Microsoft Azure Firewall

Introduction

• Azure Firewall is a managed, cloud-based network security service provided by Microsoft Azure.
• It offers comprehensive, centralized network and application-level protection to safeguard your Azure Virtual Network resources.

Key Features of Azure Firewall

1. Stateful Firewall:
   • Azure Firewall is a stateful firewall, meaning it tracks the state of active connections and makes decisions based on the context of the traffic.
2. Built-in High Availability:
   • The service is inherently designed for high availability with built-in failover capabilities, ensuring continuous protection.
3. Scalability:
   • Azure Firewall automatically scales with your network traffic, providing consistent protection without manual intervention.
4. Network and Application Rules:
   • Network Rules: Control inbound and outbound network traffic based on source and destination IP address, port, and protocol.
   • Application Rules:** Control outbound HTTP/S traffic by defining fully qualified domain names (FQDNs) or URL-based rules.
5. Threat Intelligence:
   • Azure Firewall can be configured to alert or deny traffic from/to known malicious IP addresses and domains using Microsoft’s threat intelligence feed.
6. Logging and Analytics:
   • Logs all traffic and can be integrated with Azure Monitor, Azure Sentinel, or third-party SIEM (Security Information and Event Management) solutions for detailed analysis and monitoring.
7. Integration with Other Azure Services:
   • Easily integrates with Azure Virtual Network, Azure Application Gateway, Azure VPN Gateway, and other Azure services.

NAT (Network Address Translation) rules

• NAT rules in Azure Firewall allow you to configure how traffic is translated as it passes through the firewall. = These rules are essential for managing inbound and outbound traffic and enabling secure and efficient communication between your internal network and external networks.

Types of NAT Rules

1. Inbound NAT Rules:
   • Used to translate and route incoming traffic from an external source (e.g., the internet) to a private IP address within your Azure Virtual Network.
   • Commonly used for scenarios where external users need to access services hosted within your virtual network, such as web servers or other applications.
2. Outbound NAT Rules:
   • Used to translate and route outgoing traffic from a private IP address within your virtual network to an external destination (e.g., the internet).
   • Ensures that traffic from your internal resources appears to come from a single public IP address or a pool of public IP addresses.

Key Benefits

1. Enhanced Security:
   • Provides robust protection for your Azure Virtual Network with both network and application-level filtering.
2. Simplified Management:
   • As a managed service, Azure Firewall simplifies network security management, removing the need to deploy, scale, or maintain firewall appliances.
3. Consistent Policy Enforcement:
   • Centralizes network security policy enforcement across multiple subscriptions and virtual networks.
4. Cost Efficiency:
   • Reduces the need for separate firewall appliances, potentially lowering overall costs while benefiting from Azure’s scalability.

Use Cases

1. Perimeter Network Protection:
   • Acts as a barrier between your Azure Virtual Network and the internet or other external networks, controlling traffic flow and protecting against external threats.
2. East-West Traffic Filtering:
   • Inspects and filters internal traffic between subnets and virtual networks, preventing lateral movement of threats within your environment.
3. Application Protection:
   • Protects your applications by controlling outbound traffic and preventing access to malicious domains.

Routing Traffic through Firewall

• By setting up a route table with a UDR and associating it with your VM’s subnet, you can ensure that all traffic from the VM is routed through Azure Firewall.
• This setup enhances security by allowing Azure Firewall to inspect and control the traffic, providing centralized management of network security policies.
• Steps:
  1. Set Up Azure Firewall
     • a. Deploy Azure Firewall
     • b. Create a Public IP for Azure Firewall
     • c. Associate the Public IP with the Firewall
  2. Create an Azure Route Table
     • a. Create a Route Table
     • b. Create a Route in the Route Table
  3. Associate the Route Table with the Subnet
  4. Configure Network Security Groups (NSGs)
     • a. Allow Traffic to and from Azure Firewall
  5. Verify and Test the setup

Application Rules in Azure Firewall

• Azure Firewall’s application rules provide a powerful mechanism for controlling outbound traffic based on URLs and FQDNs.
• By defining granular access policies, you can enforce security measures, comply with regulatory requirements, optimize network traffic, and gain visibility into application-level traffic patterns within your Azure Virtual Network.