New Blog Post | Building a POC for TLS inspection in Azure Firewall

Read the full article here: Building a POC for TLS inspection in Azure Firewall - Microsoft Community Hub

 

This blog post will provide a step-by-step guide to build a Proof of Concept (POC) Lab that uses the Transport Layer Security (TLS) Inspection feature of Azure Firewall Premium by using the Certification Auto-Generation mechanism, which automatically creates the following three resources for you:

 

• Managed Identity
• Key Vault
• Self-signed Root CA certificate

Azure Firewall TLS Inspection requires Public Key Infrastructure (PKI) to issue certificates. Setting up a PKI system is a complex process, as it requires deploying some additional resources such as Windows Virtual machine(s) to host Active Directory Certificate Services (ADCS) - to issue certificates - and additional configurations to set up the environment. This makes it a non-ideal solution for a POC where time to value is limited. The full process of generating, exporting, and configuring PKI certificates for Azure Firewall is documented in this article - Deploy and configure Enterprise CA certificates for Azure Firewall Premium. Azure Firewall also supports Self-Signed certificates, but this configuration also requires some additional steps.