New Blog Post | Announcing New Monitoring and Scaling Updates in Azure Firewall

We are pleased to introduce some new features and improvements for the service today. These features include capabilities that enhance the monitoring and scalability of your Azure Firewall:

 

• Flow Trace logs are now generally available.
• Autoscaling based on the number of connections is now generally available.
• Parallel IP Group update support is now in public preview.

 

Azure Firewall is a cloud-native firewall as a service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Threat Intelligence feed to filter known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto-scaling.

 

Flow Trace logs are now generally available.

 

Azure Firewall logging provides logs for various traffic—such as network, application, and threat intelligence traffic. Today, these logs show traffic through the firewall in the first attempt at a Transmission Control Protocol (TCP) connection, also known as the SYN packet. However, this fails to show the full journey of the packet in the TCP handshake. The ability to monitor and track every packet through the firewall is paramount for identifying packet drops or asymmetric routes.

 

As a result, one can verify if a packet has successfully flowed through the firewall or if there is asymmetric routing by viewing the additional TCP handshake logs in Flow Trace. To do so, you can monitor network logs to view the first SYN packet and enable Flow Trace logs to view the rest of the packets for verification:

 

• SYN-ACK
• FIN
• FIN-ACK
• RST
• INVALID

 

With these additional flags in Flow Trace logs, IT administrators can now see the return packet, if there was a failed connection, or an unrecognized packet. To enable these logs, please visit the Flow Trace documentation.

 

Read the full blog post here: Announcing New Monitoring and Scaling Updates in Azure Firewall - Microsoft Community Hub