What is Azure Firewall?
In this tutorial, we will get a bried about Azure firewall.
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
However, you can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls for identifying traffic originating from your virtual network.
Azure Firewall Premium Preview
This is a next-generation firewall with capabilities that are required for highly sensitive and regulated environments.
Features
1. TLS inspection
Azure Firewall Premium terminates outbound and east-west TLS connections. Inbound TLS inspection is supported with Azure Application Gateway allowing end-to-end encryption. Azure Firewall does the necessary security functions and re-encrypts the traffic sent to the original destination.
2. IDPS
A network intrusion detection and prevention system (IDPs) allows you to monitor your network for malicious activity, log information about this activity, report it, and optionally attempt to block it. Further, Azure Firewall Premium Preview provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
The Azure Firewall signatures/rulesets include:
- Firstly, an emphasis on fingerprinting actual malware, Command, and Control, exploit kits, and in the wild malicious activity missed by traditional prevention methods.
- Secondly, over 35,000 rules in over 50 categories.
- The categories include malware command and control, DoS attacks, botnets, informational events, exploits, vulnerabilities, and more.
- Thirdly, 20 to 40+ new rules releases each day.
- Lastly, Low false positive rating by using state-of-the-art malware sandbox and global sensor network feedback loop.
3. URL filtering
URL filtering extends Azure Firewall’s FQDN filtering capability to consider an entire URL. However, URL Filtering can apply both on HTTP and HTTPS traffic. When HTTPS traffic is inspected, Azure Firewall Premium Preview can use its TLS inspection capability to decrypt the traffic and extract the target URL to validate whether access is permitted. TLS inspection requires opt-in at the application rule level. Once enabled, you can use URLs for filtering with HTTPS.
4. Web categories
Web categories let administrators allow or deny user access to website categories such as gambling websites, social media websites, and others. However, it will also include in Azure Firewall Standard, but it will be finer in Azure Firewall Premium Preview. As opposed to the Web categories capability in the Standard SKU that matches the category based on an FQDN, the Premium SKU matches the category according to the entire URL for both HTTP and HTTPS traffic.
For example, if Azure Firewall intercepts an HTTPS request for www.google.com/news, the following categorization will take place:
- Firstly, Firewall Standard – only the FQDN part will be under examination, so www.google.com will categorize as a Search Engine.
- Secondly, Firewall Premium – the complete URL will be under examination, so www.google.com/news will categorize as News.
5. Category exceptions
You can create exceptions to your web category rules. Create a separate allow or deny rule collection with a higher priority within the rule collection group. For example, you can configure a rule collection that allows www.linkedin.com with priority 100, with a rule collection that denies Social networking with priority 200. This creates the exception for the pre-defined Social networking web category.
Reference: Microsoft Documentation