Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
Announcing New Monitoring and Scaling Updates in Azure Firewall
Published Feb 13 2024 10:00 AM 2,752 Views

We are pleased to introduce some new features and improvements for the service today. These features include capabilities that enhance the monitoring and scalability of your Azure Firewall:


  • Flow Trace logs are now generally available.
  • Autoscaling based on the number of connections is now generally available.
  • Parallel IP Group update support is now in public preview.


Azure Firewall is a cloud-native firewall as a service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Threat Intelligence feed to filter known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto-scaling.


Flow Trace logs are now generally available.


Azure Firewall logging provides logs for various traffic—such as network, application, and threat intelligence traffic. Today, these logs show traffic through the firewall in the first attempt at a Transmission Control Protocol (TCP) connection, also known as the SYN packet. However, this fails to show the full journey of the packet in the TCP handshake. The ability to monitor and track every packet through the firewall is paramount for identifying packet drops or asymmetric routes.


As a result, one can verify if a packet has successfully flowed through the firewall or if there is asymmetric routing by viewing the additional TCP handshake logs in Flow Trace. To do so, you can monitor network logs to view the first SYN packet and enable Flow Trace logs to view the rest of the packets for verification:


  • FIN
  • RST


With these additional flags in Flow Trace logs, IT administrators can now see the return packet, if there was a failed connection, or an unrecognized packet. To enable these logs, please visit the Flow Trace documentation.




Figure 1. Flow Trace logs in Log Analytics workspace.



Autoscaling based on the number of connections is now generally available.


We are excited to announce a new enhancement for Azure Firewall, a cloud-native, highly available service with built-in autoscaling. Azure Firewall can now auto-scale based on the number of connections, in addition to throughput and CPU utilization.

This means that Azure Firewall can better adapt to your traffic patterns and auto-scale more accurately and efficiently. To learn more about Azure Firewall and its autoscaling capabilities, please visit the Azure Firewall FAQ documentation


Parallel IP Group update support is now in public preview.


IP Groups is a top-level Azure resource that allows you to group and manage IP addresses in Azure Firewall rules. You can give your IP group a name and create one by entering IP addresses or uploading a file. IP Groups ease your management experience and reduce time spent on managing IP addresses, by allowing you to use group objects across multiple firewalls.


With this product update, you can now update more than one IP Group for Azure Firewall at the same time, instead of sequentially. You can update up to 20 IP Groups that a Firewall Policy refers to in one go. This helps administrators who want to speed up and scale configuration changes, especially when using a dev ops approach (templates, ARM, CLI, and Azure PowerShell).


To learn more about Azure Firewall and its IP Groups feature, please visit the Parallel IP Group updates (Preview) documentation.



Figure 2. Creating a new IP Group. 


Version history
Last update:
‎Feb 13 2024 10:00 AM
Updated by: