Azure Firewall Manager Overview and Security Features

Azure Firewall Manager is a cloud-native network security solution that provides centralized management and security features for your Azure resources. It's designed to help you protect your network from threats and ensure compliance with regulatory requirements.

With Azure Firewall Manager, you can centrally manage and monitor your Azure Firewall instances, as well as other security devices and services, from a single location. This makes it easier to scale and secure your network as your organization grows.

Azure Firewall Manager provides a robust set of security features, including threat intelligence, intrusion detection, and prevention, as well as web filtering and application filtering. These features help protect your network from a wide range of threats, including malware and denial-of-service attacks.

By using Azure Firewall Manager, you can reduce the complexity and cost associated with managing multiple security devices and services, and instead focus on securing your network and protecting your data.

A fresh viewpoint: Managed Services Azure

Azure Firewall Manager offers robust security features to protect your network. Secured virtual hubs are a key part of this, allowing you to create a centralized network security policy and route management for globally distributed, software-defined perimeters.

Broaden your view: Azure Virtual Network Manager

A secured virtual hub is a Microsoft-managed resource that lets users create hub and spoke architectures. This can be used as a Virtual WAN Hub for connectivity purposes, and all existing and future vWAN billing apply.

Hub virtual networks are also used in Azure Firewall Manager, where the user creates the hub virtual network that contains the firewall, and peers the spoke virtual networks that contain workload servers and services. This setup allows for centralized management of Azure DDoS Protection plans and Azure Web Application Firewall (WAF) policies alongside Azure Firewall deployments.

To create a firewall policy, you can use Firewall Manager to monitor traffic and detect potential threats, such as malware or suspicious activity. This is done by creating rules to allow or block traffic based on your specific security needs.

Here are the key components of a firewall policy:

A secured virtual hub is a Microsoft-managed resource that lets you easily create hub and spoke architectures. It's a key component of Azure Firewall Manager, which provides central security policy and route management for cloud-based security perimeters.

For another approach, see: Azure Secure Hub

You can create a secured virtual hub using Firewall Manager, and it can be used as a Virtual WAN Hub for connectivity purposes. Secured Virtual Hubs Deployments are charged at $- per deployment hour, and Secured Virtual Hubs Data Processed is charged at $- per GB processed, depending on the tier.

To create a secured virtual hub, you need to select your subscription, resource group, region, and secured virtual hub name. You also need to choose an existing vWAN or create a new one. For example, you might select "New vWAN" and give it a name like "Vwan-01".

Here are the key settings you need to configure for a secured virtual hub:

Once you've created a secured virtual hub, you can configure the security settings to direct traffic through the Azure Firewall. This includes selecting Azure Firewall as the Internet traffic and Private traffic settings.

Check this out: Traffic Manager in Azure

Azure Firewall Manager provides central security policy and route management for cloud-based security perimeters. You can manage Azure DDoS Protection plans alongside your Azure Firewall deployments.

Azure DDoS Protection pricing will apply to any DDoS protection plans deployed through Azure Firewall Manager. Please refer to the pricing page for more details on Azure DDoS Protection pricing.

In Azure Firewall Manager, you can manage Azure DDoS Protection plans and Azure Web Application Firewall (WAF) policies alongside your Azure Firewall deployments. Support for both Azure DDoS Protection and Azure WAF policies is in preview.

Azure Firewall Manager is a security management service that provides central security policy and route management for cloud-based security perimeters. There is no cost for Azure Firewall Manager, you are only charged for the policies and deployments created through Azure Firewall Manager.

Additional reading: Azure Front Door Waf

Azure Web Application Firewall (WAF) pricing applies to any policies deployed through Azure Firewall Manager, so be sure to check the pricing page for details.

To test the application rule, you'll connect a remote desktop to the firewall's public IP address, which is NATed to the virtual machine named Srv-Workload-01. This allows you to test the application rule by launching Internet Explorer on the server and attempting to connect to www.microsoft.com.

Suggestion: Azure Data Studio Connect to Azure Sql

The connection to www.microsoft.com is successful because you explicitly created an Application Rule to allow traffic to be routed to this FQDN. This is a key feature of Azure Firewall Manager.

Attempting to connect to www.google.com is blocked because there is no rule that was configured on the firewall to allow traffic to this FQDN. This is as expected, since no rule was created to allow this traffic.

Similarly, attempting to connect to www.facebook.com is blocked because there was no firewall rule configured to explicitly allow traffic to route to this FQDN. This is another successful test of the application rule.

Additional reading: Windows Azure Traffic Manager

Azure Firewall Manager pricing is based on the number of firewall associations. A policy with zero or one firewall association is free of charge.

Policies with multiple firewall associations are billed at a fixed rate, with the cost depending on the number of regions the firewalls span. If all firewalls are in a single region, the price is $-/month, but if they span multiple regions, the price increases to $-/month/region.

Here's a breakdown of the pricing for different scenarios:

Pricing Logic is actually quite straightforward. A policy associated with a single firewall doesn't incur any charges.

One important thing to note is that the pricing is fixed based on the number of regions your firewalls are in. If all your firewalls are in a single region, the price is lower, but if they're spread across multiple regions, the price goes up.

Here's a breakdown of the pricing:

As you can see, the pricing is fixed at $-/month/region, and the number of regions your firewalls are in determines the cost.

Azure Firewall Manager's Service Level Agreement is a crucial part of pricing and management. It outlines the expected performance and reliability of the service.

Reviewing the SLA for Azure Firewall Manager is essential to understand the service's uptime, downtime, and response times. This helps you plan and budget accordingly.

Azure Firewall Manager's SLA promises a minimum of 99.99% uptime, which translates to only about 5 minutes of downtime per year. This level of reliability is crucial for businesses that rely heavily on their firewall services.

To ensure you're meeting your business requirements, review the SLA regularly and adjust your infrastructure and budget accordingly. This will help you avoid unexpected downtime and costs.