Microsoft Docs

What is Azure Firewall?

Azure Firewall is a network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log security policies across your subscriptions and virtual networks.

Azure Firewall enables you to:

• Define and enforce networkwide policies: Control traffic flow between virtual networks and subnets.
• Inspect traffic at scale: Use familiar firewall management from Palo Alto Networks, Check Point, and Cisco.
• Gain rich visibility: Log network traffic for auditing and compliance.

Key Features

Azure Firewall offers a robust set of features to secure your cloud workloads:

Network and Application Rule Collections

Azure Firewall allows you to define both network and application rules to control traffic. Network rules are based on IP address, port, and protocol, while application rules use fully qualified domain names (FQDNs) and allow you to control access to specific web applications. This provides granular control over both North-South and East-West traffic.

Threat Intelligence-Based Filtering

Integrate with Azure Firewall Threat Intelligence feeds to block traffic to and from known malicious IP addresses, domains, and URLs. This helps protect your resources from common threats and phishing attacks.

Centralized Logging and Monitoring

Azure Firewall integrates with Azure Monitor, Azure Sentinel, and other security information and event management (SIEM) tools. You can collect and analyze firewall logs to gain insights into network traffic patterns, identify potential security incidents, and perform forensic analysis.

High Availability and Scalability

Azure Firewall is designed for high availability and scalability. It automatically scales based on traffic volume and provides built-in redundancy. You can deploy Azure Firewall in multiple availability zones for enhanced resilience.

Azure Firewall Manager

For organizations managing multiple Azure Firewall deployments, Azure Firewall Manager provides a centralized hub to manage security policies and routing configurations across your virtual networks. This simplifies governance and ensures consistent security posture.

Deployment Scenarios

Azure Firewall can be deployed in various scenarios to secure different network architectures:

Hub-and-Spoke Architectures

In a hub-and-spoke network topology, Azure Firewall is typically deployed in the central hub virtual network. It inspects and filters traffic flowing between spokes and to/from the internet, ensuring a single point of control for security policies.

Securing Workloads

Deploy Azure Firewall to protect virtual machines, containers, and other Azure services within your virtual networks. Apply rules to control inbound and outbound traffic, preventing unauthorized access and malicious activity.

Hybrid Cloud Connectivity

When connecting your on-premises network to Azure via VPN or ExpressRoute, Azure Firewall can act as the gateway, inspecting and filtering traffic between your hybrid environments.

Getting Started

You can deploy Azure Firewall through the Azure portal, Azure PowerShell, Azure CLI, or ARM templates. Here's a brief overview of the steps involved:

1. Create a Virtual Network: Ensure you have a virtual network with at least one subnet dedicated for Azure Firewall.
2. Deploy Azure Firewall: Use the Azure portal or your preferred deployment method to create an Azure Firewall instance.
3. Configure Network and Application Rules: Define rulesets to allow or deny traffic based on your security requirements.
4. Route Traffic: Configure user-defined routes (UDRs) to direct network traffic through the Azure Firewall.