Azure Firewall is a cloud-native, managed network security service provided by Microsoft Azure. It acts as a stateful firewall as a service, designed to protect Azure Virtual Network (VNet) resources. It allows you to control both inbound and outbound traffic using defined rules and is fully integrated with Azure Monitor for logging and analytics.
🔥 Key Features of Azure Firewall:
- Stateful inspection: Remembers the state of active connections and uses that to determine whether traffic is allowed.
- High availability: Built-in high availability and auto-scaling.
- Threat intelligence: Uses Microsoft Threat Intelligence feeds to deny traffic from known malicious IPs/domains.
- Application FQDN filtering: Rules based on Fully Qualified Domain Names (FQDNs).
- Integration with Azure services: Works well with Azure Monitor, Sentinel, and other tools.
- Supports hybrid networks: Can inspect traffic between on-prem and cloud via VPN or ExpressRoute.
🛡️ Azure Firewall Rule Types:
Azure Firewall rules are grouped into rule collections, and they can be of the following types:
1. Network Rules
Used for L3/L4 traffic filtering based on:
- Source IP
- Destination IP
- Protocol (TCP/UDP/ICMP)
- Port
📌 Example:
Allow traffic from 10.0.0.0/24 to 192.168.1.1 on TCP port 443.
2. Application Rules
Used for L7 HTTP/S traffic filtering based on:
- FQDN (e.g.,
*.microsoft.com) - HTTP methods
- TLS inspection (if enabled)
📌 Example:
Allow outbound access to www.office365.com over HTTPS.
3. NAT Rules (DNAT)
Used to translate public IP traffic to private IPs behind the firewall.
- Supports inbound traffic redirection.
📌 Example:
Public IP 20.50.10.5:443 → Private IP 10.0.1.5:443
📚 Rule Collection Structure:
Each rule collection has:
- Name
- Priority (lower number = higher priority)
- Action (Allow/Deny/Redirect)
- Rules (the actual rules themselves)