Azure Firewall Manager Documentation

Azure Firewall Manager is a network security service that provides cloud-native firewall as a service, allowing you to centrally manage and control your Azure Firewall deployments.

Introduction to Azure Firewall Manager

Azure Firewall Manager simplifies the management of firewalls across your entire Azure and hybrid environments. It enables you to define, manage, and monitor firewall policies in a centralized hub, ensuring consistent security posture across your organization.

Key Features:

Centralized Policy Management: Define and manage firewall rules and settings from a single pane of glass.
Global VNet & Hub VNet Support: Deploy and manage Azure Firewall in Hub VNets and secure spoke VNets.
Secured Virtual Hubs: Leverage secured virtual hubs for simplified network architecture and integrated security services.
Azure Firewall Premium: Access advanced threat protection features with Azure Firewall Premium.
Automated Deployment: Integrate with automation tools for seamless deployment and configuration.

Getting Started with Firewall Manager

This section guides you through the initial steps of setting up and configuring Azure Firewall Manager.

Prerequisites:

An Azure subscription.
Appropriate permissions to create and manage network resources.

Steps to Deploy:

Create a Firewall Policy: Navigate to the Azure portal and create a new Firewall Policy. Define rules for network and application traffic.
Create a Secured Virtual Hub: Deploy a Secured Virtual Hub to host your Azure Firewall instance.
Associate Firewall Policy: Link the created Firewall Policy to the Secured Virtual Hub.
Connect VNets: Establish VNet peering or use VPN/ExpressRoute to connect your spoke networks to the Secured Virtual Hub.

Important: Ensure that your network architecture is well-planned to leverage the benefits of centralized management and security.

Managing Firewall Policies

Firewall Manager allows for granular control over your security policies.

Network Rules:

Network rules allow you to permit or deny traffic based on IP addresses, ports, and protocols.

Example of a network rule definition:


{
  "ruleType": "NetworkRule",
  "name": "Allow-HTTP-S-WebServers",
  "protocol": "TCP",
  "sourceAddresses": [ "*" ],
  "destinationAddresses": [ "10.1.0.0/24" ],
  "destinationPorts": [ "80", "443" ],
  "action": "Allow"
}

Application Rules:

Application rules enable you to control HTTP/S traffic based on FQDNs, application identifiers, and other application-layer attributes.

Example of an application rule definition:


{
  "ruleType": "ApplicationRule",
  "name": "Allow-Office365",
  "protocols": [ {"protocolType": "Http", "port": 80}, {"protocolType": "Https", "port": 443} ],
  "sourceAddresses": [ "192.168.1.0/24" ],
  "targetFqdns": [ "*.office365.com" ],
  "terminatedTLSProtocols": [],
  "webCategories": [],
  "action": "Allow"
}

Monitoring and Logging

Monitor your firewall's performance and security events through Azure Monitor and Azure Firewall logs.

Diagnostic Settings: Configure diagnostic settings to send logs to Log Analytics, Storage Accounts, or Event Hubs.
Azure Monitor Metrics: Track key performance indicators like throughput, connections, and rule hits.
Log Analytics Queries: Use Kusto Query Language (KQL) to analyze firewall logs for security incidents and traffic patterns.

Tip: Regularly review your firewall logs to identify and respond to potential threats and policy misconfigurations.

Advanced Features

Azure Firewall Premium

Explore the advanced threat protection features offered by Azure Firewall Premium, including Intrusion Detection and Prevention System (IDPS) and TLS Inspection.

Integration with Other Azure Services

Learn how to integrate Firewall Manager with other Azure services like Azure Sentinel, Azure Policy, and Azure DevOps for enhanced security management and automation.

Troubleshooting Common Issues

Find solutions to frequently encountered problems related to Azure Firewall Manager deployment and configuration.