\">Azure Firewall DNAT such as:<\/span><\/p>\n<p><img decoding=\"async\" class=\"alignnone size-full wp-image-92185\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-scaled.webp\" alt=\"characteristics-of-Azure-Firewall-DNAT\" width=\"2560\" height=\"1792\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-scaled.webp 2560w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-300x210.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-1024x717.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-768x538.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-1536x1075.webp 1536w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-2048x1434.webp 2048w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/key-characteristics-of-Azure-Firewall-DNAT-150x105.webp 150w\" sizes=\"(max-width: 2560px) 100vw, 2560px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Inbound Traffic Redirection:<\/b><span style=\"font-weight: 400;\"> DNAT generally helps in inbound traffic redirection that evolves at the specified port or IP address to the destinated IP address and portion within the VPN of Azure. It certainly helps to expose internal services or resources to external users or change traffic rates.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Port Forwarding: <\/b><span style=\"font-weight: 400;\">DNAT, or Destination Network Address Translation, is employed to route traffic from a specific port on Azure Firewall&#8217;s public IP address to a designated internal IP address and port. This facilitates the hosting of services like web servers or application servers behind Azure Firewall, making them accessible from the internet.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Load Balancer Integration: <\/b><span style=\"font-weight: 400;\">Azure Firewall DNAT can be combined with Azure Load Balancer. By setting up DNAT rules in Azure Firewall, you can direct traffic to backend pool members behind the load balancer, delivering scalability, high availability, and load-balancing capabilities.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Application Publishing:<\/b><span style=\"font-weight: 400;\"> DNAT enables the publication of internal applications or services to the internet while safeguarding them behind Azure Firewall. It offers a secure means to expose specific resources or services to external clients while managing access through the Azure firewall rules and policies.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>IP Address Preservation: <\/b><span style=\"font-weight: 400;\">When DNAT is utilized to redirect traffic, the source IP address remains unchanged, allowing the destination resource to see the source IP of the client initiating the request. This feature proves valuable for auditing, troubleshooting, and maintaining visibility of the client&#8217;s IP address.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Rule-Based Configuration:<\/b><span style=\"font-weight: 400;\"> Azure firewall<\/span> <span style=\"font-weight: 400;\">DNAT rules are established within Azure Firewall&#8217;s rule collection. You can craft rule sets to define source IP addresses, destination IP addresses, ports, and protocols for traffic redirection. Multiple DNAT rules can be set up to address various scenarios or applications.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"What_are_DNAT_rules_on_Azure_Firewall\"><\/span><strong>What are DNAT rules on Azure Firewall?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><a href=\"https:\/\/www.whizlabs.com\/labs\/filter-inbound-internet-traffic-with-azure-firewall-policy-dnat\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Azure Firewall Destination Network Address Translation (DNAT) configuration<\/span><\/a><span style=\"font-weight: 400;\"> has to be done to filter out inbound internet traffic to destined subnets. Whenever the DNAT configuration is completed, then the <strong>NAT rile collection action<\/strong> will be changed into Dnat. Each rule specified in the NAT rule can be used to translate the firewall&#8217;s public IP address as well as port into a private IP port and address.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By configuring DNAT rules within Azure Firewall policies, you gain more control over incoming traffic, enhance security, and ensure that the right data reaches the right destination. This capability is particularly valuable for organizations looking to protect their resources while still <strong>providing necessary access to specific services.<\/strong><\/span><\/p>\n<p><img decoding=\"async\" class=\"size-full wp-image-91999 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/azure-firewall-.webp\" alt=\"azure-firewall\" width=\"598\" height=\"311\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/azure-firewall-.webp 598w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/azure-firewall--300x156.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/azure-firewall--150x78.webp 150w\" sizes=\"(max-width: 598px) 100vw, 598px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Now, DNAT will implicitly append a network rule to permit the traffic that gets translated. For security reasons, the suggested solution is to add a specified internet source to permit the DNAT access to the network and eliminate the usage of wildcards.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">DNAT rules can be used to both allow or deny the inbound traffic via a firewall public IP address.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You can employ a DNAT rule when you need to convert a public IP address into a private one. Azure Firewall&#8217;s public IP addresses are entry points for incoming internet traffic. They filter and transform this traffic to connect with internal resources within Azure.