Blog Post

Azure Networking Blog
4 MIN READ

Announcing Azure Firewall Upgrade/Downgrade General Availability

elazulai's avatar
elazulai
Icon for Microsoft rankMicrosoft
Jun 14, 2023

We're excited to see Azure Firewall's growing popularity and the positive feedback we are getting from the market. That's why we're pleased to let you know that Azure firewall Standard and Premium now support an easy upgrade and downgrade operation, which is now generally available.

Azure Firewall is a cloud-native firewall as a service offering that enables customers to centrally govern and log all their traffic flows using a DevOps approach. The service supports both application and network-level filtering rules and is integrated with the Microsoft Defender Threat Intelligence feed to filter known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto-scaling.

Why should you upgrade your Firewall Standard? Because Azure Firewall Premium has several additional features compared to Azure Firewall Standard. Some of these features include URL filtering, intrusion detection and prevention, TLS inspection and more comprehensive threat intelligence capabilities. This makes Azure Firewall Premium SKU more suitable for organizations with more complex network architectures, regulatory compliance and security requirements.

In this blog post, we'll explore what this new feature is, how it works, and the benefits it provides.

What is Firewall Upgrade/Downgrade capability?

Azure Firewall Upgrade/Downgrade is a new capability that simplifies the process of upgrading your Azure Firewall Standard to the Premium SKU and downgrading your Azure Firewall Premium to Standard SKU. This feature allows you to upgrade your firewall without service downtime, with a single click of a button. The new capability enhance the existing migration procedure and eliminate the need for manual operations which are prone to errors.

In the upgrade process, users can select the policy to be attached to the upgraded Premium SKU, either by using an existing Premium Policy or by utilizing their existing Standard Policy. Customers can utilize their existing Standard policy and let the system automatically duplicate, upgrade to Premium Policy, and attach it to the newly created Premium Firewall.

Upgrading a firewall can be a time-consuming and complex process, especially in large and complex environments. It requires careful planning, testing, and execution to ensure that the upgrade process goes smoothly and does not cause any disruptions to the network.The new upgrade feature in Azure Firewall simplifies the upgrade process by reducing the effort and time required to upgrade the firewall. Instead of having to go through a lengthy and complex process, administrators can now upgrade the firewall with just a single click of a button.

This means that administrators can spend less time planning and executing upgrades, and more time focusing on other important tasks such as improving network security and performance. Additionally, the reduced time and effort required for upgrades can result in cost savings for organizations, as administrators can allocate their time and resources to other important tasks.

Furthermore, the new upgrade feature also ensures that during the upgrade/downgrade process, the firewall is always up and running and service downtime is not expected. This means that organizations can reduce the risk of cyber-attacks and other security incidents that may occur during Azure Firewall service downtime.

How Does It Work?

The feature simplifies the upgrade/downgrade process by automating the entire process. It automatically upgrades all Azure firewall instances, one after the other. It also ensures that the upgrade process does not impact your network traffic, ensuring business continuity. It allows you to automatically upgrade your standard policy to a premium so it will match your upgraded Premium SKU.

To use the upgrade/downgrade feature, you can follow these simple steps:

  1. Navigate to the Azure Firewall resource in the Azure portal.
  2. In the overview section, click on the "Change SKU" button.
  3. Select the SKU type you wish to upgrade/downgrade your existing firewall to.
  4. Select the Firewall policy you wish to attach to your upgraded/downgraded firewall.
  5. Click Upgrade button and Azure Firewall will automatically upgrade to the Premium SKU.

 

Before beginning the upgrade or downgrade process, it's important to think through the performance considerations of your solution. The process itself usually takes a few minutes and can be tracked via the Azure portal notification bar. Once the operation is complete, users will receive a notification that it has finished.

Benefits of Upgrade/Downgrade capability

The new Upgrade/Downgrade capability provides several benefits, including:

  1. Simplified process: With just one click of a button, you can upgrade both your firewall and your policy to Premium, eliminating the need for manual operation.
  2. Ease of Use: The new capability is available through the Azure portal as well as via REST API, PowerShell, and Terraform.
  3. Improved security: Upgrading to the Premium SKU ensures that your firewall is up to date with the latest security features and patches.
  4. Reduced downtime: The upgrade process is seamless and does not impact network traffic, ensuring business continuity.
  5. Time-saving: Adminstrators and SoC personal save time by automating the entire upgrade/downgrade process.

Conclusion

Azure Firewall Upgrade/Downgrade feature is an excellent addition to the Azure Firewall capabilities. It simplifies the upgrade process, improves security, reduces downtime, and saves time. With this new feature, upgrading the Azure Firewall is now more straightforward and hassle-free than ever before. It helps organizations save operational expenses by reducing the time and effort required for upgrades and downgrades. We hope that this blog post has provided you with valuable insights into this new capability in Azure Firewall.

Learn more

 

 

 

 

 

 

 

 

Updated Jun 28, 2023
Version 2.0
  • denisdm91's avatar
    denisdm91
    Copper Contributor

    is it possible to upgrade the basic sku of the firewall?

  • elazulai would love to see also an upgrade from basic as this is where customers start and now left in the dark. Already had 3 where we had to abandon the azure firewall as lac of flexibility and scaling. Also make a copy of the FW policy and deploy this as second or to other as template in the vwan. That is far from customer friendly, I understand it all looks like basic stuff and implementing takes time, but now starting with basic for cost then in production need to rebuild well lets pick what we have on prem and use that brand.