Azure Firewall Manager
Azure Firewall Manager (AFM) is a security management service that allows you to centrally manage and orchestrate your network security policies and configurations across your Azure and hybrid environments.
What is Azure Firewall Manager?
Azure Firewall Manager simplifies the deployment and management of Azure Firewall and Azure Virtual WAN firewall capabilities. It provides a unified console to define and apply security policies, ensuring consistent security posture across your organization.
Key Features
- Centralized Policy Management: Define and manage network security rules, application rules, and NAT rules from a single location.
- Hierarchical Policy Enforcement: Apply policies at different levels, from hub virtual networks in Azure Virtual WAN to secured virtual hubs and spoke networks.
- Global Threat Intelligence: Integrate with Azure Firewall's threat intelligence-based filtering to detect and block malicious traffic.
- Integration with Azure Virtual WAN: Seamlessly manage firewalls deployed within Azure Virtual WAN hubs for comprehensive network security.
- Automated Deployment: Automate the deployment and configuration of Azure Firewall instances.
- Logging and Monitoring: Gain visibility into traffic flows and security events through integrated logging and monitoring solutions.
Azure Firewall Manager Architecture
Azure Firewall Manager works by providing a management plane that orchestrates Azure Firewall instances deployed in two primary scenarios:
- Secured Virtual Hubs: Azure Firewall deployed in a Virtual WAN hub, acting as a central point of inspection for traffic traversing between spoke networks, on-premises networks, and the internet.
- Azure Firewall in a Hub-Spoke Topology: Azure Firewall deployed in a central hub virtual network, with spoke virtual networks routing traffic through it for inspection.
With Firewall Manager, you create security policies that can be associated with these hubs, defining what traffic is allowed or denied.
Use Cases
- Securing workloads deployed in Azure across multiple regions and subscriptions.
- Enforcing consistent security policies for hybrid cloud environments.
- Providing centralized firewall management for Azure Virtual WAN deployments.
- Simplifying compliance requirements by centrally managing firewall rules.
Getting Started
To begin using Azure Firewall Manager:
- Create a Firewall Policy: Define your security rules (network, application, NAT) in a Firewall Policy resource.
- Deploy a Secured Virtual Hub or Azure Firewall: Deploy an Azure Firewall instance in a Virtual WAN hub or a dedicated hub VNet.
- Associate Policy: Link your Firewall Policy to the deployed firewall.
- Configure Routing: Update route tables to direct traffic through the firewall for inspection.
Important Considerations
Ensure you have a clear understanding of your network traffic flow and security requirements before defining your Firewall Policies. Proper routing configuration is crucial for traffic to be inspected by Azure Firewall.