Azure Firewall Manager is a powerful security management service that provides centralised network security policy and route management for your cloud-based security perimeters. It allows you to manage and scale multiple firewalls across different subscriptions and virtual networks seamlessly. It’s linked to the Microsoft Azure Security Technologies certification (AZ-500) as the exam covers Azure Firewall Manager topics.
Understanding Azure Firewall Manager
Azure Firewall Manager provides advanced, cloud-native firewall capabilities for your Azure and on-premises networks. Some of its key features include:
- Threat intelligence-based filtering: This automatically blocks traffic from known malicious IP addresses and domains.
- Intrusion detection and prevention: It inspects inbound and outbound traffic for malicious activities.
- Network traffic filtering: It allows or denies network traffic based on defined rules.
- Centralised management: Firewall Manager lets you centrally manage and log all firewall activities.
To take full advantage of Azure Firewall Manager, you first have to understand its main components:
- Azure Firewall Policy: A Firewall Policy is a global resource that contains all the firewall settings required by a firewall.
- Azure Firewall: This is a managed, cloud-based network security service that protects your Azure Virtual Network resources.
- Secured Virtual Hub: An Azure Virtual WAN hub is an Azure-managed resource that lets you easily create hub and spoke architectures. When security and routing policies are associated with the hub, it’s referred to as a Secured Virtual Hub.
- Hub Virtual Network: This is the Spoke’s linked Virtual Network. It provides connectivity from the Spoke to the on-premises network and also to Azure Firewall if cross-premises connectivity via ExpressRoute or VPN Gateway has been configured.
Configuring Azure Firewall Manager
Here is a brief guide on how to configure Azure Firewall Manager. You need to have an Azure account with an active subscription.
- Configuring Virtual WAN:
- Sign in to the Azure portal.
- In the left-side menu, click on ‘Create a resource.’
- In the marketplace, search for ‘Virtual WAN’ and click on ‘Create.’
- Fill in the necessary details for your Virtual WAN, such as resource group, name, region, and click on ‘Review + Create.’
- Configuring Secured Virtual Hubs:
- Navigate to your Virtual WAN resource.
- Click on the ‘Secured Virtual Hubs’ tile.
- On the ‘Secured Virtual Hubs’ screen, click ‘+Add.’
- Fill the required details and associate a Firewall Policy with the hub.
- Adding firewall policy and rules:
- Navigate to the Azure Firewall Manager in the home page, click on ‘Firewall Policies.’
- Click on ‘+Add,’ fill the necessary details, and create a rule collection under the Rules tab.
Always remember that Azure Firewall Manager rules are processed from top to bottom, with the first matching rule being enacted.
Your Firewall Manager is now set up! However, be sure to continually monitor and make use of Azure Advisor security recommendations to enhance and maintain security. You might also want to customise your rules based on requirements, as proper firewall configuration ensures proper security, which is a crucial aspect of the AZ-500 exam.
Azure Firewall Manager is indeed an indispensable tool that allows you to manage, enforce, and log application and network connectivity policies across subscriptions and virtual networks. It’s critical in identifying and responding to potential security threats, further ensuring the security of your applications and workloads. It’s a key facet of AZ-500 – Microsoft Azure Security Technologies exam, and understanding it can advance your certification journey.
Please refer to official Azure documentation for more details.
Practice Test
True/False: Azure Firewall Manager can manage Firewall policy across multiple subscriptions.
- True
- False
Answer: True
Explanation: Azure Firewall Manager is designed to provide centralized network security policy and route management for cloud-based security perimeters, including managing policies across multiple subscriptions.
Which of the following options allow you to use Azure Firewall Manager? (Multiple Select)
- A. Azure Virtual Networks (VNet)
- B. Multiple Subscription Management.
- C. Event Hubs
- D. Integrating with Azure Monitor
Answer: A, B, D
Explanation: Azure Firewall Manager works with Azure Virtual Networks, allows managing multiple subscriptions, and can be integrated with Azure Monitor. It does not have a direct integration with Event Hubs.
True/False: Azure Firewall Manager only supports Infrastructure as a Service (IaaS) resources.
- True
- False
Answer: False
Explanation: Azure Firewall Manager is designed to provide security management for cloud resources, including both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) resources.
During the creation of an Azure Firewall Manager Policy. What do you need to define? (Single select)
- A. IP Addresses
- B. DNS settings
- C. Rules
- D. Subnet Sizes
Answer: C. Rules
Explanation: While creating an Azure Firewall Manager Policy, the most critical thing to define will be the set of rules that the firewall will follow.
True/False: You can use Azure Firewall Manager to enforce threat intelligence-based filtering.
