Azure Firewall: Introduction

Last updated:

Azure Firewall Networking Security Introduction

Azure Firewall is a cloud-native, intelligent network firewall security service that protects your virtual network resources. It's a fully stateful, managed firewall as a service that provides central control and threat intelligence.

Key Features and Benefits

Azure Firewall offers a range of features designed to enhance your cloud security posture:

  • High Availability and Scalability: Built-in high availability and seamless scalability to meet your business needs without additional configuration.
  • Threat Intelligence-Based Filtering: Protect your network from known exploits and vulnerabilities by leveraging Microsoft's threat intelligence feed.
  • Network and Application Rule Processing: Control traffic flow based on IP addresses, ports, protocols, and FQDNs (Fully Qualified Domain Names).
  • Centrally Managed: Define, manage, and log firewall policies across your subscriptions and resource groups from a central location.
  • Integration with Azure Ecosystem: Seamlessly integrates with other Azure services like Azure Virtual WAN, Azure Private Link, and Azure Security Center.

How Azure Firewall Works

Azure Firewall operates at the network layer (Layer 3) and transport layer (Layer 4) and at the application layer (Layer 7) as a Platform as a Service (PaaS) that works as two instances deployed across your Zone Redundancy. It can filter and inspect outbound and inbound traffic at a massive scale.

When you deploy Azure Firewall, it's associated with an Azure Virtual Network (VNet). You can then configure routing to direct network traffic through the firewall. This allows you to enforce consistent security policies across your entire Azure environment.

Use Cases

Azure Firewall is ideal for a variety of scenarios:

  • Securing Cloud Workloads: Protect your Azure virtual machines, containers, and other resources from threats.
  • Hub-and-Spoke Architectures: Centralize network security and management in a hub VNet, with spoke VNets connecting to it.
  • Branch Office Connectivity: Secure traffic between your on-premises network and your Azure VNet.
  • Application-Level Filtering: Granularly control access to specific applications and services based on FQDNs.

Getting Started

To start using Azure Firewall, you'll need to:

  1. Create an Azure Firewall resource.
  2. Deploy it into a dedicated subnet within your Azure VNet.
  3. Configure network and application rules to control traffic.
  4. Update your VNet's route tables to direct traffic through the firewall.

You can manage Azure Firewall through the Azure portal, Azure CLI, PowerShell, or ARM templates.

For detailed guidance and configuration steps, please refer to the official Azure Firewall documentation.

Related Articles