Azure Firewall Premium is a cloud-based, managed network security service that offers next generation firewall(NGFW) capabilities that protects Virtual Network resources of Azure. It offer key factors that are required for highly sensitive and regulated environments.
With the new Azure Firewall Premium, the Key features in this release include:
- TLS Inspection: Azure Firewall Premium terminates outbound and east-west TLS connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
- IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
- Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
- URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in conjunction with Web Categories.
Benefits of Azure Firewall Premium
- Azure Firewall Premium is using Firewall Policy, which can be used to centrally manage your firewalls using Azure Firewall Manager.
- Organization can leverage features like IDPS and TLS inspection to avert virus and malware spread across the network.
- Azure Firewall Premium utilizes a more powerful Virtual Machine to meet in growing performance need IDPS and TLS inspection.
- The new approach of Azure Firewall Policy allows reusing existing API integration with slight changes.
- Azure Firewall Policy offers several advantages such as sharing common configuration across multiple firewalls, grouping rules using rule collection groups, and managing rules over time using policy analytics
- Firewall Rules (Classic) continues to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall Manager. Firewall policy associated with a single firewall has no charge.
Migration from Azure Firewall Standard to Premium
As part of this general availability release, we are offering two new capabilities to allow smooth migration:
- Convert the existing Azure Firewall rules (Classic) to Azure Firewall Policy.
2. Create a new Azure Firewall Premium and associate it to an existing policy.
After exporting the Azure Firewall configuration and decommissioning your existing Azure Firewall Standard, you can deploy a new Azure Firewall Premium while associating to it the standard firewall configuration and maintaining its public IP.
Like the Standard SKU, Azure Firewall Premium pricing includes both deployment and data processing charges.
The deployment charge is 40 percent higher than Azure Firewall Standard and the data processing charge remains the same as Azure Firewall Standard.