Fully managed firewall as a service including high availability and scale. It’s like our traditional on-premises firewall that Microsoft is managing for us in the Cloud.
With Azure Firewall, we can :
Control our outbound access to the internet just like a network security group (IP addressing protocol, port). We can call network rules within Azure Firewall service : Network Rules or Application Rules.
Control our inbound access (allow RDP access into VM → use public IP address of Azure Firewall itself – we create DNAT rules to allow that inbound access and to map the traffic onto VM for example) : DNAT Rules.
We might need to deploy multiple networks all across the globe. So, we can use Azure Firewall Manager which can configure Policies (for example, we can have some rules that apply to a region) that are applied to multiple firewalls in a specific region : Centralization of policy configuration with a parent policy whose rules are inherited by the children policies.
