While reading through our Azure Firewall documentation to learn some more specifics, I asked myself about rule logic order. While Azure Firewall rule logic is well documented here. I wanted to take a quick opportunity to visualize how the rule processing order works and incorporate a few learnings as well to reinforce these concepts.
The following deck can be downloaded here:
Over the next few days I plan to see if I can leverage Azure Firewall - IP Groups via Terraform in a Azure DevOps pipeline. Imagine a flat 3-tier subnet that are placing all the VMs generated in one of those 3 areas WEB, APP, and DATABASE. Imagine if you have further logical segmentation but do not want to use subnets to further carve to IPs being lost to broadcast, dhcp and other services those first 4 private ips in subnet.
The idea here being that when someone wants a VM generated they tag the VM with a label. During the DevOps process an agent finds the next private ip in subnet and assigns the value as a static private ip to VM Nic and puts the private ip into a IP Group based on that label. It should allow a logical extension and segmentation of sorts from IP Groups in Azure Firewall to the deployment process.