Scribd Logo
Upload

Welcome to Scribd!

  • Design Implement and Manage An Azure Firewall Deployment Slides

    Uploaded by

    gg
    28 views21 pages
    This document provides an overview of how to design and implement an Azure Firewall deployment. It discusses key aspects of Azure Firewall such as centralized policy management, availability zone awareness, and integration with Azure Monitor. It also covers how to create Azure Firewall policies and rules based on network, application, and DNAT rule types. Additionally, it discusses how to integrate Azure Firewall with a Virtual WAN to provide security across hub and spoke networks using either Azure Firewall Manager or third-party next generation firewall virtual appliances.

    Original Description:

    Original Title

    Design Implement and Manage an Azure Firewall Deployment Slides

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of how to design and implement an Azure Firewall deployment. It discusses key aspects of Azure Firewall such as centralized policy management, availability zone awareness, and integration with Azure Monitor. It also covers how to create Azure Firewall policies and rules based on network, application, and DNAT rule types. Additionally, it discusses how to integrate Azure Firewall with a Virtual WAN to provide security across hub and spoke networks using either Azure Firewall Manager or third-party next generation firewall virtual appliances.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    28 views21 pages

    Design Implement and Manage An Azure Firewall Deployment Slides

    Uploaded by

    gg
    This document provides an overview of how to design and implement an Azure Firewall deployment. It discusses key aspects of Azure Firewall such as centralized policy management, availability zone awareness, and integration with Azure Monitor. It also covers how to create Azure Firewall policies and rules based on network, application, and DNAT rule types. Additionally, it discusses how to integrate Azure Firewall with a Virtual WAN to provide security across hub and spoke networks using either Azure Firewall Manager or third-party next generation firewall virtual appliances.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 21

    Microsoft Azure Network Engineer:

    Secure and Monitor Networks


    Design, Implement, and Manage an Azure Firewall Deployment

    Tim Warner
    Principal Author Evangelist, Pluralsight

    @TechTrainerTim TechTrainerTim.com
    Overview Design and implement an Azure Firewall
    deployment
    Create and implement Azure Firewall
    Manager policies and rules
    Integrate Azure Firewall and third-party
    NVAs with an Azure Virtual WAN hub
    Exercise Files
    Exercise Files
    Exam AZ-700

    timw.info/az700
    Design and Implement an
    Azure Firewall Deployment
    Azure Firewall

    Managed stateful firewall that works from OSI


    Layer 3 to Layer 7
    Integration with Microsoft Threat Intelligence

    Centralized policy management


    Availability zone awareness
    SNAT and DNAT support
    Azure Monitor integration
    Azure Firewall Premium
    Signature-based detection Considers entire URL

    TLS decryption/re-encryption Gambling, social media, etc

    timw.info/kwn
    Azure Firewall Deployment Notes

    Minimum subnet size /26

    Routing table

    Direct Internet required

    timw.info/5oq
    Our Lab Topology
    Demo
    Set up hub-spoke Vnets
    Deploy Azure Firewall
    Configure routing tables
    Define Azure Firewall Policies and Rules
    Azure Firewall Rule Types

    Network Application DNAT


    OSI Layer 4 OSI Layer 7 OSI Layer 4
    5-tuple match FQDN match Inbound connections
    Azure Firewall Policy-Based Rule Processing

    Parent
    policy

    Priority values:
    Child
    100-65000 policy

    NAT rule
    Lower numbers are collection
    higher priority Rule
    collection Network rule
    group collection
    App rule
    collection
    Azure Firewall Policy-Based Rule Processing

    Global resource

    Manage multiple
    firewalls Delegated administration

    Centralize rule
    collections

    Deploy threat
    Intelligence

    timw.info/45i
    Demo
    Create rulesets
    Test precedence/inheritence
    Integrate Azure Firewall with Virtual WAN
    Secured Virtual Hubs

    Azure Firewall Manager

    Firewall / policies

    BGP-powered routing

    Third-party integrations

    timw.info/150
    Secured Virtual Hub Appliance Options
    Partners
    • Requires S2S VPN tunnels
    • AAD service principals and APIs
    • Zscaler
    • iboss Cloud
    • Check Point CloudGuard Connect

    Integrated NVA partners


    • Managed Application offers in the Azure Marketplace
    • Virtual machines or physical servers
    • Barracuda CloudGen WAN
    • Cisco Cloud Service Router VWAN
    • VMware SD-WAN
    timw.info/gd9
    Summary Microsoft continues to add functionality to
    Azure Firewall over the past year or so
    - ICSA Labs Certified Corporate Firewall

    You can always opt to use a third-party


    NVA
    - The exam is “All Microsoft, all the time”
    Up Next:
    Implement and Manage Network Security Groups

    You might also like