currenty I have a vnet with NAT gateway attached. Multiple VM's are connected to the vnet. How can I allows only certain domains (e.g. Domain A, Domain B) and restrict all other internet access to the VM's.
NSG doesn't let to use domain names. I am left with Azure Firewall but it is expensive. Any other recommended way to achieve this?
To restrict internet access to only specific domains within an
Virtual Networkyou can install aproxy serverand route all internet traffic through it.Microsoft Forefront Threat Management Gateway acts as a router, Internet gateway, VPN server, NAT server, and proxy server. making it a versatile solution for network security and
access control.Install Microsoft Forefront TMG
Deploy
TMGwithinVirtual Network. You can install aTMGas avirtual machinewithinAzure VNet.Configure TMG as a Proxy Server
Once TMG is configured, it will act as a
proxy server. This involves setting upTMGto receive and process internet traffic from theVMswithin yourVNetRoute Traffic through TMG
Configure the
network settingsof your VM within the VNet to route all internet traffic through the TMG proxy server. You can do this by updating the network interface settingsorconfiguring routing tables to direct traffic to theTMGinstance.Reference: Install and Configure Forefront Threat Management Gateway (TMG) in Microsoft Azure