Thursday, 22 July 2021

Next-generation firewall capabilities with Azure Firewall Premium

We are announcing the general availability release of Microsoft Azure Firewall Premium.

Key features in this release include:

1. TLS inspection: Azure Firewall Premium terminates outbound and east-west transport layer security (TLS) connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.

2. IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic or known malicious instruction sequences used by malware.

3. Web categories: Allows administrators to filter outbound user access to the internet based on categories (for example, social networking, search engines, gambling, and so on), reducing the time spent on managing individual fully qualified domain names (FQDNs) and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.

4. URL filtering: Allow administrators to filter outbound access to specific URLs, not just FQDNs. This capability works for both plain text and encrypted traffic if TLS inspection is enabled.

Azure Firewall Premium benefits

Azure Firewall Premium provides advanced threat protection that meets the needs of highly sensitive and regulated environments, such as the payment and healthcare industries. Organizations can leverage Premium stock-keeping unit (SKU) features like IDPS and TLS inspection to prevent malware and viruses from spreading across networks in both lateral and horizontal directions. To meet the increased performance demands of IDPS and TLS inspection, Azure Firewall Premium utilizes a more powerful Virtual Machine SKU. Like Standard SKU, the Premium SKU can seamlessly scale up to 30 Gbps and integrates with availability zones to support the service level agreement (SLA) of 99.99 percent. The Premium SKU complies with Payment Card Industry Data Security Standard (PCI DSS) environment needs.

To simplify migration for Standard SKU customers, we used a common configuration approach using Azure Firewall Policy. This approach allows reusing existing API integration with minimal changes and continues managing Azure Firewall using Firewall Manager. Customers using firewall rules (Classic) will take an additional step for the migration to Azure Firewall Policy first. Azure Firewall Policy offers several advantages such as sharing common configuration across multiple firewalls, grouping rules using rule collection groups, and managing rules over time using policy analytics (Private Preview).

The Azure Firewall Premium SKU is optimally priced to provide the best value for state-of-the-art cloud-native firewall service. Premium SKU, with its advanced threat protection capabilities, offers compelling reasons to migrate on-premise high-security perimeter networks to the cloud. This approach helps avoid latency incurred back-hauling internet traffic to on-premises perimeter networks.

Azure Firewall Premium, Azure Tutorial and Material, Azure Preparation, Azure Certification, Azure Guides, Azure Career
Figure 1: Azure Firewall Premium capabilities.

Migration from Azure Firewall Standard to Premium


As part of this general availability release, we are offering two new capabilities to allow smooth migration:

1. Convert the existing Azure Firewall rules (Classic) to Azure Firewall Policy.

Azure Firewall Premium, Azure Tutorial and Material, Azure Preparation, Azure Certification, Azure Guides, Azure Career
Figure 2: Migrate classic rules to Azure Firewall Policy.

2. Create a new Azure Firewall Premium and associate it to an existing policy.

Azure Firewall Premium, Azure Tutorial and Material, Azure Preparation, Azure Certification, Azure Guides, Azure Career
Figure 3: Create a new Azure Firewall Premium and associate an Azure Policy.

After exporting the Azure Firewall configuration and decommissioning your existing Azure Firewall Standard, you can deploy a new Azure Firewall Premium while associating to it the standard firewall configuration and maintaining its public IP.

Azure Firewall Premium pricing


Like the Standard SKU, Azure Firewall Premium pricing includes both deployment and data processing charges.

The deployment charge is 40 percent higher than Azure Firewall Standard and the data processing charge remains the same as Azure Firewall Standard.

Source: microsoft.com

Related Posts

0 comments:

Post a Comment