Tutorial / Cram Notes
The first step in using Azure Firewall Manager is to set up an Azure Firewall policy, which is an Azure resource that contains the configuration for your Azure Firewall.
- In the Azure portal, search for and select “Firewall Manager”.
- Navigate to the “Firewall Policies” section and click “Add a firewall policy”.
- Fill in the necessary information such as name, subscription, resource group, and location.
- Configure the Rules tabs: For this you can set up Application, Network, and DNAT rules as required.
- Under the Threat intelligence tab, set up the mode (Off, Alert, or Deny) according to your threat intelligence-based filtering needs.
Associating Firewall Policy with Azure Firewall Manager
After creating a policy, the next step is to associate it with Azure Firewall Manager.
- From within the Firewall Manager, go to the “Azure Firewall Manager” section.
- Select the “Secure virtual hubs” or “Secure virtual WAN” if you’re using Virtual WAN.
- Choose the hub or virtual WAN to which you want to apply the policy.
- Apply the firewall policy to the selected hub.
Configuring Azure Firewall with Azure Firewall Manager
Azure Firewall Manager allows you to manage Azure Firewalls in secured virtual hubs and secured virtual networks.
- Within Azure Firewall Manager, select “Firewall Policy” you just created.
- Navigate to “Rules” where you can configure rules collections for DNAT, Network, and Application rules.
- Add Rule Collection Groups, which are containers for multiple rule collections that need to be associated with the Azure Firewall.
- Create rules within each group, specifying the source, destination, protocol, and action.
Example of an Application Rule Collection:
- Name: Allow-Web-Apps
- Rule collection action: Allow
- Priority: 100 (lower means higher priority)
- Rules: Add rules to allow traffic to specific web apps. For example, you could allow traffic to *.microsoft.com.
Example of a Network Rule Collection:
- Name: Allow-DNS
- Rule collection action: Allow
- Priority: 200
- Rules: Add rules to allow DNS traffic. For example, you could allow UDP traffic on port 53 to all IP addresses for DNS resolution.
Considerations for Secured Virtual Hub vs Secured Virtual Network
| Characteristics | Secured Virtual Hub | Secured Virtual Network |
|---|---|---|
| Deployment | Integrates with Virtual WAN | Traditional hub-and-spoke model |
| Routing | Uses Virtual WAN routing | Uses Azure Firewall for routing |
| Scalability | Can potentially support more scale | Scale is limited to the Azure Firewall instance |
| Complexity | Greater complexity in setup and management | Simpler to set up and manage |
Monitoring and Logs
Azure Firewall Manager integrates with Azure Monitor for logging and monitoring firewall activity. Make sure your monitoring solution is in place by doing the following:
- Navigate to “Monitoring” in your firewall policy and select “Diagnostic Settings”.
- Set up your diagnostic logs and metrics to be sent to a Log Analytics workspace, Event Hubs, or a storage account for audit, diagnostics, and monitoring.
Example: Create a diagnostic setting named “FirewallLogs” to send “AzureFirewallApplicationRule”, “AzureFirewallNetworkRule” and “AzureFirewallDnsProxy” logs to a Log Analytics workspace.
Conclusion
In conclusion, Azure Firewall Manager is an essential tool for managing security policies across different networking topologies in Azure. It provides centralized management, simplifies complex configurations, and enables consistent policy enforcement. For those preparing for the AZ-500 exam, a solid understanding of how to create, configure, and manage Azure Firewall Manager policies is critical for effectively securing your Azure environment. Remember to utilize examples as a way to understand and retain the configuration steps and different aspects of Azure Firewall Manager.
Practice Test with Explanation
True or False: Azure Firewall Manager requires you to have a Virtual WAN to manage multiple firewall instances.
- True
- False
Answer: False
Explanation: Azure Firewall Manager can be used to manage multiple firewall instances across Virtual WANs, VNets, and also with third-party security as a service providers. It is not limited to Virtual WAN usage only.
Which of the following can Azure Firewall Manager use to control network traffic?
