Below are the key features of Azure firewall
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources.
It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks
Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.
The service is fully integrated with Azure Monitor for logging and analytics.
High availability is built in, so no additional load balancers are required and there’s nothing you need to configure.
Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability.
With Availability Zones, your availability increases to 99.99% uptime.
There’s no additional cost for a firewall deployed in an Availability Zone.
However, there are additional costs for inbound and outbound data transfers associated with Availability Zones.
You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol.
FQDN tags make it easy for you to allow well-known Azure service network traffic through your firewall
Outbound SNAT support
Inbound DNAT support
Network filtering rules for non-TCP/UDP protocols (such as ICMP) don’t work for Internet-bound traffic.
You cannot move Azure Firewall to a different resource group or subscription.
Limited port range
No custom DNS Support.
No SNAT/DNAT for private IP destinations
Complete list of limitations available