Last Updated on May 14, 2024 by Arnav Sharma
Azure Firewall is a cloud-based network security service that protects your Azure Virtual Network resources. It is a stateful firewall as a service that monitors and filters incoming and outgoing traffic based on application and port. Azure Firewall uses static public IP addresses for your virtual network resources, so you don’t have to worry about NAT or PAT.
The Basic SKU includes all the features of Azure Firewall, except for high availability and geo-redundancy.
Details Below:
Standard & Premium
Azure Firewall is a cloud-based network security service that protects your resources from attacks. It is available in two editions: Standard and Premium. Azure Firewall Standard provides essential protection against common threats, while Azure Firewall Premium provides advanced protection against sophisticated threats.
Both editions of Azure Firewall offer protection against denial of service (DoS) attacks, SQL injection attacks, and cross-site scripting (XSS) attacks. Azure Firewall Standard also offers protection against SYN floods and ICMP floods, while Azure Firewall Premium offers protection against SYN cookies, IPsec tunnels, and SSL/TLS encryption.
Cost Factor:
According to a recent study, the price of Azure Firewall is significantly higher than other similar products on the market. This has led many businesses to reconsider their use of Azure Firewall, as the cost can be prohibitive for some.
Its high price tag is often a deterrent for small and medium-sized businesses. The average cost of Azure Firewall is $1,500 per month, which can add up quickly for companies that need to protect multiple data centre locations.
For 730 hours (a month), the Basic comes out to be $450 (vs $1500 for Standard)
Choosing the correct Azure Firewall SKU to meet your needs
Azure Firewall now supports three different SKUs to cater to a wide range of customer use cases and preferences.
- Azure Firewall Premium is recommended to secure highly sensitive applications (such as payment processing). It supports advanced threat protection capabilities like malware and TLS inspection.
- Azure Firewall Standard is recommended for customers looking for Layer 3–Layer 7 firewall and needs auto-scaling to handle peak traffic periods of up to 30 Gbps. It supports enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
- Azure Firewall Basic is recommended for SMB customers with throughput needs of less than 250 Mbps.
Q: What is Azure Firewall Basic?
A: Azure Firewall Basic is a new entry-level SKU of Azure Firewall. It provides customers with a cloud-native network firewall service that’s offered at an affordable price point. It supports deployment in a virtual network with multiple public IP addresses and offers built-in high availability.
Q: What is the difference between Azure Firewall Basic and Azure Firewall Standard?
A: The major difference is that Azure Firewall Standard offers threat intelligence, filtering for outbound traffic, and built-in integration with Azure Sentinel. Azure Firewall Basic is a simpler, more affordable option that provides basic network firewall security for customers that don’t need those additional features.
Q: How do I deploy Azure Firewall Basic?
A: You can deploy Azure Firewall Basic through the Azure portal, Azure PowerShell, Azure CLI, or an Azure Resource Manager template.
Q: What is the difference between a network rule and an application rule in Azure Firewall Basic?
A: Network rules are used to allow or deny traffic based on source IP address, destination IP address, and protocol. Application rules are used to allow or deny traffic based on the destination FQDN and URL path.
Q: Can I use Azure Firewall Basic to filter outbound traffic?
A: No, Azure Firewall Basic only supports filtering inbound traffic. If you need to filter outbound traffic, you’ll need to use Azure Firewall Standard.
Q: What is Azure Firewall Manager?
A: Azure Firewall Manager is a central security management service that provides global policy management and security management for multiple Azure Firewall instances across different regions and subscriptions.
Q: What is the built-in high availability feature of Azure Firewall Basic?
A: Azure Firewall Basic is deployed in one of the availability zones within a region, which provides built-in high availability and resilience to failures.
Q: How do I configure Azure Firewall Basic using the Azure portal?
A: You can configure Azure Firewall Basic using the Azure portal by creating a new Azure Firewall instance and then creating and configuring network and application rules within the firewall policy.
Q: What additional resources are available for learning about Azure Firewall Basic?
A: You can find additional resources for learning about Azure Firewall Basic on the Microsoft Learn website and in the Azure documentation.
Q: Is there a public preview available for Azure Firewall Basic?
A: Yes, there is a public preview available for Azure Firewall Basic.
Keywords: network traffic, security updates, security updates
I help organisations secure their cloud infrastructure and stay ahead of evolving cyber threats. Microsoft MVP and Certified Trainer, author of Mastering Azure Security, and founder of arnav.au — a platform for practical Cloud, Cybersecurity, DevOps and AI content.