Azure Firewall - Highlights

* Azure Firewall  is a managed, fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability that protects your Azure Virtual Network resources.

* You can deploy Azure Firewall on any virtual network, but customers typically deploy it on a central virtual network and peer other virtual networks to it in a hub-and-spoke model.

* Azure Firewall supports inbound and outbound filtering. Inbound protection is for non-HTTP/S protocols. For example RDP, SSH, and FTP protocols.

The firewall, subnet, VNet, and the public IP address all must be in the same resource group.

Azure Firewall needs a dedicated subnet like the Azure Application Gateway.

* Azure Firewall is integrated with Azure Monitor for viewing and analyzing firewall logs.

* The Azure Firewall service which provides network- and application-level protection across different subscriptions and virtual networks complements network security group functionality. Together, they provide better "defense-in-depth" network security.

* Azure Firewall has a fixed cost + variable cost: Fixed fee: $1.25/firewall/hour, Variable fee: $0.03/GB processed by the firewall (ingress or egress)
Azure Firewall in a Single Virtual Network, Source: Petri

Related: Azure Firewall vs Network Virtual Appliances

Comments