Azure Firewall with Virtual WAN
Azure Firewall is a cloud-native and intelligent network security service that protects your virtual network resources. Azure Firewall Manager provides centralized security policy and route management for Virtual WAN hubs and secured Virtual Hubs.
Overview
Azure Firewall in a Virtual WAN hub provides a centrally managed network security and routing service. It enables you to secure traffic from branch offices and remote users connected to Virtual WAN. By integrating Azure Firewall into your Virtual WAN hub, you can enforce security policies, inspect traffic, and control access to your Azure and on-premises resources.
Key Benefit: Centralized security and unified management for all your network traffic through a single pane of glass.
Key Features
- Centralized Policy Management: Define and manage security policies (network rules, application rules, NAT rules) from a central location using Azure Firewall Manager.
- Traffic Inspection: Inspect inbound and outbound traffic to and from your Virtual WAN connected networks.
- Threat Intelligence: Leverage Microsoft's threat intelligence feeds to identify and block malicious traffic.
- Hub-to-Hub and Hub-to-Spoke Traffic Filtering: Apply security policies to traffic flowing between different spokes or between spokes and the internet.
- Integration with Azure Firewall Manager: Seamless integration for deploying and managing Azure Firewall instances within Virtual WAN hubs.
Integration Scenarios
Azure Firewall can be deployed in a Virtual WAN hub to protect various network topologies:
1. Hub-and-Spoke with Firewall Inspection
In a traditional hub-and-spoke topology, you can deploy Azure Firewall in the central Virtual WAN hub. All traffic from spokes that needs to reach other spokes, on-premises networks, or the internet passes through the firewall, allowing for centralized security control.
2. Site-to-Site VPN and ExpressRoute Traffic Security
Secure traffic originating from on-premises sites connected via VPN or ExpressRoute by routing it through the Azure Firewall in the Virtual WAN hub before it reaches your Azure resources.
3. Remote User VPN Security
When users connect remotely using Point-to-Site VPN, their traffic can be directed through the Virtual WAN hub and inspected by Azure Firewall, ensuring secure access to corporate resources.
Common Tasks
- Deploy Azure Firewall in a Virtual WAN hub
- Create and manage Firewall Policies
- Configure routing for firewall inspection
Next Steps
Explore the following resources to learn more about implementing Azure Firewall with Virtual WAN: