/
Virtual Networks Should be Protected by Azure Firewall

Virtual Networks Should be Protected by Azure Firewall

Owned by Jase T. English
Last updated: May 25, 2021 by Solomon F Prophete
1 min read

Description:

With Azure Firewall, you can configure:

  • Application rules that define fully qualified domain names (FQDNs) that can be accessed from a subnet.

  • Network rules that define source address, protocol, destination port, and destination address.

Network traffic is subjected to the configured firewall rules when you route your network traffic to the firewall as the subnet default gateway.

For production deployments, a hub and spoke model is recommended, where the firewall is in its own VNet. The workload servers are in peered VNets in the same region with one or more subnets (see: 

https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke)



Solution/Reference: 

To deploy and configure the Azure Firewall using the Azure portal, please see the full instructions here:

https://docs.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal

Related content

All Network Ports Should Be Restricted on Network Security Groups Associated to Your Virtual Machine
All Network Ports Should Be Restricted on Network Security Groups Associated to Your Virtual Machine
CUIT CyberSecurity
More like this
Adaptive Network Hardening Recommendations Should Be Applied on Internet Facing Virtual Machines
Adaptive Network Hardening Recommendations Should Be Applied on Internet Facing Virtual Machines
CUIT CyberSecurity
More like this
Azure DDoS Protection Standard Should Be Enabled
Azure DDoS Protection Standard Should Be Enabled
CUIT CyberSecurity
More like this
Management Ports Should Be Closed on Your Virtual Machines
Management Ports Should Be Closed on Your Virtual Machines
CUIT CyberSecurity
More like this
API Management Services Should Use a Virtual Network
API Management Services Should Use a Virtual Network
CUIT CyberSecurity
More like this
Container Registries Should Not Allow Unrestricted Network Access
Container Registries Should Not Allow Unrestricted Network Access
CUIT CyberSecurity
More like this