MSDN Documentation

Introduction to Azure Firewall

Azure Firewall is a cloud-native and intelligent network security service that protects your virtual network resources. It's a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

What is Azure Firewall?

Azure Firewall provides the following key capabilities:

• Network-level security: Control traffic flowing between Azure resources, the internet, and on-premises networks.
• Application-level filtering: Define rules to allow or deny traffic to specific applications and websites based on FQDNs (Fully Qualified Domain Names).
• Threat intelligence-based filtering: Leverage Microsoft's threat intelligence feeds to automatically block malicious IPs and domains.
• Centralized logging and monitoring: Gain visibility into network traffic and security events for auditing and troubleshooting.
• High availability and scalability: Azure Firewall is a managed service, offering built-in redundancy and scaling to meet demand.

Key Concepts

Understanding these core concepts is crucial for effectively using Azure Firewall:

• Firewall Policy: A collection of rules (Network, Application, DNAT) that define how traffic is inspected and managed.
• Network Rules: Control traffic based on IP address, port, and protocol.
• Application Rules: Control HTTP/HTTPS traffic based on FQDN tags and FQDNs.
• DNAT (Destination Network Address Translation) Rules: Used to translate destination IP addresses and ports for inbound traffic.
• SNAT (Source Network Address Translation): Azure Firewall automatically performs SNAT for outbound traffic originating from your virtual network.
• Service Tags: Predefined groups of IP addresses for Azure services, simplifying rule creation.

Use Cases

Azure Firewall is ideal for various scenarios, including:

• Protecting workloads deployed in a central Virtual Hub.
• Securing traffic between different spokes in a hub-spoke network topology.
• Providing a secure way to connect on-premises networks to Azure.
• Enforcing consistent security policies across your Azure environment.

Getting Started

To deploy and configure Azure Firewall, you can use the Azure portal, Azure PowerShell, Azure CLI, or ARM templates. Refer to the deployment section for detailed instructions.

For more advanced features and configuration options, explore the following articles:

• Azure Firewall Features
• Deploying Azure Firewall
• Azure Firewall Policy Management

Azure Firewall is a powerful tool for enhancing the security posture of your cloud deployments. By understanding its capabilities and how to configure it effectively, you can significantly reduce your exposure to network threats.