Reseller News

Azure Firewall Manager flares into general availability

Includes Azure Firewall Policy, Azure Firewall Manager with Secure Virtual Hub and Azure Firewall Manager with Hub Virtual Network
  • Sasha Karen (New Zealand Reseller News)
  • 02 July, 2020 12:19

Microsoft’s Azure Firewall Manager suite has left preview and entered general availability.

The collection of offerings in Firewall Manager include Azure Firewall Policy, Azure Firewall with Secure Virtual Hub and Azure Firewall Manager with Hub Virtual Network.

Gopikrishna Kannan, senior program manager at Microsoft, described Firewall Policy as an Azure resource that contains network address translation (NAT), network and application rule collections and threat intelligence and domain name system (DNS) settings.

“It’s a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Firewall policies work across regions and subscriptions,” he said.

Firewall Manager, however, is not needed to create a firewall policy, Kannan said, with alternative methods include using REST API, PowerShell and command-line interface (CLI). A firewall policy can be created and then be associated with one of the alternatives through Firewall Manager.

Firewall policies can also be created by migrating rules from an existing Azure Firewall via a script or through Firewall Manager in the Azure portal, he added.

Various features have also been added to Firewall Manager and Firewall Policy since its preview, bringing it in line with Azure Firewall configuration capabilities.

Specifically, the new features include the configuration of secure virtual hubs for traffic within a data centre and with third party security-as-a-service (SECaaS) partners for traffic in and out of data centres.

"A security partner provider in Firewall Manager allows you to use your familiar, best-in-breed, third-party SECaaS offering to protect internet access for your users," Kannan said. 

"With a quick configuration, you can secure a hub with a supported security partner, and route and filter internet traffic from your virtual networks (VNets) or branch locations within a region."

Further, integration with third-party SECaaS partners is also available in all Azure public cloud regions.

Additionally, features now available within specific services in the suite include a threat intelligence-based filtering list in Firewall Policy, multiple public IP addresses support for Secure Virtual Hub and forced tunneling support for Hub Virtual Network.

Firewall Policy also has a number of features entering preview – support for DNS proxy, custom DNS and fully-qualified domain name (FQDN) filtering in network rules.

Zscaler integration is set for general availability for 3 July, while CheckPoint, a supported SECaaS partner, will release in preview on the same date.

Meanwhile, iboss integration will reach general availability on 31 July.

SNAT Private IP address range configuration is on the cards for a future update, but is not available at this stage.