Home

Best practices regarding use of NSGs versus NextGen Firewall appliances in Azure environments

%3CLINGO-SUB%20id%3D%22lingo-sub-784027%22%20slang%3D%22en-US%22%3EBest%20practices%20regarding%20use%20of%20NSGs%20versus%20NextGen%20Firewall%20appliances%20in%20Azure%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-784027%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20resources%20are%20shifting%20from%20on-premise%20to%20Azure%2C%20I'm%20looking%20for%20perspectives%20on%20best%20practices%20for%20when%20to%20use%20a%20NextGen%20firewall%20appliance%20in%20addition%20or%20in%20place%20of%20the%20Azure%20NSGs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMy%20understanding%20is%20that%20the%20NSG%20essentially%20only%20provides%20the%20firewall%20rule%20type%20of%20functionality%20and%20not%20some%20of%20the%20features%20that%20would%20typically%20be%20associated%20with%20a%20NextGen%20firewall%20(intrusion%20prevention%2C%20virus%20prevention%2C%20web%20content%20filtering%2C%20etc.).%26nbsp%3B%20As%20my%20typical%20thinking%20would%20be%20that%20any%20office%20where%20business%20is%20performed%20is%20best%20served%20by%20having%20a%20perimeter%20NGFW%2C%20I%20am%20slow%20to%20understand%20scenarios%20where%20I%20would%20not%20want%20them%20in%20Azure%20as%20well%20and%20am%20looking%20for%20other%20perspectives%20or%20how%20others%20are%20deploying%20in%20their%20environments.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20in%20advance%20for%20any%20input!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-784027%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Security%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Efirewalls%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Enetwork%20security%20groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-787146%22%20slang%3D%22en-US%22%3ERe%3A%20Best%20practices%20regarding%20use%20of%20NSGs%20versus%20NextGen%20Firewall%20appliances%20in%20Azure%20environments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-787146%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F385762%22%20target%3D%22_blank%22%3E%40Mike_O%3C%2FA%3E%26nbsp%3BYou%20can%20use%20a%20NGFW%20for%20your%20cloud%20environment%2C%20to%20add%20additional%20security%20and%20have%20more%20advance%20filtering%20and%20detections.%20Azure%20NSG%20provide%20a%20virtual%20firewall%20to%20allow%20or%20deny%20specific%20ports%20or%20protocols.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Efor%20NSG%20best%20practice%20follow%20below%20blog%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Figorpag%2F2016%2F05%2F14%2Fazure-network-security-groups-nsg-best-practices-and-lessons-learned%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.msdn.microsoft.com%2Figorpag%2F2016%2F05%2F14%2Fazure-network-security-groups-nsg-best-practices-and-lessons-learned%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Mike_O
New Contributor

As resources are shifting from on-premise to Azure, I'm looking for perspectives on best practices for when to use a NextGen firewall appliance in addition or in place of the Azure NSGs.

 

My understanding is that the NSG essentially only provides the firewall rule type of functionality and not some of the features that would typically be associated with a NextGen firewall (intrusion prevention, virus prevention, web content filtering, etc.).  As my typical thinking would be that any office where business is performed is best served by having a perimeter NGFW, I am slow to understand scenarios where I would not want them in Azure as well and am looking for other perspectives or how others are deploying in their environments.  

 

Thank you in advance for any input!

1 Reply

@Mike_O You can use a NGFW for your cloud environment, to add additional security and have more advance filtering and detections. Azure NSG provide a virtual firewall to allow or deny specific ports or protocols. 

 

for NSG best practice follow below blog

https://blogs.msdn.microsoft.com/igorpag/2016/05/14/azure-network-security-groups-nsg-best-practices...

Related Conversations
Edge Stuck on Setting Up Sync
Jason101 in Discussions on
3 Replies
Azure AD Connect and ADFS Firewall ports
Michele Casazza in Azure Active Directory on
2 Replies
Azure Automation connecting to Exchange with MFA enforced
Chris Johnston in Azure on
13 Replies
Intune Win32 apps error 0x80070002
bjornmertens in Microsoft Intune on
5 Replies
Azure network rules - statefull firewall
Michal Garcarz in Azure on
1 Replies