<\/span><\/p>\n<h3><span class=\"ez-toc-section\" id=\"How_to_filter_inbound_internet_traffic_with_Azure_Firewall_policy_DNAT_A_step-by-step_guide\"><\/span><strong>How to filter inbound internet traffic with Azure Firewall policy DNAT: A step-by-step guide<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>Task 1: Sign in to Azure Portal<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Go to the Azure portal by clicking the Open Console button or visiting the URL<\/span><a href=\"https:\/\/portal.azure.com\/\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\"> https:\/\/portal.azure.com<\/span><\/a><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">For a smooth experience, consider using incognito mode to avoid Azure portal cache issues.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">If the portal automatically logs into another Azure account, log out and clear your cache. Sign in with the help of a username and password.<\/span><\/li>\n<\/ul>\n<p><b>Task 2: Create a Hub VNet<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">In the Azure portal, at the top, use the search box and enter Virtual network. Select Virtual Networks in the search results.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92000 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network.webp\" alt=\"virtual-network\" width=\"593\" height=\"343\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network.webp 593w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-300x174.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-150x87.webp 150w\" sizes=\"(max-width: 593px) 100vw, 593px\" \/><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><span style=\"font-weight: 400;\">Click on + Create in the Virtual Networks section.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92001 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-2.webp\" alt=\"\" width=\"609\" height=\"223\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-2.webp 609w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-2-300x110.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-2-150x55.webp 150w\" sizes=\"(max-width: 609px) 100vw, 609px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">In the Create virtual network page, provide the following details in the Basics tab Resource group, Name, and Region.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92002 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network.webp\" alt=\"\" width=\"593\" height=\"368\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network.webp 593w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network-300x186.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network-150x93.webp 150w\" sizes=\"(max-width: 593px) 100vw, 593px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Select the IP Addresses tab or click Next: IP Addresses at the bottom.<\/span><\/li>\n<li aria-level=\"2\"><img decoding=\"async\" class=\"size-full wp-image-92003 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/edit-subnet.webp\" alt=\"\" width=\"610\" height=\"217\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/edit-subnet.webp 610w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/edit-subnet-300x107.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/edit-subnet-150x53.webp 150w\" sizes=\"(max-width: 610px) 100vw, 610px\" \/><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">In the IP Addresses tab, enter the following information such as IPv4 address space as 10.0.0.0\/16<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Under the Subnet name, click default.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">In the Edit Subnet section, provide the Subnet name, and Subnet address range and Click Save.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Review + Create and then Create. This step might take a few minutes.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92004 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment.webp\" alt=\"\" width=\"605\" height=\"176\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment.webp 605w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-300x87.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-150x44.webp 150w\" sizes=\"(max-width: 605px) 100vw, 605px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><b>Step 3: Create a Spoke VNet<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In Virtual networks, select + Create.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92163 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-3.png\" alt=\"virtual-network\" width=\"612\" height=\"232\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-3.png 612w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-3-300x114.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-3-150x57.png 150w\" sizes=\"(max-width: 612px) 100vw, 612px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Create Virtual Network page, enter these details in the Basics tab:<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92164 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network.png\" alt=\"create-virtual-network\" width=\"597\" height=\"352\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network.png 597w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network-300x177.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-virtual-network-150x88.png 150w\" sizes=\"(max-width: 597px) 100vw, 597px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Resource group: Select resource group_XXXXX<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Name: Enter MySpokeVNet<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Region: Choose (US) East US<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Go to the IP Addresses tab (or click Next: IP Addresses).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Adjust the default IPv4 address space to 192.168.0.0\/16.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Delete the Default Subnet and click on + Add Subnet.\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92165 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/add-subnet.png\" alt=\"add-subnet\" width=\"591\" height=\"194\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/add-subnet.png 591w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/add-subnet-300x98.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/add-subnet-150x49.png 150w\" sizes=\"(max-width: 591px) 100vw, 591px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Edit Subnet section, provide:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Subnet name: Enter SN-Workload<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Subnet address range: Enter 192.168.1.0\/24 and Click Add.