Azure Firewall is a firewall-as-a-service offering from Microsoft Azure. It is a managed, cloud-based security solution that protects the workloads we have deployed in Azure virtual networks. Azure Firewall offers built-in high availability and scalability. Using Azure Firewall, we can create, enforce, and manage network policies across virtual networks and subscriptions. You might wonder why you need Azure Firewall when you have network security groups. The main difference is that NSG operates at layers 3 and 4 of the OSI layer; on the other hand, Azure Firewall works at layers 7 and 4. NSG is more of a traditional firewall, while Azure Firewall offers several features other than NSG.
Azure Firewall requires a dedicated subnet in your virtual network named Azure Firewall to deploy the firewall. A static public IP address will be assigned to the firewall, and all traffic will be routed via the firewall after evaluating the enforced rules. The Azure Firewall service is completely integrated with the Azure Monitor, which can be used for auditing, logging, and analytics.
The following are the features of Azure Firewall:
- High-availability: Azure Firewall provides built-in high availability, which means you don’t have to deploy any additional infrastructure to the main high availability.
- Zone redundant: During deployment, you can span the firewall across availability zones to make the solution zone redundant.
- Scalability: Based on the traffic, Azure Firewall will scale in an unrestricted manner. This means you don’t have to set up any scaling solutions.
- Filtering rules: Rules can be created or enforced based on FQDN and network parameters such as source IP address, destination IP address, protocol, and port.
- Threat intelligence: Traffic from/to malicious domains/IP addresses will be blocked by the firewall using threat intelligence. Threat intelligence feeds are managed by Microsoft.
- Multiple public IP addresses: Up to 100 public IP addresses can be associated with the Azure Firewall.
In the aforementioned list, you can see that Azure Firewall supports FQDN-based and IP-based filtering rules. Now, let’s take a closer look at the different set of rules available in Azure Firewall for filtering the network traffic.
Azure Firewall Rules
In traditional firewalls that we had on-premises, we used to define rules for controlling the incoming and outgoing traffic from our infrastructure. Similarly, in Azure Firewall, we are using rules to filter and control the flow of traffic. Basically, there are three types of rules that you can set up in Azure Firewall. The default action set on the firewall is to block all the traffic, so if you have not created any rules, the firewall will block all incoming traffic. Let’s explore the types of rules you can configure on the firewall.
Leave a Reply