2023¶

November 22, 2023
in troubleshooting
6 min read

Azure VM Agent and Extension Logs

This is a collection of links and file locations used to troubleshoot various Azure VM extensions or agents. Mainly done so I don't have to google it everytime

Azure virtual machine extensions and features

October 26, 2023
in how-to
7 min read

Deploy Qualys Cloud Agent with Azure Policy

Qualys Cloud Agent is available as an Azure VM extension¹. This makes mass-deployment of the agent with Azure Policy very enjoyable. This post will go through the components of the DeployIfNotExists policy, remediation and troubleshooting.

Github Repo Link

July 10, 2023
in troubleshooting
5 min read

Troubleshooting failed IP group that causes an AzureFirewall to fail

This is the documentation of a problem I encountered at work today, where updating an IP Group failed and caused the AzureFirewall policy associated with the IP Group to go into a 'Failed' state as well.

In my recent case, this happened in a parent/child policy setup. Traffic was still forwarded correctly by the AzureFirewall.

Update Oct. 2023

This procedure also worked in cases where the parent policy (and one AzFW) failed without any ip group failures.

General procedure:

Disconnect child from failed parent policy
PUT operation to get the parent policy in 'Succeeded' state
(optional, if needed) PUT operation to get the AzFW in 'Succeeded' state
If everyhting is in 'Succeeded' state, attach child to parent policy again

July 7, 2023
in lab
3 min read

Azure Policy Guest Configuration for Linux - Part 2

Continuation of the first part of this series. The Guest Configuration Package is now ready to be tested and deployed!

July 4, 2023
in lab
5 min read

Azure Policy Guest Configuration for Linux - Part 1

I'm currently checking out Azure Policy Guest Configuration for Linux VMs and will note down my progress made here. The whole process took me a while to understand, also I haven't used DSC before. Learning on the fly!

Objectives

Audit that a user is present on the system
Audit that a file with specific content is present in a specific path
Audit that a service is running
Continuous remediation of non-compliant systems

July 4, 2023
in lab
8 min read

Zscaler Tunnels on Azure - Part 2 - Linux IPSec

In my last post, I created a IPSec tunnel to Zscaler using Azure VPN Gateway. Unfortunately, this setup does not work in a Virtual WAN environment, because spoke Vnets can't have Vnet gateways. Using VWAN VPN Gateways would make the VPN tunnel a branch, which is not what we need (I also want to avoid routing Public IPs internally).

Another option would be to use the Linux server to do the DNAT and IPSec tunnel, so this is what we will explore here.

July 4, 2023
in lab
7 min read

Zscaler Tunnels on Azure - Part 1 - VPN Gateway

This post will look at how to build IPSec tunnels to Zscaler on Azure with Azure VPN Gateway. The complete Lab setup including notes is available here as bicep files with additional notes and outputs.

The target setup should provide the options to forward traffic to the Zscaler tunnels in a default route and non-default route environment.