Virtual Networks does a major role in Microsoft Azure. And firewall is the most important aspect for a network in Network Security. The new Azure Firewall service help to protect Virtual Network resources, with fully stateful native firewall capabilities with built-in high availability and the ability to scale automatically. You can create and enforce connectivity policies using application and network level filtering rules on multiple subscriptions and virtual networks. The Azure Firewall service is fully integrated with the Azure platform, portal UI and services.
How it Works:
What it does:
· Outbound FQDN filtering: Prevent outbound Internet traffic and data exfiltration by limiting outbound HTTP/S traffic to a customer specified list of Fully Qualified Domain Names (FQDN). This keeps data within your infrastructure.
· Network traffic filtering rules: Gain visibility and increase control across multiple subscriptions by centrally creating, enforcing and managing your stateful filtering rules by source and destination address, port and protocol.
· Outbound SNAT support: Enable outside communication from other security devices and appliances using Source Network Address Translation (SNAT). SNAT support provides address translation between your VNet and Public IP, while easily integrating with existing security perimeter and sharing of policies.
· Azure Monitor logging: All events are integrated with Azure Monitor, giving you a single shared interface for your logging and analytics needs. The integration secures logging of all blocked/accepted incidents and further allows you to both archive logs to an Azure storage account, stream events to your Event Hub, or send them to Log Analytics for additional insights.