In this blog, we'll learn about Azure Firewall. Azure Firewall is a cloud-native, intelligent network firewall security service that offers best-in-class threat prevention for your Azure workloads.
It's a stateful firewall as a service with high availability and unconstrained cloud scalability built in. It can inspect both east-west and north-south traffic.
Both standard and premium versions of Azure Firewall are available.
Azure Firewall Premium is a premium version of Azure Firewall that delivers advanced threat protection for extremely sensitive and regulated areas like the financial and healthcare industries.
Premium stock-keeping unit (SKU) features like IDPS and TLS inspection can help organisations prevent malware and viruses from propagating in both lateral and horizontal orientations. Azure Firewall Premium uses a more powerful virtual machine SKU to satisfy the additional performance demands of IDPS and TLS inspection. The Premium SKU, like the Standard SKU, can expand up to 30 Gbps and interface with availability zones to achieve a 99.99 percent service level agreement (SLA). The Premium SKU meets the PCI DSS (Payment Card Industry Data Security Standard) environment requirements.
Following features are included in the Premium Azure Firewall:
- TLS inspection: It decrypts outbound traffic, analyses the contents, and then encrypts and transmits the data to its destination.
- IDPS: An intrusion detection and prevention system (IDPS) monitors network traffic for malicious activity, logs information about it, reports it, and, if necessary, tries to block it.
- URL filtering: It expands Azure Firewall's FQDN filtering to include the entirety of a URL. Instead of www.contoso.com, use www.contoso.com/a/c.
- Web categories: Administrators can grant or ban user access to specific website categories, such as gambling sites, social media sites, and so on.
Azure Firewall Standard is a cloud-based network security service that secures your Azure Virtual Network resources and is maintained by Microsoft.
Following features are included in the Premium Azure Firewall:
- Built-in high availability
- Availability Zones
- Unrestricted cloud scalability
- Application FQDN filtering rules
- Network traffic filtering rules
- FQDN tags
- Service tags
- Threat intelligence
- DNS proxy
- Custom DNS
- FQDN in network rules
- Deployment without public IP address in Forced Tunnel Mode
- Outbound SNAT support
A role instance is a virtual machine in which application code is executed using running role configurations. According to the definition in the cloud service configuration files, a role can have many instances.
The Azure Diagnostics API allows us to collect diagnostic data from Azure-based apps such as performance monitoring, system event logs, and so on. Azure Diagnostics must be enabled for cloud service roles in order to monitor data verbosely. The diagnostics information can be utilised to create visual chart representations for enhanced monitoring and performance metric alerts.
The resource manager is a management layer that allows developers to create, change, and delete resources in an Azure subscription account. When we have requirements like managing access restrictions, locks, guaranteeing the security of resources post-deployment, and organising such resources, this capability comes in helpful.
NSG stands for Network Security Group, and it consists of a set of ACL (Access Control List) rules that allow or deny network traffic to subnets, NICs (Network Interface Cards), or both. When NSG is attached to a subnet, all Virtual Machines in that subnet are subject to the ACL rules.
The Azure storage key is used for authentication and validating access to the Azure storage service in order to manage data access based on project needs.
Cheers if you reached here!!
In this article, we have learnt about the Azure Firewall.
Refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Data Structures and Algorithms, Competitive Programming, JavaScript, System Design, and many more! If you want to test your competency in coding, you may check out the mock test series and participate in the contests hosted on Coding Ninjas Studio! But if you have just started your learning process and are looking for questions asked by tech giants like Amazon, Microsoft, Uber, etc; you must look at the problems, interview experiences, and interview bundle for placement preparations.
Nevertheless, you may consider our paid courses to give your career an edge over others!
Do upvote our blogs if you find them helpful and engaging!
Happy Learning!
84+ registered 378+ registered 71+ registered 84+ registered 378+ registered 