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Review + Create and then Create. This step may take a few minutes.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92166 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/step-3-deployment.png\" alt=\"step-3-deployment\" width=\"617\" height=\"180\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/step-3-deployment.png 617w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/step-3-deployment-300x88.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/step-3-deployment-150x44.png 150w\" sizes=\"(max-width: 617px) 100vw, 617px\" \/><\/p>\n<p><b>Step 4: Peer the VNets<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Azure portal, search for Virtual Networks and select MyHubVNet (the hub VNet created earlier).<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92167 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-4.png\" alt=\"virtual-network-step-4\" width=\"593\" height=\"247\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-4.png 593w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-4-300x125.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/virtual-network-step-4-150x62.png 150w\" sizes=\"(max-width: 593px) 100vw, 593px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Overview page, under Settings, select Subnets. Click on + Subnet.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Add subnet tab, provide the name and click add. <\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Overview page, under Settings, select Peerings. Click on + Add.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92169 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/HubVNet.png\" alt=\"HubVNet\" width=\"587\" height=\"493\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/HubVNet.png 587w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/HubVNet-300x252.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/HubVNet-150x126.png 150w\" sizes=\"(max-width: 587px) 100vw, 587px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Add peering tab, provide the following details:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Under This virtual network:<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Peering link name: Enter Peer-HubSpoke<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Under Remote virtual network:<\/span>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Peering link name: Enter Peer-SpokeHub<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"3\"><span style=\"font-weight: 400;\">Virtual network: Select MySpokeVNet<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92170 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Add-peering.png\" alt=\"Add-peering\" width=\"577\" height=\"506\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Add-peering.png 577w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Add-peering-300x263.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Add-peering-150x132.png 150w\" sizes=\"(max-width: 577px) 100vw, 577px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"2\"><span style=\"font-weight: 400;\">Click Add. You will see this displayed in the Peerings tab.<\/span><\/li>\n<\/ul>\n<p><b>Step 5: Create a Virtual Machine<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Search for Virtual machines in the Azure portal and select Virtual machines from the results.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92171 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Create-a-virtual-machine.png\" alt=\"Create-a-virtual-machine\" width=\"619\" height=\"456\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Create-a-virtual-machine.png 619w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Create-a-virtual-machine-300x221.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Create-a-virtual-machine-150x111.png 150w\" sizes=\"(max-width: 619px) 100vw, 619px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Virtual Machines tab, click + Create, then select Azure virtual machine.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Create a Virtual Machine tab, provide the following values in the Basics tab:<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-92172 size-full\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/VM.png\" alt=\"Virtual machine\" width=\"456\" height=\"480\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/VM.png 456w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/VM-285x300.png 285w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/VM-150x158.png 150w\" sizes=\"(max-width: 456px) 100vw, 456px\" \/><\/p>\n<p><img decoding=\"async\" class=\"size-full wp-image-92173 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/OS-Disk-Type.png\" alt=\"OS-Disk-Type\" width=\"620\" height=\"246\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/OS-Disk-Type.png 620w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/OS-Disk-Type-300x119.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/OS-Disk-Type-150x60.png 150w\" sizes=\"(max-width: 620px) 100vw, 620px\" \/><\/p>\n<p><img decoding=\"async\" class=\"size-full wp-image-92174 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Monitoring.png\" alt=\"Monitoring\" width=\"613\" height=\"360\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Monitoring.png 613w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Monitoring-300x176.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Monitoring-150x88.png 150w\" sizes=\"(max-width: 613px) 100vw, 613px\" \/><\/p>\n<p><img decoding=\"async\" class=\"size-full wp-image-92175 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Networking.png\" alt=\"Networking\" width=\"610\" height=\"422\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Networking.png 610w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Networking-300x208.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/Networking-150x104.png 150w\" sizes=\"(max-width: 610px) 100vw, 610px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click Review + Create and then Create. Your deployment will be completed in a few minutes.