Azure Firewall Manager now supports virtual networks – the news was announced last week in the official Microsoft Azure blog. The new capability came after last November Microsoft had introduced Microsoft Azure Firewall Manager preview for Azure Firewall policy and route management in secured virtual hubs.
According to the official post by Gopikrishna Kannan, Senior Program Manager at Microsoft, the company extends Azure Firewall Manager preview to include automatic deployment and central security policy management for Azure Firewall in hub virtual networks.
In fact, Azure Firewall Manager preview is a network security management service that provides central security policy and route management for cloud-based security perimeters.
“It makes it easy for enterprise IT teams to centrally define network and application-level rules for traffic filtering across multiple Azure Firewall instances that spans different Azure regions and subscriptions in hub-and-spoke architectures for traffic governance and protection”, reveals Gopikrishna Kannan. “In addition, it empowers DevOps for better agility with derived local firewall security policies that are implemented across organizations”, he explains.
Azure Firewall Manager supports security management for two network architecture types:
- Secured virtual hub – An Azure Virtual WAN Hub is a Microsoft-managed resource that lets you easily create hub-and-spoke architectures. When security and routing policies are associated with such a hub, it is referred to as a secured virtual hub.
- Hub virtual network – This is a standard Azure Virtual Network that you create and manage yourself. When security policies are associated with such a hub, it is referred to as a hub virtual network. At this time, only Azure Firewall Policy is supported. You can peer spoke virtual networks that contain your workload servers and services. It is also possible to manage firewalls in standalone virtual networks that are not peered to any spoke.
Azure Firewall Manager also supports Firewall policy creation and association. However, a policy can also be created and managed via REST API, templates, Azure PowerShell, and CLI.
“Once a policy is created, it can be associated with a firewall in a Virtual WAN Hub (aka secured virtual hub) or a firewall in a virtual network (aka hub virtual network).”, explains Gopikrishna Kannan.
Firewall Policies are billed based on firewall associations. For example a policy with zero or one firewall association is free of charge, but another policy with multiple firewall associations is billed at a fixed rate according to Azure Firewall Manager pricing.