I was going through this article : Just-in-time (JIT) VM access for Azure Firewall is now generally available and Understanding just-in-time (JIT) VM access
My questions are :
Is Just-in-time (JIT) VM access using Key Vault for Fortigate Firewall is available in Azure? - Nothing found from search. If its available, how to implement that? So that, users can access VMs behind the firewall.
Thanks
It is not available for FortiGate firewall.
You can find the available options here https://learn.microsoft.com/en-us/azure/security-center/just-in-time-access-usage?tabs=jit-config-asc%2Cjit-request-asc
Related
When I have both Docker Desktop and my VPN (needed for client environment) turned on I can't access many endpoints. I can access some, but they seem very random (can access Stack Overflow, can't access Microsoft or Red Hat websites for example). When I turn off my VPN I can access all these endpoints again.
This behaviour only happens when Docker Desktop (version 4.4.3) is running. Is there a configuration in Docker that I can change to remediate this behaviour?
I want to use the Azure API Management Service (AMS) to expose the API created with R/Plumber hosted in a Docker container and runs in an Ubuntu machine.
Scenario
With R/Plumber I created some APIs that I want to protect. Then, I created a virtual machine on Azure with Ubuntu and installed Docker. The APIs are in a container that I published on the virtual machine by Docker. I can access them via internet.
On Azure I created an API Management service and added the APIs from the Swagger OpenAPI documentation.
Problem
I want to secure the APIs. I want to expose to the internet only the AMS. Then, my idea was to remove the public IP from the virtual machine and via a virtual network using the internal IPs to connect the API Management Service to the API with the internal IP (http://10.0.1.5:8000).
So, I tried to set a Virtual Network. Clicked on the menu, then External and then on the row, I can select a network. In this virtual network, I have one network interface that is the one the virtual machine is using.
When I save the changes, I have to wait a while and then I receive an error
Failed to connect to management endpoint at azuks-chi-testapi-d1.management.azure-api.net:3443 for a service deployed in a virtual network. Make sure to follow guidance at https://aka.ms/apim-vnet-common-issues.
I read the following documentation but I can't understand how to do what I wanted
Azure API Management - External Type: gateway unable to access resources within the virtual network?
How to use Azure API Management with virtual networks
Is there any how-to to use? Any advice? What are I doing wrong?
Update
I tried to add more Address space in the Virtual network.
One of them (10.0.0.2/24) is delegate for the API Management.
Then, in the Network security group I added the port 3443.
From the API manager I can't reach the server with the internet IP (10.0.2.5). What did I miss?
See common network configuration issues, it lists all dependencies that are expected to be exposed for APIM to work. Make sure that your vnet allows ingress at port 3443 for the subnet where APIM service is located. This configuration must be done on VNET side, not APIM.
I am using Windows 8.1 in my laptop and I have created a Windows Server 2012 R2 Virtual Machine using Hyper-V.
I have tried to give the VM Internet access. I followed this thread, but my VM still has no Internet access.
I can see the Wi-Fi is bridged and the VM got an IP-address, and both my laptop and VM has same default gateway.
This doesn't sound like an issue with the HyperV setup. But instead just sounds like you aren't aware of the Enhanced Security Configuration placed on Internet Explorer by default in a server OS.
Check this out the following blog post on how to remove them.
https://blogs.technet.microsoft.com/chenley/2011/03/10/how-to-turn-off-internet-explorer-enhanced-security-configuration/
Is JIRA supported in GCE? If so, how to make it work?
We have installed 64-bit .bin of JIRA(6.4.1), and opened necessary custom http ports under Networks.
Started JIRA as service, but unable to see it work via browser. No error message than, timed out error!
Any help would be highly appreciated.
Note: We are new to Google Cloud Platform.
Did you enable the http and https services on your instance ? By default the GCE instance does not allow Http and Https traffic, you have to do it manually.
The Jira configuration for Google Compute Engine can be tricky. You need to make sure that:
The firewall rules under Netowrking allows a connection to Jira HTTP port or the HTTP enables in VM properties
The global Networking rules allow TCP traffic on this port
The virtual network have routes configured
If you use Apache as proxy for Jira (recommended) then make sure Apache is configured to point to the Tomcat port
Your Tomcat is configured
You have enabled port allocation using setcap utility
Your local machine firewall enables the connection (in Red Hat ipconfig is enabled by default and blocks the connections)
As you can see it may be tricky to install Jira on Google Cloud. It may be a good idea to use a deployment service like Deploy4Me to do this quickly and automatically.
I am new to TFS and have been having issues with setting it up to be accessible on the internet.
I have set up TFS 2008 with SSL(HTTPS) on ports 8081, 81, and 17013 etc... for the respective services, on a single server deployment, with basic authentication, with server exposed as a DMZ by my router.
How can I access the TFS server outside my home if the ports are blocked on the network I am on, like those WIFI hotspots or in my company's network.
Please advice.
Cheers.
You can't. You'll need to use a port that isn't blocked. 443 should be a safe bet. If all else fails, and you don't care about moving your default websites (sharepoint, report server, etc) to another port, use 80.
NOTE: make sure you follow the TFS specific directions on MSDN. If you just start changing stuff in IIS Admin you will be very unhappy.