We introduced Microsoft Azure Firewall Manager preview for Azure Firewall policy and route management in secured virtual hubs. This also included integration with key Security as a Service partners, Zscaler, iboss, and soon Check Point. These partners support branch to internet and virtual network to internet scenarios.
Today, we are extending Azure Firewall Manager preview to include automatic deployment and central security policy management for Azure Firewall in hub virtual networks.
Azure Firewall Manager preview is a network security management service that provides central security policy and route management for cloud-based security perimeters. It makes it easy for enterprise IT teams to centrally define network and application-level rules for traffic filtering across multiple Azure Firewall instances that spans different Azure regions and subscriptions in hub-and-spoke architectures for traffic governance and protection. In addition, it empowers DevOps for better agility with derived local firewall security policies that are implemented across organizations.
Hub virtual networks and secured virtual hubs
Hub virtual network | Secured virtual hub | |
Underlying resource | Virtual network | Virtual WAN hub |
Hub-and-Spoke | Using virtual network peering | Automated using hub virtual network connection |
On-prem connectivity | VPN Gateway up to 10 Gbps and 30 S2S connections; ExpressRoute | More scalable VPN Gateway up to 20 Gbps and 1000 S2S connections; ExpressRoute |
Automated branch connectivity using SDWAN | Not supported | Supported |
Hubs per region | Multiple virtual networks per region | Single virtual hub per region. Multiple hubs possible with multiple Virtual WANs |
Azure Firewall – multiple public IP addresses | Customer provided | Auto-generated (to be available by general availability) |
Azure Firewall Availability Zones | Supported | Not available in preview (to be available by general availability) |
Advanced internet security with 3rd party Security as a service partners | Customer established and managed VPN connectivity to partner service of choice | Automated via Trusted Security Partner flow and partner management experience |
Centralized route management to attract traffic to the hub |
Customer managed UDR; Roadmap: UDR default route automation for spokes |
Supported using BGP |
Web Application Firewall on Application Gateway | Supported in virtual network | Roadmap: can be used in spoke |
Network Virtual Appliance | Supported in virtual network | Roadmap: can be used in spoke |
Policy | Rules | |
Contains | NAT, Network, Application rules, and Threat Intelligence settings | NAT, Network, and Application rules |
Protects |
Virtual hubs and virtual networks |
Virtual networks only |
Portal experience |
Central management using Firewall Manager |
Standalone firewall experience |
Multiple firewall support |
Firewall Policy is a separate resource that can be used across firewalls |
Standalone firewall experience |
Pricing | Billed based on firewall association | Free |
Supported deployment mechanisms |
Portal, REST API, templates, PowerShell, and CLI |
Portal, REST API, templates, PowerShell, and CLI |
Release Status |
Preview | General Availability |
0 comments:
Post a Comment