<\/span><\/li>\n<\/ul>\n<p><b>Step 6: Deploy the Firewall and Policy<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Azure portal, enter Firewall at the top and select Firewalls from the results.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92176 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-firewalls.png\" alt=\"create-firewalls\" width=\"483\" height=\"313\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-firewalls.png 483w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-firewalls-300x194.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/create-firewalls-150x97.png 150w\" sizes=\"(max-width: 483px) 100vw, 483px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">On the Firewalls page, click Create.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Basics tab of the Create a Firewall page, include the following details:<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92178 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/firewalls-details-setp-6.png\" alt=\"firewall details\" width=\"586\" height=\"556\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/firewalls-details-setp-6.png 586w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/firewalls-details-setp-6-300x285.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/firewalls-details-setp-6-150x142.png 150w\" sizes=\"(max-width: 586px) 100vw, 586px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click Review + Create and then Create. Your deployment will be completed.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92179 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-complete-step-6.png\" alt=\"\" width=\"598\" height=\"181\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-complete-step-6.png 598w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-complete-step-6-300x91.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/deployment-complete-step-6-150x45.png 150w\" sizes=\"(max-width: 598px) 100vw, 598px\" \/><\/p>\n<p><b>Step 7: Create a Default Route<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Azure portal, go to All services, and under Networking, select Route tables.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92180 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/all-services.png\" alt=\"Networking\" width=\"605\" height=\"204\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/all-services.png 605w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/all-services-300x101.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/all-services-150x51.png 150w\" sizes=\"(max-width: 605px) 100vw, 605px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In Route tables, click + Create.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Create Route table page, provide the details:<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Leave other settings as default and click Review + Create. Then, click Create.<\/span><\/li>\n<\/ul>\n<p><b>Step 8: Configure a NAT Rule<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Go to your resource group and select your firewall policy.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Under Settings, select DNAT rules and click + Add a rule collection.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92181 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/MyPolicy-DNAT-Rules.png\" alt=\"MyPolicy-DNAT-Rules\" width=\"621\" height=\"376\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/MyPolicy-DNAT-Rules.png 621w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/MyPolicy-DNAT-Rules-300x182.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/MyPolicy-DNAT-Rules-150x91.png 150w\" sizes=\"(max-width: 621px) 100vw, 621px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">In the Add a Rule collection tab, enter the following values such as Name, Priority, and NAT rule details.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click Add.<\/span><\/li>\n<\/ul>\n<p><b>Step 9: Test the Firewall<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Copy the public IP address of your firewall.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92182 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/enter-your-crendetials.png\" alt=\"enter-your-crendetials\" width=\"565\" height=\"447\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/enter-your-crendetials.png 565w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/enter-your-crendetials-300x237.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/enter-your-crendetials-150x119.png 150w\" sizes=\"(max-width: 565px) 100vw, 565px\" \/><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">On your local computer, use Remote Desktop Connection and enter the public IP address to connect to your virtual machine.<\/span><\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"size-full wp-image-92183 aligncenter\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/recycle-bin.png\" alt=\"recycle-bin\" width=\"633\" height=\"370\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/recycle-bin.png 633w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/recycle-bin-300x175.png 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/recycle-bin-150x88.png 150w\" sizes=\"(max-width: 633px) 100vw, 633px\" \/><\/p>\n<p><b>Step 10: Validation Test<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">After completing the lab steps, click the Validation button or go to the Lab Validation section to verify your progress.<\/span><\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"FAQs\"><\/span><strong>FAQs<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><b>What are the limitations of Azure firewall DNAT?<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You can use any public IP address in DNAT rules.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">All public IP addresses contribute to available SNAT ports.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A maximum of 200 IP Groups is allowed per firewall.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Each IP Group can have up to 5000 individual IP addresses or IP prefixes.