Azure Firewall

🔥

1

Firewall Instance

📋

3

Rule Collections

🌐

8

Network Rules

🔗

6

Application Rules

🔄

3

DNAT Rules

🛡

ON

Threat Intel

📐 Firewall Traffic Flow

🌍

Internet

External Traffic

↕

🔥

Azure Firewall Premium

fw-prod-eastus2 · 10.0.0.4 · 20.42.10.5

↕

📋

Network Rules

L3/L4 Filtering

🔗

App Rules

FQDN Filtering

🔄

DNAT Rules

Inbound NAT

↕

🌐 Public Subnet

🖥 Web VMs

10.0.1.0/24

↔

🔒 Private Subnet

🗄 App + DB

10.0.3.0/24

🔥 Firewall Overview

🔥

fw-prod-eastus2

Azure Firewall Premium · East US 2 · Microsoft.Network/azureFirewalls

Premium SKU

Private IP

10.0.0.4

Public IP

20.42.10.5

Firewall Subnet

AzureFirewallSubnet (10.0.0.0/26)

Availability Zones

Zone 1, 2, 3

Threat Intel Mode

✔ Alert and Deny

DNS Proxy

✔ Enabled

IDPS

✔ Alert and Deny

TLS Inspection

✔ Enabled

📋 Rule Collections

🌐

Network Rule Collection

rc-network-prod · Priority 100 · 8 Rules

100

TCP

Allow-Web-Inbound

Any → 10.0.1.0/24 :443,80

Allow

110

TCP

Allow-App-Internal

10.0.1.0/24 → 10.0.3.0/24 :8080

Allow

120

TCP

Allow-DB-Access

10.0.3.0/24 → 10.0.4.0/24 :1433

Allow

130

UDP

Allow-DNS

VNet → AzureDNS :53

Allow

200

TCP

Allow-AzureMonitor

VNet → AzureMonitor :443

Allow

4096

ANY

DenyAll

Any → Any