Azure Firewall
Azure Firewall is a cloud-native and intelligent network security service that protects your virtual network resources. It's a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
Key Features
- Built-in High Availability and Scalability: Azure Firewall is a managed service that automatically scales to meet your network traffic demands.
- Stateful Firewall as a Service: It inspects network traffic at the network layer (Layer 3) and the application layer (Layer 4), providing advanced threat protection.
- Threat Intelligence-based Filtering: Azure Firewall can be configured to allow or deny traffic based on malicious IP addresses, domains, and FQDNs.
- Centralized Policy Management: Define, share, and enforce network security policies across subscriptions and virtual networks from a central management point.
- Network and Application Rule Processing: Supports both Network rules (for IP addresses, ports, and protocols) and Application rules (for FQDNs and HTTP/S).
- TLS Inspection: Decrypts, processes, and re-encrypts TLS/SSL traffic to inspect outbound traffic for threats.
How Azure Firewall Works
Azure Firewall is deployed in a specific virtual network (VNet) subnet called AzureFirewallSubnet. All traffic from your other VNets and on-premises networks destined for the internet, or for other VNets, can be routed through Azure Firewall by configuring User Defined Routes (UDRs).
Use Cases
- Protecting Azure virtual networks with a managed firewall service.
- Centralizing network security policy enforcement for hybrid cloud environments.
- Securing communication between different virtual networks.
- Enforcing outbound internet access policies.
Getting Started
To start using Azure Firewall, you need to deploy an instance in your Azure subscription. You can do this through the Azure portal, Azure CLI, PowerShell, or ARM templates.
Deploying with the Azure Portal
- Navigate to the Azure portal.
- Search for "Firewall" and select "Azure Firewall".
- Click "Create" to start the deployment process.
- Configure the required settings such as subscription, resource group, region, name, and SKU.
- You will need to create or select a virtual network and a subnet named
AzureFirewallSubnet. - Review and create the firewall.
For more detailed deployment instructions, refer to the official Azure Firewall documentation:
Deploy and configure Azure Firewall
Pricing
Azure Firewall is a managed service with pricing based on throughput, policy, and network rules processed. For the latest pricing information, please visit the Azure Firewall pricing page.
Consider using Azure Firewall Manager for more advanced scenarios like deploying firewalls in multiple regions and managing them centrally.
Remember to configure User Defined Routes (UDRs) to route traffic through your Azure Firewall instance.