Azure Firewall Manager
17 TopicsNew Blog | Private IP DNAT Support and Scenarios with Azure Firewall
ByGustavo Modena Introduction Azure Firewall is a cloud native security service to protect your workloads running in Azure. It is a stateful firewall as a service with built-in high availability and auto scale. Azure Firewall supports three rule types: DNAT, Network and Application rules. In this blog, we will talk about enhancements to the DNAT rules. Up until recently, DNAT rules only was only supported on the Firewall Public IP addresses, mostly used for incoming traffic. In this release, we have enhanced DNAT scenario to support port translation on Azure Private IP (VIP). This capability helps with connectivity between overlapped IP networks, which is a common scenario for enterprises when onboarding new partners to their network or merging with new acquisitions. DNAT on Private IP is also relevant for hybrid scenarios (connecting on-premises datacenters to Azure), where DNAT bridges the gap, enabling communication between private resources over non-routable IP addresses. Read the full post here:Private IP DNAT Support and Scenarios with Azure Firewall275Views0likes0CommentsNew Blog | Simplifying Cloud Security with Azure Firewall Manager and Illumio
BySuren Jamiyanaa Introduction In today’s dynamic and ever-evolving cloud environment, ensuring strong security measures is essential. This involves not only implementing the right tools, but also having effective processes in place to oversee and maintain these security measures. With Azure Firewall Manager, Microsoft offers a comprehensive and centralized platform to simplify the management of multiple firewalls at scale, addressing the challenges of managing security in a dynamic cloud landscape. Illumio for Microsoft Azure Firewall helps Azure Firewall customers enforce Zero Trust Segmentation and go beyond network and application filtering. It helps the firewall operations teams understand rules with rich context of the resources they are protecting. With rich context, administrators can easily determine which resource is secured by the rule, who owns it, and perform rule lifecycle management more confidently. By combining the robust features of Azure Firewall and Azure Firewall Manager with Illumio’s expertise in Zero Trust Segmentation, we aim to provide our customers with a powerful solution to navigate the complexities of modern cloud security effectively. Illumio support in Azure Firewall Manager Azure Firewall Manager is a centralized platform for managing firewalls, along with other core network security services, at scale. Illumio for Microsoft Azure Firewall is now directly accessible within Azure Firewall Manager. Customers can seamlessly enable Illumio for Microsoft Azure Firewall by navigating to the “What’s New” section within Azure Firewall Manager. Read the full post here:Simplifying Cloud Security with Azure Firewall Manager and Illumio329Views0likes0CommentsNew Blog | Azure Firewall integration in Copilot for Security: protect networks with Gen AI
ByAbhinav Sriram Azure Firewall is a cloud-native and intelligent network firewall security service that provides best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. In this blog we will be focusing on the newly announced Azure Firewall integration in Copilot for Security. How Copilot for Security works with the Azure Firewall plugin The Azure Firewall integration in Copilot for Security helps analysts perform detailed investigations of the malicious traffic intercepted by the IDPS feature of their firewalls across their entire fleet using natural language questions in the Copilot for Security standalone experience. The Azure Firewall plugin enabled in the Copilot for Security standalone experience Read the full post here:Azure Firewall integration in Copilot for Security: protect networks at machine speed with Gen AI371Views0likes0CommentsNew Blog | Organizing rule collections and rule collection groups in Azure Firewall Policy
ByBeatrizSilveira Firewall Policy is the recommended method to manage Azure Firewall security and operational configurations. When using Firewall Policy, any rules must be part of arule collectionandrule collection group. Rule collections are sets of rules that share the same priority and action, and can be of type DNAT, Network, or Application. Rule collection groups are containers for rule collections of any type and are processed first by Azure Firewall based on priority. To learn more about rules, rule collections, and rule collections groups, seeAzure Firewall Policy rule sets. This article provides some best practices for configuring and organizing Firewall Policy rules into rule collections and rule collections groups. Rule processing logic The first thing to note is that ifthreat intelligence-based filteringis enabled, those rules are evaluatedfirstand may deny traffic before any configured rules are processed. For configured rules, the following logic applies: All DNAT rules are processed first, followed by Network rules, and lastly, by Application rules. For each rule type stated in 1., the firewall evaluates rules based on priority. It will look at therule collection groupwith the highest priority, and within that rule collection group, at therule collectionwith the highest priority.Keep in mind that priority is any number between 100 (highest priority) and 65,000 (lowest priority). If there are rules inherited from aparent policy, these will take precedence over rules configured in the child policy. Thus, the logic described in step 2. will apply to inherited rules first. For detailed examples of this rule processing logic, seeRule processing using Firewall Policy. Read the full post here:Organizing rule collections and rule collection groups in Azure Firewall Policy402Views0likes0CommentsSEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS
