Create a Post
Showing results for 
Search instead for 
Did you mean: 

Azure Default Outbound Access Retirement: Potential Implications for CloudGuard deployments


Maybe late, but I was recently made aware of Azure's default outbound access is set to retire on September 30, 2025. Thanks to my colleague Andre Tobers.
Azure's default outbound access assigns a public IP to virtual machines (VMs) without explicit outbound connectivity configured.

This made me think:

  • All Check Point CloudGuard Azure users might not be aware that even without an explicit outbound connectivity configured, their CloudGuard deployment could have outbound internet access by way of Default Outbound Access.
  • And they could rely on the Default Outbound Access feature for required outbound access to Updates and Threat Intelligence.

This article summarizes the transition to explicit outbound connectivity and how Azure Default Outbound Access Retirement could affect the use of Check Point CloudGuard network security.

Default Outbound Access Retirement

Key Points:

  • Implicit IP Assignment: Azure currently provides a default outbound public IP for VMs without explicit outbound configurations.
  • Issues: Dependence on these implicit IPs can impact the stability of your applications. They can lead to security risks, IP address changes and on September 30, 2025, total loss of internet access.

Recommended explicit outbound connectivity:

  1. NAT Gateway: Associate a NAT gateway with your subnet to maintain stable and secure outbound connectivity.
  2. Public IP Association: Explicitly associate public IP addresses to VM network interfaces.
  3. Load Balancer: Use standard load balancers with outbound rules to define explicit outbound paths.


Check Point CloudGuard Integration

Check Point CloudGuard offers robust network security, which can be effectively integrated with Azure's explicit outbound connectivity methods.

Default Outbound Access Retirement: Potential Implications for Check Point CloudGuard deployments:

Check Point CloudGuard network security gateways and management are generally deployed with Public IP Association in Azure for outbound use cases and access to updates and Threat Intelligence. These are not impacted.

Verify that one of the Recommended explicit outbound connectivity options are used for your Check Point CloudGuard network security gateways and management that are deployed in Azure

  • If yes, you are not impacted.
  • If no, you might be impacted:
    • Do you require outbound access, Ie. to updates and Threat Intelligence.
      • Add an explicit outbound connectivity method. Refer to the link below
    • You do NOT require outbound access
      • Refer to the link below for ways to turn off default outbound access.


The retirement of default outbound access in Azure necessitates a shift to explicit connectivity methods. By leveraging NAT gateways, load balancers, and private subnets, organizations can enhance security and stability. Integrating these methods with Check Point CloudGuard ensures robust, scalable network security tailored for modern cloud environments.

For more detailed information, visit Azure Default Outbound Access.


CloudGuard Network Security benefits:

  • Unmatched Cloud Network Security: CloudGuard Network Security allows organizations to deploy the same tried and tested Check Point next-generation firewall across clouds and non-cloud deployments.
  • Cloud agnostic: No need to learn each individual cloud provider’s unique firewalling capabilities and attempt to correlate all of the logs/events/threats in a 3rd location.
  • Scalable and easy to deploy with a policy that adapts: Seamlessly scale security measures and apply consistent security (FW and Threat Prevention) policies across clouds and non-cloud deployments.
  • Full visibility and control: Organizations can have a single location to review traffic logs, security events, and threat indicators across clouds and non-cloud deployments.
0 Replies


Epsum factorial non deposit quid pro quo hic escorol.