I'm working with a secure hub setup (vHUB + Azure Firewall) and need to allow access to all TCP/UDP ports from a single VM to the internet. Unfortunately, my application requires using all ports, and although I know Azure Firewall supports DNAT, it only allows specifying individual ports—and the limit on the number of DNAT rules means I can't create one for each port. I've also tried using an Azure Load Balancer, but that didn't help either since it's tied to the firewall. How can I actually achieve this?
1 Answer
You might consider adding an extra NIC with an external IP directly routed to the internet. It’s not ideal, but it could help you expose your VM's endpoints. Just a heads up, it's usually risky to expose all endpoints like that, though!
Thanks for the tip! Unfortunately, I can't add an extra NIC because the VM is part of Azure's native environment—it's hosted on Azure VMware Solution.