We are blissful to share a number of key Azure Firewall capabilities that at the moment are typically out there in addition to updates on latest essential releases into common availability (GA) and preview.
- New GA areas in Qatar central, China East, and China North
- IDPS Private IP ranges now typically out there.
- Single Click Upgrade/Downgrade now in preview.
- Enhanced Threat Intelligence now in preview.
- KeyVault with zero web publicity now in preview.
Azure Firewall is a cloud-native firewall as a service providing that allows prospects to centrally govern and log all their visitors flows utilizing a DevOps method. The service helps each utility and network-level filtering guidelines and is built-in with the Microsoft Threat Intelligence feed to filter identified malicious IP addresses and domains. Azure Firewall is extremely out there with built-in auto-scaling.
New GA areas in Qatar central, China East, and China North
We are blissful to announce that Azure Firewall Standard, Azure Firewall Premium, and Azure Firewall Manager at the moment are typically out there in three new areas: Qatar Central, China East, and China North.
With these three new areas, Azure Firewall is now out there in 38 areas worldwide!
IDPS Private IP ranges now GA
A community intrusion detection and prevention system (IDPS) help you monitor community actions for malicious exercise, log details about this exercise, report it, and optionally try to dam it.
In Azure Firewall Premium IDPS, Private IP tackle ranges are used to determine visitors course (inbound, outbound, or inside) to permit correct matches with IDPS signatures. By default, solely ranges outlined by Internet Assigned Numbers Authority (IANA) RFC 1918 are thought of personal IP addresses. To modify your personal IP addresses, now you can simply edit, take away, or add ranges as wanted.
Single Click Upgrade/Downgrade (preview)
With this new functionality, prospects can simply improve their present Firewall Standard SKU to Premium SKU in addition to downgrade from Premium to Standard SKU. The course of is absolutely automated and has zero service downtime.
In the improve course of, customers can choose the coverage to be connected to the upgraded Premium SKU. Either by utilizing an present Premium Policy or by using their present Standard Policy. Customers can make the most of their present Standard coverage and let the system mechanically duplicate, improve to Premium Policy, and fix it to the newly created Premium Firewall.
This new functionality is out there by means of the Azure portal as seen within the screenshot under, in addition to by way of PowerShell and Terraform.
Enhanced Threat Intelligence (preview)
Threat Intelligence is info a company makes use of to know the threats which have, will, or are at present concentrating on the group. This data is used to arrange, forestall, and determine cyber threats seeking to benefit from useful assets. Azure Firewall Threat intelligence info is sourced from the Microsoft Threat Intelligence feed, which incorporates a number of sources together with the Microsoft Cyber Security workforce.
Threat Intelligence-based filtering may be enabled in your firewall to alert and deny visitors from/to identified malicious IP addresses and FQDNs. With the brand new enhancement, Azure Firewall Threat Intelligence has extra granularity for filtering based mostly on malicious URLs. This signifies that prospects could have entry to a sure area by means of a particular URL on this area shall be denied by Azure Firewall if recognized as malicious.
For optimum granularity, prospects can make the most of Threat Intelligence permit record to bypass menace intelligence validation on trusted FQDNs, IP addresses, ranges, and subnets.
In HTTPS, the URL is encrypted, thus prospects can make the most of Azure Firewall Premium TLS inspection to permit URL-based Threat Intelligence additionally for his or her encrypted visitors.
With Azure Firewall IDPS, Threat Intelligence, and TLS inspection, prospects can enhance their safety posture to change into higher protected towards future threats.
KeyVault with zero web publicity (preview)
In Azure Firewall Premium TLS inspection, prospects are required to deploy their intermediate CA certificates in Azure KeyVault. Now that Azure firewall is listed as a trusted Azure KeyVault service, prospects can eradicate any web publicity of their Azure KeyVault.
At Microsoft, we’re consistently evolving Azure Firewall to fulfill our prospects’ wants and assist them strengthen their safety and acquire efficiencies. Last month, we introduced the preview of Policy Analytics for Azure Firewall, which helps enhance your safety posture by offering important insights and proposals for optimizing firewall guidelines. We additionally just lately introduced the preview of Azure Firewall Basic, a brand new SKU of Azure Firewall designed to fulfill the wants of SMBs by offering enterprise-grade safety of their cloud atmosphere at an reasonably priced worth level. We plan to share additional enhancements to Azure Firewall very quickly, together with new troubleshooting capabilities. Please keep tuned!