<\/span><\/li>\n<\/ul>\n<p><b>How does Azure Firewall manage inbound and outbound network traffic?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Azure Firewall acts as a security system for your Azure network. It checks incoming traffic for various types of data and protects your network from unwanted access. It also keeps an <strong>eye on outgoing data<\/strong>, making sure it follows the rules you&#8217;ve set. For web traffic, it can even look at the details of what&#8217;s being sent or received.<\/span><\/p>\n<p><b>What is inbound traffic in Azure?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Incoming traffic is directed through the Azure load balancer to reach the web app. The load balancer is set up to guide the traffic to the specific IP address assigned to the web app within the Virtual Network (VNet). Once the traffic has successfully reached the correct instance of the Web App, the Web App gains the ability to interact with any resources located within the VNet.<\/span><\/p>\n<p><b>Does Azure NAT gateway permit inbound traffic?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Azure NAT Gateway is designed to facilitate outbound connectivity from a virtual network. It also allows return traffic that&#8217;s in response to an outbound connection to pass through it. However, it doesn&#8217;t permit inbound traffic directly from the internet to go through the NAT gateway.<\/span><\/p>\n<p><b>What is inbound Internet traffic?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Inbound Internet traffic includes all data and requests that are directed toward your network from external sources, regardless of their origin or how they arrive. If the incoming data or requests originate from entities or users outside of your network, it falls under the category of inbound Internet traffic.<\/span><\/p>\n<blockquote><p>Also Read : What Is <a href=\"https:\/\/www.whizlabs.com\/blog\/azure-web-application-firewall\/\" target=\"_blank\" rel=\"noopener\">Azure Web Application Firewall<\/a> (WAF)?<\/p><\/blockquote>\n<h3><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><strong>Conclusion<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Hope this blog covers detailed information about the inbound Internet traffic and how to filter out it with the help of Azure Firewall policy DNAT.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">If you&#8217;re interested in delving deeper into this topic or want to explore practical applications, I recommend making use of<\/span><a href=\"https:\/\/www.whizlabs.com\/labs\/sandbox\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\"> Azure sandboxes<\/span><\/a><span style=\"font-weight: 400;\">. These sandboxes provide a safe and controlled environment for hands-on experience, enabling you to fine-tune your skills and gain real-world insights into managing inbound internet traffic with Azure Firewall policy DNAT.\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Filtering inbound internet traffic with Azure Firewall policy DNAT (Destination Network Address Translation) is a crucial aspect of securing your network infrastructure.\u00a0 DNAT allows you to redirect traffic from a specific port or IP address on the public-facing side of the firewall to different internal resources, such as specific virtual machines or applications within a virtual network. In this blog, you will learn how to filter out inbound internet traffic with the help of Azure firewall DNAT using real-time hands-on labs. Let\u2019s dive in! What is Azure Firewall DNAT? Azure firewall DNAT is one of the features of the Azure [&hellip;]<\/p>\n","protected":false},"author":382,"featured_media":92184,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[15],"tags":[],"class_list":["post-91995","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-microsoft-azure"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",1280,720,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-300x169.webp",300,169,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-768x432.webp",768,432,true],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-1024x576.webp",1024,576,true],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",1280,720,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",1280,720,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",24,14,false],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",48,27,false],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",96,54,false],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",150,84,false],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI.webp",300,169,false],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-640x720.webp",640,720,true],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-96x96.webp",96,96,true],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2023\/11\/How-to-Filter-inbound-Internet-traffic-with-Azure-Firewall-policy-DNAT-FI-150x84.webp",150,84,true]},"uagb_author_info":{"display_name":"Vidhya Boopathi","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/vidhya\/"},"uagb_comment_info":37,"uagb_excerpt":"Filtering inbound internet traffic with Azure Firewall policy DNAT (Destination Network Address Translation) is a crucial aspect of securing your network infrastructure.\u00a0 DNAT allows you to redirect traffic from a specific port or IP address on the public-facing side of the firewall to different internal resources, such as specific virtual machines or applications within a&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/91995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/382"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=91995"}],"version-history":[{"count":6,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/91995\/revisions"}],"predecessor-version":[{"id":92187,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/91995\/revisions\/92187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/92184"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=91995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=91995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=91995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}