- Route tables
- Application security groups
- Security policies
- Network security groups
Answer: Security policies
Explanation: Azure Firewall Manager uses security policies to control network traffic, which allows you to manage rules for multiple Azure Firewalls from a centralized location.
True or False: You can configure Azure Firewall Manager to automatically deploy Azure Firewall instances in new Virtual Networks.
- True
- False
Answer: True
Explanation: Azure Firewall Manager allows you to set up policies that can automatically deploy Azure Firewall instances to new Virtual Networks as they are created, providing streamlined management and consistent policy enforcement.
What feature does Azure Firewall Manager provide to support multiple subscriptions?
- Centralized management
- Cross-subscription resource deployment
- Subscription-based billing
- Decentralized policy enforcement
Answer: Centralized management
Explanation: Azure Firewall Manager provides centralized management, which allows for the configuration and management of firewall policies across multiple subscriptions from a single pane of glass.
True or False: Azure Firewall Manager only supports Azure-native security policies and not third-party security providers.
- True
- False
Answer: False
Explanation: Azure Firewall Manager supports the management not only of Azure-native security policies but also third-party security providers, giving users flexibility.
Which Azure service needs to be enabled for Azure Firewall Manager to operate?
- Azure Monitor
- Azure Security Center
- Azure Policy
- Azure Sentinel
Answer: Azure Policy
Explanation: Azure Policy is integrated with Azure Firewall Manager to allow policy-driven governance and ensure firewall policies are compliant with organizational standards.
True or False: Azure Firewall Manager can centrally manage rules for both Azure Firewall Standard and Premium SKU.
- True
- False
Answer: True
Explanation: Azure Firewall Manager can centrally manage and enforce rules on both the Standard and Premium SKU offerings of Azure Firewall.
Which of the following is a prerequisite for using Azure Firewall Manager?
- Using Azure Active Directory Premium P2
- Having an existing Azure Firewall
- Configuring a Log Analytics workspace
- Enabling a Secure Virtual Hub
Answer: Enabling a Secure Virtual Hub
Explanation: Azure Firewall Manager uses Secure Virtual Hubs, which are virtual network hubs in Virtual WAN providing connectivity and security configuration management.
True or False: Azure Firewall Manager can enforce Threat Intelligence-based filtering rules across managed Azure Firewall instances.
- True
- False
Answer: True
Explanation: Azure Firewall Manager can centrally manage and apply Threat Intelligence-based filtering rules, which can be configured to alert or deny traffic from/to known malicious IP addresses and domains.
Which of the following features does Azure Firewall Manager offer?
- Intrusion Detection System
- URL filtering
- DNS Security
- Automatic scaling
Answer: URL filtering
Explanation: Azure Firewall Manager offers URL filtering features that allow administrators to manage and enforce URL-based rules across their Azure Firewall instances.
True or False: Azure Firewall Manager provides a unified security management interface for hybrid cloud environments, including both Azure and on-premises networks.
- True
- False
Answer: True
Explanation: Azure Firewall Manager provides security management for hybrid cloud environments and can manage firewall policies in on-premises networks connected to Azure through VPN or ExpressRoute as well as in Azure cloud environments.
What does Azure Firewall Manager use to group related firewall policies?
- Security groups
- Security policy rules
- Policy initiative
- Hierarchies
Answer: Hierarchies
Explanation: Azure Firewall Manager uses hierarchies to group related firewall policies. This allows organizations to efficiently manage and organize their security policies based on resource groups, applications, or environments.
Great blog post on configuring Azure Firewall Manager!
I found the steps quite clear. Can anyone expound on how to integrate Azure Firewall Manager with Azure Sentinel?
Why is Azure Firewall Manager considered more secure than traditional firewall setups?
Thanks for this detailed post!
The tutorial is great, but I still find the pricing model for Azure Firewall confusing!
How do you handle the migration from existing firewalls to Azure Firewall Manager?
I appreciate the examples given for managing policies. Very helpful!
I had trouble with logging setup. Any insights?