Microsoft introduces Azure Firewall
So what do you get if you combine Network Security Groups (NSGs) and a Web Application Firewall (WAF) together in Azure? Well, you'd have a L3 to L7 layered network stack.... aka the Azure Firewall. Azure Firewall is a managed service Microsoft announced this week offered to customer cloud tenant to help them better control and manage network traffic in a single place.
Customers can create and enforce connectivity policies using application and network level filtering rules. Connectivity policies can be enforced across multiple subscriptions and virtual networks. The Azure Firewall service is fully integrated with the Azure platform, portal UI and services. And of course, you can manage this all through PowerShell. Azure CLI is coming soon.
If you are into PowerShell, you will want to grab the AzureRm.Network module (min ver 6.4.0) so you can get the AzureRmFirewall cmdlets. With it, simply run:
Get-Command -Name *AzureRmFirewall*
You should see something like this:
Want to get up and running quickly? There is an ARM template for that too.
One cool benefit is you can shunt all your logs to Log Analytics. Simply jump over to the DIagnostics settings for the firewall and check that option. Or fire it to event hub if you are brave.... and hook it into a Logic App or Azure Function.
The pace at which Microsoft is adding services to it's Cloud is amazing. This preview is still missing a few things (where is the Azure Policy support?) but its a great start to adding deeper firewall support to the Microsoft Cloud.