Thursday, July 19, 2018

Home » » Introducing Azure Firewall

Introducing Azure Firewall

14 comments:

Azure firewall is the latest addition to Azure security features portfolio. It was announced in preview last week along with Azure virtual WAN. Along with other features such as NSG and WAF , Azure Firewall enables additional protection for your applications hosted in Azure. We know that NSG offers network level protection(L3) and helps in implementing restrictions on incoming and outgoing traffic at network layer. WAF enables inbound security for web applications at Layer 7.Azure Network firewall provides outbound network layer(L3-L4) and application level (L7) protection for Http and Https traffic.

There are two types of rules that can be created in Azure Firewall. Application rule and Network rule. As name indicates Network rule can be used to allow/deny traffic at network layer by defining the source IP & protocol + Destination IP& protocol. Application rules can be created to allow or restrict outbound traffic to specific FQDNs.

If you want to play around with Azure Firewall, Refer this document for a step by step approach.  It outlines the process of accessing a VM in a network protected using Azure firewall.


 

Image courtesy:Microsoft

Few pointers here that will help you understand the configuration:

  • Workload VM(Srv-Work) is created in the subnet Workload-SN
  • The workload VM is accessed using a JumpBox server(Srv-Jump) as the workload VM does not have a public IP associated with it
  • Workload-SN had a default rule applied that redirects all outbound traffic to the Firewall. If you review the effective rules of Workload VM NIC card, the default route will be listed that routes the outbound traffic to Azure Firewall.


 


  • In the firewall, Network and application rules are created allowing only required traffic from the Workload VM. In the example, DNS resolution is allowed using network rules and access to GitHub is allowed using application rule.
  • DNS resolution is restricted to specific DNS servers and the DNS server IPs are hard coded in the workload VM NIC as custom DNS

 

PS: The document has instructions for creating a network rule in Firewall to allow DNS using protocol TCP. However, I couldn’t get it working without adding UDP. I have provided feedback in the document to check on this.

Other than that, the instructions work like a charm and I could get the set up working without any other glitches. Since internet access is restricted to specific FQDN, access to any other website will be denied. If you try accessing a website whose FQDN is not defined in the rule, you will get the following message

 

S e http://w•wwgoogle.com/ p The world's leading softwared— e google.com request blocked by Azure NO rule matched. proceeding With default action

 

Viola.. that’s your Azure firewall in Action!! You can also create and connect Azure Firewall to existing VNets from VNet -> Settings. However, do keep in mind that this service is currently in preview.
Share:

14 comments:

  1. RajaniApril 23, 2021 at 3:14 AM

    This is a good post. Keep posting.
    DevOps Training
    DevOps Online Training

    ReplyDelete
  2. gps trackerMay 5, 2021 at 6:05 AM

    Gps tracker For more information
    but information is very best

    ReplyDelete
  3. gps trackerMay 5, 2021 at 6:07 AM

    vehicle tracking system, gps locator, tracker price
    but amzing information

    ReplyDelete
  4. In22labsJune 3, 2021 at 9:18 PM

    Thanks for sharing this useful info. In22labs (unwind learning labs) is one of the leading E-governance solutions providers in India. We have worked on 100+ portals for Egovernance using the latest technologies. Know more Government apps development providers

    ReplyDelete
  5. Charlie OscarJune 10, 2021 at 12:55 AM

    Cloud computing

    CLOUD LEARN MORE What is CLOUD Computing? Cloud computing Cloud computing is a general term for anything that involves delivering hosted services over the internet.

    These services are divided into three main categories: infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS).A cloud…

    Visit to- sunoltech.com for more details

    ReplyDelete
  6. CloudNowAugust 4, 2021 at 1:04 AM

    Thanks for sharing this was very helpful. Please check our product akku
    Identity & Access Management Solution

    ReplyDelete
  7. RohanAugust 20, 2021 at 6:13 AM

    Thank You for Sharing this wonderful and much required information in this post. oracle cloud application tool in UK

    ReplyDelete
  8. AnonymousSeptember 6, 2021 at 12:21 AM

    Cloud Computing course in Noida

    ReplyDelete
  9. Application DevelopmentSeptember 27, 2021 at 1:39 AM

    This information really helped me a lot. It was very informative.
    Cloud Managed Services

    ReplyDelete
  10. Application DevelopmentOctober 7, 2021 at 2:04 AM

    This information really helped me a lot. It was very informative.
    Cloud Migration Services

    ReplyDelete
  11. AndreaDecember 20, 2021 at 10:33 PM

    Great work! Thank you for sharing this. Check it out our top notch services and solution on IT infrastructure services in chennai . Experts in Annual Maintenance Contract (AMC) services in chennai, Cloud Management Services in chennai, Cloud Advisory and Optimization Services in chennai, Cloud Implementation and Migration Service in chennai, Managed IT Services and Solutions in chennai, Cloud Security Services, Enterprise Networking and WIFI Solutions in chennai, Cyber Security Company, Penetration Testing Company

    ReplyDelete
  12. Techbrein.comMarch 12, 2022 at 12:33 AM

    Excellent blog...Thanks for sharing valuable information.. At TechBrein, we boast a team of proficient digital consultants who have successfully helped businesses take the next level in this digital age. With a clear cut understanding of the industry, market conditions and audience, we provide expert advice and a result-oriented strategy for businesses to help them thrive and transform digitally. Please visit our website below…
    https://www.techbrein.com

    ReplyDelete
  13. iTelenetApril 27, 2022 at 11:10 AM

    I really appreciate your post, and you explain each and every point very well. Thanks for sharing this information.
    Master data management companies
    Cloud computing Solution

    ReplyDelete
  14. Daniel VinchiOctober 25, 2022 at 10:02 AM

    AWS cloud migration service Princeton



    ReplyDelete

  • Windows server 2012: where is my start button??
    If you have been using Windows Server OS for a while, the one thing that will strike you most when you login to a Windows server 2012 is th...
  • Cloud Security - Risk factors
    Cloud security is a major consideration for enterprise wide cloud adoption, especially public cloud. This is part 1 of a serious of blog po...
  • The Cloud Migration Gotchas..
    All leading cloud providers have a well defined Cloud Adoption Framework that will help you shape up your cloud migration strategy. Customer...

Total Pageviews

About Me

Cloud Solutions expert with 17+ years of experience in IT industry with expertise in Multi cloud technologies and solid background in Datacentre management & Virtualization. Versatile technocrat with experience in cloud technical presales, advisory, innovation , evangelisation and project delivery. Currently working with Google as Infra modernization specialist, enabling customers on their digital transformation journey . I enjoy sharing my experiences in my blog, but the opinions expressed in this blog are my own and does not represent those of people, institutions or organizations that I may be associated with in professional or personal capacity, unless explicitly stated.

Search This Blog
Powered by Blogger.