Azure Networking Firewalls

Introduction to Azure Firewall

Azure Firewall is a cloud-native network security service that protects your virtual network resources. It's a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Azure Firewall can be used to:

• Filter network traffic to and from Azure resources.
• Filter network traffic to and from on-premises resources.
• Securely publish applications hosted in Azure to the internet.

Key Features

Azure Firewall offers a comprehensive set of features for modern network security:

• Stateful Inspection: Tracks the state of active network connections and uses this context to relate incoming traffic to outgoing traffic.
• Network Rule Collections: Allows you to define rules based on IP addresses, ports, and protocols (TCP, UDP, ICMP).
• Application Rule Collections: Enables FQDN (Fully Qualified Domain Name) filtering for web traffic (HTTP/S) and other protocols.
• Threat Intelligence-Based Filtering: Integrates with Microsoft Threat Intelligence feeds to block known malicious IPs and domains.
• Centralized Logging and Monitoring: Provides detailed logs for traffic flows, rule matches, and network activity, integrating with Azure Monitor.
• High Availability and Scalability: Built-in redundancy and automatic scaling ensure continuous protection.
• Private IP Address Support: Can inspect and filter traffic using private IP addresses.
• SNAT Support: Automatically SNATs outbound traffic from your virtual network to Azure public IPs, simplifying firewall rules.

Deployment Options

Azure Firewall can be deployed in various scenarios:

• Hub-Spoke Network Topology: The most common deployment for centralizing network security. Azure Firewall is placed in a hub VNet and routes traffic from spoke VNets through it.
• On-Premises Connectivity: Azure Firewall can be configured to inspect traffic flowing between your on-premises network and Azure.
• Application Gateway Integration: Azure Firewall can work in conjunction with Azure Application Gateway for more granular Layer 7 filtering.

Management and Monitoring

Managing and monitoring Azure Firewall is facilitated through:

• Azure Portal: The graphical interface for configuring firewall policies, rules, and viewing metrics.
• Azure PowerShell/CLI: For programmatic management and automation of firewall configurations.
• Azure Monitor: Collects and analyzes telemetry data, providing insights into firewall performance and security events.
• Azure Firewall Manager: A centralized management service that allows you to manage multiple Azure Firewall deployments at scale.

    # Example: Deploying Azure Firewall using Azure CLI
    az network firewall create \
        --name MyFirewall \
        --resource-group MyResourceGroup \
        --location eastus \
        --public-ip-address MyFirewallPublicIP \
        --vnet-name MyVNet
                

Best Practices

• Segregate Firewall Subnet: Always use a dedicated subnet for Azure Firewall (AzureFirewallSubnet).
• Utilize Threat Intelligence: Enable threat intelligence-based filtering to block known malicious IPs and domains automatically.
• Leverage Hierarchy: Implement a tiered rule structure with Network and Application rules for clarity and management.
• Centralize Logging: Configure diagnostic settings to send logs to a Log Analytics workspace for comprehensive analysis.
• Regularly Review Rules: Periodically review your firewall rules to ensure they align with current security policies and operational needs.
• Consider Azure Firewall Manager: For managing multiple firewalls, Azure Firewall Manager simplifies policy distribution and updates.