Azure Firewall
- Azure Firewall is a managed cliud based network security service that protects our Azure Virtual Network Resources
- We can centrally create, enforce and log application and network connectivity policies across subscriptions and virtual networks
- Azure Firewall uses a static public ip address for your virtual network resources allowing outside firewalls to identify the traffic orginationg from your virtual network
- Azure firewall features
- Built-in high availability
- Application FQDN Filtering rules
- Network traffic Filtering Rules
- Threat intelligence
- Azure Monitor logging
- Multiple public ipaddresses
- Azure firewall gives us total control over our n/w traffic.
Creating Azure Firewall
- Create a virtual network with the folowing subnets and the vnet address space is 192.168.0.0/16
- Subnet: Web 192.168.0.0/24
- Subnet: App 192.168.1.0/24
- Subnet: Db 192.168.2.0/24
- Gateway Subnet: 192.168.3.0/24
- Now Add a new subnet and the name of the subnet is AzureFirewallSubnet
- address space 192.168.3.0/24
- address space 192.168.3.0/24
- Now lets create a Azure Firewall
- Azure firewall uses a set of rules to control outbound traffic, We can either block everything by default and allow only whitelisted traffic or We can allow everything and block only blacklisted traffic.
- When vms or resources in vnet wants to connect to the internet/other network locations the traffic should be forwarded to the Azure firewall
- So to do this we need to understanding routing in Azure. All these days we have never tried to use routing in Azure as we have used the default routes in Azure
- So to understand firewall policies and whitelisting/blacklisting n/w traffic we need to understand routing.
- In the next session lets understand routing in Azure