UPDATED, post-AMA: Here is the AMA recording in case you missed the live session. ************************************************************* Please join us in this Ask Me Anything session with the Azure Network Security CxE PM team. During this session, the Azure Network Security SME (Subject Matter Experts), will answer your questions on Azure Firewall, Azure Firewall Manager, Azure Web Application Firewall and Azure DDoS. This will be a great forum for our Public Community members to learn, interact and have their feedback listened to by the Azure Network Security team. Feel free to post your questions about Azure Network Security solution areas anytime in the comments before the event starts.The team will be answering questions during the live session, with priority given to the pre-submitted questions from the comments below. If you are new to Microsoft Tech-Community, please follow the sign-in instructions. To register for the upcoming live AMA Sep 26, 2023, visit aka.ms/SecurityCommunity. Mohit_KumarandrewmathuSaleemBseeu davidfrazeeShabazShaiktobiotoloringusmodena7.6KViews0likes21CommentsNew Blog Post | Azure Firewall: New Monitoring and Logging Updates
Contributors: Eliran Azulai and Yuval Pery Monitoring, management, and innovation are core pillars of Azure Firewall. With this in mind, we are delighted to share the following new capabilities: Resource Health is now inpublic preview Embedded Firewall Workbooks is now inpublic preview Latency Probe Metric is now ingeneral availability When you monitor the firewall, it’s the end-to-end experience that we continuously strive to improve. Our aim is to empower you to make informed decisions quickly and maximize your organization's security demands. Understanding the importance of having visibility into your network, this release focuses on making it easier for you to monitor, manage, and troubleshoot your firewalls more efficiently. Read the full blog here:Azure Firewall: New Monitoring and Logging Updates - Microsoft Community Hub627Views0likes0CommentsNew Blog | Validating FTP traffic scenarios with Azure Firewall
Written by Gopikrishna Kannan (Head of Products: Azure Firewall and Firewall Manager) The Azure Firewall is a cloud-native and intelligent network firewall security service that can be integrated into many different use cases. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability that provides both east-west and north-south traffic inspection. This blog will discuss FTP scenario with Azure Firewall. FTP or File Transfer Protocol is the most common use case for enterprise customers. FTP may be configured to run inactiveorpassivemode, which determines how the data connection is established. Azure Firewall supports both Active and Passive FTP scenarios. Passive FTP mode requires FTP client to initiate connection to the server on a specified port range. Passive FTP is the recommended approach for East - West (E-W) scenarios. In Active FTP mode, the server initiates connection to the client. This approach is typically deployed to support internet clients connecting to the FTP server running behind Azure Firewall and requires more than 250 DNAT ports (Azure FirewallDNAT rule limits) to be opened hitting load balancer limits. By default, Passive FTP is enabled, and Active FTP support is disabled to protect against FTP bounce attacks using the FTPPORTcommand. Read the blog:Validating FTP traffic scenarios with Azure Firewall - Microsoft Community Hub1.6KViews2likes0CommentsNew Blog | Taking Azure Firewall IDPS on a Test Drive
Written by Gopikrishna Kannan (Head of Products: Azure Firewall and Firewall Manager) Intrusion detection and prevention (IDPS) is an advanced threat prevention mechanism supported by the Azure Firewall Premium SKU. Unlike simple network filtering, IDPS matches traffic patterns to a set of known malicious signatures. Azure Firewall supports more than 60,000 malicious signatures which are updated in real time. These signatures apply when malicious patterns are detected under the right conditions. The conditions include traffic direction (inbound or outbound) and network scope (private network or public network). Below are examples to validate IDPS configuration in your environment. Read the full blog here:Taking Azure Firewall IDPS on a Test Drive - Microsoft Community Hub806Views0likes0CommentsNew Blog Post | Exploring Azure Firewall's Threat Protection
This blog post discusses the various threat protection capabilities that customers are leveraging to safeguard their workload deployments in Azure using Azure Firewall. Azure Firewall is a cloud-native firewall-as-a-service solution that empowers customers to centrally govern and log all their traffic flows using a DevOps approach. This service offers both application and network-level filtering rules, and it seamlessly integrates with the Microsoft Threat Intelligence feed to filter known malicious IP addresses and domains. Moreover, Azure Firewall boasts high availability and comes equipped with built-in auto scaling. While it may appear straightforward, the first line of defense can be effectively achieved through access restriction. Customers are adopting two simple approaches to bolster their security posture: Egress Traffic Blocking: This method involves blocking all egress traffic to the internet and only allowing access to specific domains that are deemed safe and necessary. Suspicious Site Blocking: Alternatively, customers can choose to allow all egress traffic to the internet while implementing measures to block access to suspicious sites. This approach mitigates potential risks associated with accessing untrustworthy destinations. Exploring Azure Firewall's Threat Protection - Microsoft Community Hub659Views0likes0Comments