Azure Firewall allows you to centrally manage and log all your traffic flows using a DevOps approach. The service supports filtering rules both at an application and network level. It is also integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains.
February saw some good new features incorporated into the service. Here is a quick rundown:
ICSA Labs Corporate Firewall Certification
Azure Firewall is the first cloud firewall service to receive the ICSA Labs Corporate Firewall Certification.
ICSA Labs is a top third-party testing and certification company for IT products and network-connected devices.
New Features Generally Available
Customer configured SNAT private IP address ranges
You can now configure Azure Firewall to not Source Network Address Translation (SNAT) specified custom IP address ranges. This is on top of the automated setting that does not SNAT when the destination IP address is a private IP address range.
High ports restriction relaxation
Azure Firewall has always had a restriction that prohibited network and application rules from including ports above 64,000. With this update, you can now use any port in the 1-65535 range in network and application rules.
New Features in Preview
Forced Tunnelling Support
Forced tunnelling allows you to redirect all internet-bound traffic from Azure Firewall to your on-premises firewall, or a nearby Network Virtual Appliance, for further review using a specially configured subnet.
IP Groups is a new resource that enables you to sort and administer IP addresses in Azure Firewall rules. Simply name your IP group, and enter IP addresses directly or upload a file. This streamlines your experience and reduces time spent dealing with IP addresses.
Read the Documentation:
SNAT private IP address ranges