Azure Firewall is an enterprise-grade, fully managed and cloud-based network security service. It is deployed to secure the incoming and outgoing traffic of content within it and to protect the Azure Virtual Network resources of an organization.
Importance of Azure Firewall
It’s an intelligent system and fully stateful service possessing built-in high and unrestricted scalability and availability, while workloads in the VNet are automatically detected by it.
It shields the resources from malicious traffic and prevents viruses and malware from spreading. With the help of Azure Firewall, outbound traffic is decrypted, necessary security checks are performed and then the traffic is encrypted towards the destination.
It is found on layers 4 and 7 of the Open Systems Interconnection Model (OSI). It’s very simple to issue Azure Firewall. Most importantly, it has NAT rules, network rules and applications rules which need to be configured and set by the users for activating Firewall.
Features of Azure Firewall
Azure Firewall has very high uptime. In its availability zones it has 99.95% availability service level agreement or SLA when deployed within a single zone.
It has unrestricted cloud scalability and can scale up as much as is necessary, to fit in with altering network traffic flows and business needs.
It has threat intelligence-based filtering. This feature when enabled, can alert the users, allow or deny traffic to and from hostile, malicious and problematic IP addresses and domains. The addresses and domains are procured from the Microsoft Threat Intelligence feed, while filtering keeps the network safe.
Acronym for Fully Qualified Domain Names, FQDNs are associated with famed Microsoft services. While An FQDN tag can be used in application rules to permit the essential outbound network traffic through the firewall, it actually helps to filter traffic from qualified domains to travel through.
Multiple public IP addresses
Up to 250 IP addresses can be attached to Azure Firewall. This activates the features of Destination Network Address Translation (DNAT) and Source Network Address Translation (SNAT) in the firewall.
Azure Firewall can be monitored using firewall logs, since it’s snugly fused with Azure Monitor. While some of these logs can be accessed through the portal. They can also be forwarded to Azure Monitor Logs, Storage and Event Hubs. Then the analysis can be done by Azure Monitor Logs, or tools like Power Business Intelligence (BI) and Excel.
Web categories permit administrators to approve or turn down user access to website categories like gaming websites, social media websites, gambling websites and others. The categories are sorted out with respect to severity under Business use, Productivity loss, High-Bandwidth, Liability, General surfing and Uncategorized.
Azure Firewall is compliant with Service Organization Controls (SOC), Payment Card industry (PCI), International Organization for Standardization (ISO), HITRUST and ICSA Labs.
Azure Firewall Premium
This is an upgrade meant for Azure operational conditions with highly sensitive and regulated data. The premium tier includes Transport Layer Security (TLS) inspection, which is a standard cryptographic protocol guaranteeing privacy and data integrity among internet services and customers. It also has Intrusion Detection and Prevention System (IDPS), URL filtering and the capability to screen traffic based on web categories.
In the central US, standard tier costs $ 1.25 per deployment hour, while premium tier costs $0.875 for the same. Data processing price is $0.016 per GB for standard one while premium tier has a price of $0.008 per GB.
In India, the standard tier costs Rs.90.057 per deployment hour, while the premium tier costs Rs.63.040 for it. Data processing price is Rs.1.153 per GB for standard one while premium tier has a price of Rs.0.577 per GB.
That’s a quick overview of Azure Firewall, a strong and sturdy firewall for resources in Azure.