Below are the key features of Azure firewall

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.

It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks

 Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. 

The service is fully integrated with Azure Monitor for logging and analytics.

High availability is built in, so no additional load balancers are required and there’s nothing you need to configure.

Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability.

With Availability Zones, your availability increases to 99.99% uptime. 

There’s no additional cost for a firewall deployed in an Availability Zone.

However, there are additional costs for inbound and outbound data transfers associated with Availability Zones.

You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol.

FQDN tags make it easy for you to allow well-known Azure service network traffic through your firewall

Service tags

Threat intelligence

Outbound SNAT support

Inbound DNAT support

Limitations:

Network filtering rules for non-TCP/UDP protocols (such as ICMP) don’t work for Internet-bound traffic.

You cannot move Azure Firewall to a different resource group or subscription.

Limited port range

No custom DNS Support.

No SNAT/DNAT for private IP destinations

Complete list of limitations available

Leave a Reply

Your email address will not be published. Required fields are marked *