Firewall google definition :
In the 15th Day of the Challenge, we've discussed about the Azure Key Vault Manager and why + how we can protect our credentials. Also in the Day 9 of this challenge, we got to know about Network Security Group, and how it protects our network.
The question comes if the Virtual network is already protected then we even need something like this named Firewall.
Unlike Network Security Groups taking care of the particular services of Azure, Azure Firewall lives in the Subscription layer, and it manages the entire Virtual Network layer that has the capability to protect, block, divide the traffic with it's different tier security available.
Azure Firewall is a Microsoft-managed Network Virtual Appliance (NVA). This appliance allows you to centrally create, enforce and monitor network security policies across Azure subscriptions and virtual networks (vNets). An NSG is a layer 3–4 Azure service to control network traffic to and from a vNet.
Unlike Azure Firewall, an NSG can only be associated with subnets or network interfaces within the same subscription of Azure VMs. Azure Firewall can control a much broader range of network traffic. It can filter and analyze L3-L4 traffic, as well as L7 application traffic.
Now let's explore the Azure Firewall hands-on first:
This is what the Sidebar looks like :
Here we are able to see couple of names written, let's try to understand what's the purpose of these:
Virtual Network : A virtual network in cloud computing provides a way to organize and isolate resources, define networking configurations, and establish secure connectivity within the cloud environment. It is a fundamental component for building and deploying cloud-based applications and services.
Virtual Hub : Virtual WAN Hub is a central component of Azure Virtual WAN, providing a hub-and-spoke architecture for simplified and secure network connectivity across on-premises locations and Azure resources. It facilitates global connectivity, policy enforcement, and integration with various Azure services. Always refer to the latest Azure documentation for the most up-to-date information on Azure Virtual WAN and its features.
Application Deliver Platforms : Application Delivery Platforms are crucial for organizations looking to optimize the delivery of their applications, enhance user experience, and maintain a secure and efficient IT environment. Various vendors offer solutions falling under the category of ADP, and organizations typically select a solution based on their specific needs and infrastructure requirements.
Azure Firewall : It acts as a centralized firewall service for securing resources and applications hosted within the Azure cloud environment. Azure Firewall is designed to protect against unauthorized access, prevent data exfiltration, and enable secure communication between resources.
Azure Firewall Policies : Azure Firewall Policies in Microsoft Azure provide a way to centrally manage and enforce firewall rules across multiple Azure Firewall instances. These policies allow organizations to define and implement consistent security rules, application rules, and network rules across different environments and subscriptions. Azure Firewall Policies are part of Azure Firewall Manager, which is a dedicated service for managing multiple Azure Firewall instances.
Security Partner Providers : Work with security partner providers to secure traffic between vNets and the internet
DDoS Protection Plans :
Distributed Denial of Service (DDoS) Protection Plans in the context of Microsoft Azure refer to services and features designed to mitigate the impact of DDoS attacks on applications and resources hosted within the Azure cloud environment. DDoS attacks aim to overwhelm a target with a flood of traffic, causing disruptions and making the targeted services unavailable.Web Application Firewall Policies : Web Application Firewall (WAF) Policies in the context of Microsoft Azure refer to configurations and rulesets designed to enhance the security of web applications by protecting them against various web-based attacks. Azure WAF is a cloud-based firewall service that helps safeguard web applications from common vulnerabilities and exploits. WAF Policies allow users to define and customize security rules, access controls, and threat intelligence settings to protect web applications hosted in Azure.
Now, let's try creating the Firewall & explore more :
Address Spaces : In networking, the term "address space" refers to the range of valid addresses that can be assigned to devices or entities within a particular network or system. It encompasses the set of unique identifiers used to distinguish individual devices and allocate resources within a given network.
In networking, a Firewall SKU refers to a specific model or version of a firewall that is available for use. SKUs are often differentiated by features, capacity, and performance.
Firewall Management:
Firewall management involves the administration, configuration, monitoring, and maintenance of firewall devices or services to ensure the security of a network.
Virtual Network:
A Virtual Network (VNet) is a virtualized network infrastructure within cloud computing environments. It allows users to create isolated and securely connected networks in the cloud.
Click Review + Create & all set.
Top comments (0)