0% found this document useful (0 votes)
143 views21 pages

Design Implement and Manage An Azure Firewall Deployment Slides

This document provides an overview of how to design and implement an Azure Firewall deployment. It discusses key aspects of Azure Firewall such as centralized policy management, availability zone awareness, and integration with Azure Monitor. It also covers how to create Azure Firewall policies and rules based on network, application, and DNAT rule types. Additionally, it discusses how to integrate Azure Firewall with a Virtual WAN to provide security across hub and spoke networks using either Azure Firewall Manager or third-party next generation firewall virtual appliances.

Uploaded by

gg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
143 views21 pages

Design Implement and Manage An Azure Firewall Deployment Slides

This document provides an overview of how to design and implement an Azure Firewall deployment. It discusses key aspects of Azure Firewall such as centralized policy management, availability zone awareness, and integration with Azure Monitor. It also covers how to create Azure Firewall policies and rules based on network, application, and DNAT rule types. Additionally, it discusses how to integrate Azure Firewall with a Virtual WAN to provide security across hub and spoke networks using either Azure Firewall Manager or third-party next generation firewall virtual appliances.

Uploaded by

gg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Microsoft Azure Network Engineer:

Secure and Monitor Networks


Design, Implement, and Manage an Azure Firewall Deployment

Tim Warner
Principal Author Evangelist, Pluralsight

@TechTrainerTim TechTrainerTim.com
Overview Design and implement an Azure Firewall
deployment
Create and implement Azure Firewall
Manager policies and rules
Integrate Azure Firewall and third-party
NVAs with an Azure Virtual WAN hub
Exercise Files
Exercise Files
Exam AZ-700

timw.info/az700
Design and Implement an
Azure Firewall Deployment
Azure Firewall

Managed stateful firewall that works from OSI


Layer 3 to Layer 7
Integration with Microsoft Threat Intelligence

Centralized policy management


Availability zone awareness
SNAT and DNAT support
Azure Monitor integration
Azure Firewall Premium
Signature-based detection Considers entire URL

TLS decryption/re-encryption Gambling, social media, etc

timw.info/kwn
Azure Firewall Deployment Notes

Minimum subnet size /26

Routing table

Direct Internet required

timw.info/5oq
Our Lab Topology
Demo
Set up hub-spoke Vnets
Deploy Azure Firewall
Configure routing tables
Define Azure Firewall Policies and Rules
Azure Firewall Rule Types

Network Application DNAT


OSI Layer 4 OSI Layer 7 OSI Layer 4
5-tuple match FQDN match Inbound connections
Azure Firewall Policy-Based Rule Processing

Parent
policy

Priority values:
Child
100-65000 policy

NAT rule
Lower numbers are collection
higher priority Rule
collection Network rule
group collection
App rule
collection
Azure Firewall Policy-Based Rule Processing

Global resource

Manage multiple
firewalls Delegated administration

Centralize rule
collections

Deploy threat
Intelligence

timw.info/45i
Demo
Create rulesets
Test precedence/inheritence
Integrate Azure Firewall with Virtual WAN
Secured Virtual Hubs

Azure Firewall Manager

Firewall / policies

BGP-powered routing

Third-party integrations

timw.info/150
Secured Virtual Hub Appliance Options
Partners
• Requires S2S VPN tunnels
• AAD service principals and APIs
• Zscaler
• iboss Cloud
• Check Point CloudGuard Connect

Integrated NVA partners


• Managed Application offers in the Azure Marketplace
• Virtual machines or physical servers
• Barracuda CloudGen WAN
• Cisco Cloud Service Router VWAN
• VMware SD-WAN
timw.info/gd9
Summary Microsoft continues to add functionality to
Azure Firewall over the past year or so
- ICSA Labs Certified Corporate Firewall

You can always opt to use a third-party


NVA
- The exam is “All Microsoft, all the time”
Up Next:
Implement and Manage Network Security Groups

You might also like