Manage Azure Firewall

This guide walks you through common management tasks for Azure Firewall, including rule configuration, policy updates, and integration with other Azure services.

1. Access the Azure Portal

Navigate to the Azure Portal and locate your firewall resource.

2. Update Firewall Policies

Azure Firewall policies allow you to centrally manage rules. Use the following PowerShell snippet to add a network rule.

Connect-AzAccount
$resourceGroup = "MyResourceGroup"
$firewallName   = "myFW"
$policyName     = "myPolicy"

$ruleCollection = New-AzFirewallNetworkRuleCollection -Name "AllowWeb" -Priority 100 -Action Allow -Rule @(New-AzFirewallNetworkRule -Name "AllowHTTP" -Protocol TCP -SourceAddress "*" -DestinationAddress "*" -DestinationPort 80)

Set-AzFirewallPolicy -ResourceGroupName $resourceGroup -Name $policyName -NetworkRuleCollection $ruleCollection

3. Configure Application Rules

Application rules control outbound HTTP/S traffic.

az network firewall policy rule-collection-group create \
    --resource-group $resourceGroup \
    --policy-name $policyName \
    --name "AppRuleGroup" \
    --priority 200

az network firewall policy rule-collection-group rule-collection create \
    --resource-group $resourceGroup \
    --policy-name $policyName \
    --rcg-name "AppRuleGroup" \
    --collection-name "AllowWebApps" \
    --collection-type "ApplicationRuleCollection" \
    --priority 100 \
    --action "Allow"

az network firewall policy rule-collection-group rule-collection rule create \
    --resource-group $resourceGroup \
    --policy-name $policyName \
    --rcg-name "AppRuleGroup" \
    --collection-name "AllowWebApps" \
    --name "AllowOffice365" \
    --protocols "Http=80" "Https=443" \
    --target-fqdns "outlook.office365.com" "login.microsoftonline.com"

4. Monitoring & Alerts

Enable diagnostics and set up alerts for suspicious activity.

Setting	Value
Diagnostic logs	Enabled (Log Analytics workspace)
Metric alerts	High throughput, Dropped packets
Log retention	30 days

Configure Monitoring

5. Delete a Firewall (Caution)

Use the Azure CLI to remove a firewall when it is no longer required.

az network firewall delete \
    --resource-group $resourceGroup \
    --name $firewallName

Note: Deleting a firewall is irreversible. Ensure all traffic is rerouted before deletion.