Documentation | Support | Learn

Azure Networking Services FAQ

Frequently asked questions about Azure networking services, including Virtual Networks, Load Balancers, VPN Gateway, ExpressRoute, and more.

General Networking Concepts

What is an Azure Virtual Network (VNet)?

Azure Virtual Network (VNet)

An Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It represents your own network in the cloud, providing a range of Azure networking capabilities that you can use to provision and manage your network. VNets are region-specific and span across all availability zones within the region.

  • Isolation: VNets provide network isolation for your Azure resources.
  • Connectivity: You can connect VNets to each other, and to on-premises networks.
  • Subnets: VNets are divided into subnets for better organization and IP address management.

Learn more: Azure Virtual Network documentation.

What are the differences between Public IP, Private IP, and Internal IP addresses in Azure?

IP Addressing in Azure

Azure networking utilizes different types of IP addresses:

  • Public IP Addresses: Used to communicate with resources over the internet. Resources like Virtual Machines, Load Balancers, and VPN Gateways can be assigned public IP addresses.
  • Private IP Addresses: Used for communication within an Azure Virtual Network or between connected networks (like on-premises). These are not routable over the internet.
  • Internal IP Addresses: A synonym for Private IP addresses within the context of Azure.

Key Considerations:

  • A Virtual Machine instance always has a private IP address.
  • A public IP address can be optionally associated with a VM's network interface (NIC).
  • Load Balancers use both private and public IP addresses for frontends and backends.

For detailed information, see Azure IP Addressing overview.

Network Security

How can I secure my Azure network traffic?

Network Security Measures

Azure provides several layers of security to protect your network:

  • Network Security Groups (NSGs): Act as a basic firewall, allowing or denying network traffic to Azure resources connected to an Azure Virtual Network.
  • Azure Firewall: A cloud-native, intelligent network firewall as a service that protects your Azure Virtual Network resources. It's a fully stateful and managed firewall service with high availability and unlimited cloud scalability.
  • Web Application Firewall (WAF): Protects web applications from common exploits and vulnerabilities.
  • Azure DDoS Protection: Provides enhanced DDoS mitigation capabilities.

Combining these services offers a robust security posture for your Azure deployments.

Learn more: Azure network security features.

What is the difference between NSGs and Azure Firewall?

NSGs vs. Azure Firewall

Network Security Groups (NSGs) are primarily focused on stateful packet filtering at the network and transport layers. They are applied to network interfaces or subnets and control inbound and outbound traffic based on source/destination IP addresses, ports, and protocols.

Azure Firewall is a more advanced, managed network firewall service that operates at Layer 3 and Layer 4, but also offers Layer 7 filtering for FQDN (Fully Qualified Domain Name) filtering and provides centralized logging and threat intelligence. It's ideal for hub-spoke architectures and offers centralized control and management.

Key differences:

  • Scope: NSGs are granular (NIC/subnet), Azure Firewall is centralized.
  • Features: Azure Firewall offers FQDN filtering, threat intelligence, and advanced logging.
  • Management: Azure Firewall is a managed service, simplifying deployment and scaling.

Consult the Azure Firewall vs. NSG comparison for more details.

Connectivity Services

How can I connect my on-premises network to Azure?

On-Premises to Azure Connectivity

Azure offers multiple ways to connect your on-premises environment to Azure:

  • VPN Gateway: Establishes secure, encrypted connections over the public internet between your on-premises network and your Azure Virtual Network. Ideal for hybrid cloud scenarios and disaster recovery.
  • ExpressRoute: Provides dedicated, private connections from your premises to Azure, bypassing the public internet. Offers higher bandwidth, lower latency, and improved reliability for mission-critical workloads.

The choice depends on your bandwidth, latency, security, and cost requirements.

Explore Azure hybrid connectivity options.

What is Azure Load Balancer?

Azure Load Balancer

Azure Load Balancer is a Layer 4 (TCP/UDP) load balancer that enables you to distribute network traffic to your applications. It provides high availability and network scalability by distributing traffic across multiple virtual machines or services.

Key Features:

  • High Availability: Distributes traffic to healthy instances, ensuring application uptime.
  • Scalability: Handles increased traffic by distributing it across more resources.
  • Health Probes: Continuously monitors the health of backend instances.
  • Port Forwarding: Allows incoming traffic on specific ports to be directed to specific backend instances.

For more information, see the Azure Load Balancer documentation.

Other Networking Services

What is Azure DNS?

Azure DNS

Azure DNS provides a highly available and scalable DNS hosting service for your domains. It allows you to host your DNS domains in Azure and manage DNS records using the same credentials, APIs, tools, and billing as your other Azure services.

  • Global Availability: Built on Azure's global network infrastructure.
  • High Performance: Designed for low latency and high query rates.
  • Security: Integrates with Azure Active Directory for access control.

Learn more about Azure DNS.