- True
- False
Answer: True
Explanation: Azure Firewall Manager supports threat intelligence-based filtering. It uses data from the Microsoft Threat Intelligence feed for filtering traffic.
True/False: Azure Firewall Manager does not support hybrid connections like VPN or ExpressRoute.
- True
- False
Answer: False
Explanation: Azure Firewall Manager indeed supports hybrid connections including VPN and ExpressRoute.
Which of the following features are not supported by Azure Firewall Manager? (Single select)
- A. Multiple public IP addresses support
- B. Application rule collection
- C. Intrusion detection system
- D. Network rule collection
Answer: C. Intrusion detection system
Explanation: Although Azure Firewall Manager supports many key features, it does not have an in-built Intrusion Detection System.
What is Azure Firewall Manager primarily used for? (Single select)
- A. Load balancing applications
- B. Monitoring application performance
- C. Implementing centralized network security policies
- D. Backing up data
Answer: C. Implementing centralized network security policies
Explanation: Azure Firewall Manager is primarily used for creating, managing, and implementing centralized network security policies.
True/False: Azure Firewall Manager is free of charge.
- True
- False
Answer: False
Explanation: Azure Firewall Manager has associated costs, it is not a free service.
Integration of Azure Firewall Manager with which of the following allows visibility into your applications’ traffic patterns? (Single select)
- A. Azure Traffic Manager
- B. Azure Front Door
- C. Azure Monitor Insight
- D. Azure Load Balancer
Answer: C. Azure Monitor Insight
Explanation: The integration of Azure Firewall Manager with Azure Monitor Insight provides visibility into your applications’ traffic patterns.
Interview Questions
What is Azure Firewall Manager?
Azure Firewall Manager is a security management service that provides centralized network security policy and route management for globally distributed, multi-environment Azure Firewall instances.
Can Azure Firewall Manager manage multiple Azure Firewall instances?
Yes, Azure Firewall Manager can manage and configure multiple Azure Firewall instances throughout your network architecture from a single, centralized place.
What is Firewall Policy in Azure Firewall Manager?
Firewall Policy is a global resource that acts as a container for multiple firewall rules. These policies can be associated with one or more Azure firewalls.
How do you create a new Azure Firewall Manager policy?
You create a new policy through the Azure Portal by going to the Azure Firewall Manager service, choosing “Firewall Policies”, and then clicking on “+ Add firewall policy”.
What is a Hub in Azure Firewall Manager?
A Hub in Azure Firewall Manager is a virtual network where you deploy Azure Firewall instance. It acts as a consolidation point for routing traffic from various Spokes.
Can Azure Firewall Manager integrate with Azure Virtual WAN?
Yes, Azure Firewall Manager can be used with Azure Virtual WAN to centrally manage security policies and route management for various distributed, Internet-facing workloads.
Name the features available with Firewall Policy in Azure Firewall Manager?
With Firewall Policy in Azure Firewall Manager, you can manage rules and configurations, use multiple public IPs, enable Threat Intelligence and Intrusion Detection, utilize application rules, network rules, and more.
Can I use Azure Firewall Manager to manage on-premise firewalls?
No, Azure Firewall Manager is specifically designed to manage and configure Azure Firewall instances. It cannot manage on-premises firewalls.
What are Firewall Threat Intelligence modes in Azure Firewall Manager?
Threat Intelligence modes include Off, Alert and Deny. These modes determine what happens when traffic is detected coming from or going to known harmful IP addresses.
How do I migrate to a Firewall Policy from a traditional firewall rules collection?
In Azure portal, find your firewall resource, on the left menu, under ‘Settings’, select ‘Firewall policy’ then choose migrate rules and settings to a Firewall Policy.
What are Secured Virtual Hubs?
Secured Virtual Hubs are an Azure Virtual WAN Hub with associated security and routing policies, configured by Azure Firewall Manager.
What is a Spoke in Azure Firewall Manager?
A Spoke in Azure Firewall Manager is a virtual network that can be associated with a Hub. Traffic from Spoke to Spoke, or from Spoke to internet, routes through the Hub.
Does Azure Firewall Manager support both IPv4 and IPv6 rules?
As of now, Azure Firewall Manager only supports IPv4 rules.
Can Azure Firewall Manager configure Azure Application Gateway?
No, Azure Firewall Manager does not have the capability to configure Azure Application Gateway.
Can I use Azure Firewall Manager to manage Azure Firewall systems in different subscriptions?
Yes, Azure Firewall Manager can manage Azure Firewall instances across different subscriptions as long as those subscriptions are under the same Azure Active Directory tenant.