Search
StarWind is a hyperconverged (HCI) vendor with focus on Enterprise ROBO, SMB & Edge

Microsoft Azure Firewall – Unveiling the Latest Preview Features

  • June 6, 2023
  • 14 min read
Cloud and Virtualization Architect. Brandon has over 20 years of experience across multiple sectors. He is responsible for the creative and technical content direction at virtualizationhowto.com
Cloud and Virtualization Architect. Brandon has over 20 years of experience across multiple sectors. He is responsible for the creative and technical content direction at virtualizationhowto.com

As businesses increasingly move into the cloud, they require robust, scalable, and intuitive cybersecurity solutions. At the forefront of this evolution is Microsoft Azure, offering a suite of security services, including the Azure Firewall. Azure Firewall provides a cloud-native network security service that offers threat protection for Azure workloads, bolstered by its stateful firewall-as-a-service model. Recently, Microsoft announced new Preview features for the Azure Firewall. Let’s look at the latest announcements and the features and capabilities they bring to the table.

What is Microsoft Azure Firewall?

Microsoft Azure Firewall is a fully stateful firewall service with built-in high availability and unrestricted cloud scalability. It processes critical application traffic, enforces security policies, and is crucial for diagnosing traffic-related issues. With new preview features now available, Azure Firewall offers enhanced visibility and insights into the traffic it processes, making it even more powerful in your organization’s cybersecurity toolbox and troubleshooting performance.

Overview of the New Preview Features

The latest preview features for Azure Firewall offer users advanced logging and metrics capabilities to improve network management and troubleshooting. These features include:

  1. Latency Probe Metric
  2. Flow Trace Logs
  3. Structured Firewall Logs
  4. Explicit Proxy

1. Latency Probe Metric in Detail

Network latency can fluctuate due to various factors, from high CPU utilization to networking issues. As such, the new Latency Probe Metric is designed to provide real-time monitoring of Azure Firewall’s latency. By utilizing Pingmesh technology, this tool calculates the average latency of the firewall itself.

This information is invaluable for IT administrators who must diagnose potential issues with traffic or services in the infrastructure, allowing them to take proactive measures to mitigate any observable latency. This tool does not measure end-to-end latency or the latency of individual packets, focusing instead on the overall health of the service.

New Latency Probe Metric

New Latency Probe Metric

2. Flow Trace Logs

Azure Firewall’s new Flow Trace Logs expand the firewall’s logging capabilities to provide more detailed insights into TCP connections. These logs capture every packet that goes through the firewall, offering a full picture of the TCP handshake process and any potential packet drops or asymmetric routes.

It is beneficial when diagnosing problems like asymmetric routing, a common issue where packets take different paths to and from the firewall. In addition, by enabling Flow Trace, IT administrators can now see additional flags for verification, including SYN-ACK, FIN, FIN-ACK, RST, and INVALID.

Azure Firewall's new Flow Trace Logs

3. Structured Firewall Logs

Structured Firewall Logs significantly shift how Azure Firewall handles log querying. By replacing the existing AzureDiagnostics table with Resource Specific tables, Azure Firewall now provides a more structured and efficient logging method. This new approach improves performance across both ingestion latency and query times and simplifies data discovery and schema structure. Moreover, Structured Firewall Logs also allow you to grant Azure RBAC rights on a specific table, enhancing control over your data.

4. Explicit Proxy

The Explicit Proxy feature significantly enhances Azure Firewall’s network control capabilities. By configuring Azure Firewall as a proxy on the outbound path of the sending application, network administrators can ensure that traffic from a sending application goes to the firewall’s private IP address.

It bypasses the need for a user-defined route (UDR), resulting in a more direct and efficient egress from the firewall. In addition, the explicit proxy setting is ideal for instances where the sending application, such as a web browser, needs to be configured with Azure Firewall as the proxy.

Additional recently added Azure Firewall features

Let’s consider a few other recently added features in Azure Firewall that provide even further capabilities to administrators.

1. Policy Analytics

Policy Analytics is another powerful feature that aims to provide insights into Azure Firewall policies. It processes Azure Firewall logs and generates summary reports, thereby offering a comprehensive overview of the network traffic and the effectiveness of the firewall policies. This information can be crucial in identifying patterns, detecting anomalies, and fine-tuning security strategies.

2. Firewall Policy in Secure Virtual Hub

Azure’s Secure Virtual Hub is a managed network security service that allows customers to secure traffic within their Azure Virtual WAN. Integrating Firewall Policy with Secure Virtual Hub provides centralized control over security policies and route management.

3. FQDN Tags in Network Rules

Fully Qualified Domain Name (FQDN) tags are now supported in network rules. It allows IT administrators to group multiple domains under a single tag, simplifying the management and enforcement of security policies.

4. Multiple Public IPs

This feature allows you to associate multiple public IP addresses with a single Azure Firewall instance. It is especially useful for scenarios that require outbound SNAT connections to use different public IP addresses.

5. IP Groups in Network and Application Rules

IP Groups allow administrators to group multiple IP addresses into a single entity. It simplifies creating and managing network and application rules, as a single IP Group can be used across multiple rules and policies.

The Impact of the New Azure Firewall Enhancements

These new features and enhancements aim to strengthen the capabilities of Azure Firewall, providing businesses with more comprehensive and efficient tools to secure their cloud environment. With these improvements, businesses can expect the following:

1. Improved Visibility and Troubleshooting

Features like the Latency Probe Metric and Flow Trace Logs provide enhanced visibility into the network traffic processed by Azure Firewall. It allows IT administrators to identify potential issues more quickly and effectively troubleshoot them, reducing downtime and improving network performance.

2. Streamlined Management and Policy Enforcement

Features such as FQDN Tags in Network Rules and IP Groups in Network and Application Rules simplify the management and enforcement of security policies. It saves IT admins time and effort and reduces the chances of errors that could lead to security risks.

3. Enhanced Performance and Scalability

With the ability to associate multiple public IP addresses with a single Azure Firewall instance and the scalability offered by Azure Firewall, businesses can ensure that their security measures keep pace with their growth and evolving needs.

Azure Firewall Features FAQs

  1. What is the Benefit of Azure Firewall’s Latency Probe Metric? The Latency Probe Metric provides IT administrators with essential data on the overall latency of Azure Firewall. In addition, this new feature allows for the proactive identification of potential issues in your network infrastructure, offering insights into the health of the Azure Firewall service.
  2. How Can Flow Trace Logs Improve My Network Troubleshooting? Flow Trace Logs provide a more comprehensive view of the TCP handshake process, enabling administrators to track packets through the firewall and identify issues such as packet drops or asymmetric routes. This granular visibility improves troubleshooting and network security.
  3. What Are the Advantages of Structured Firewall Logs? Structured Firewall Logs enhance the process of log querying by using Resource Specific tables. This method improves performance, simplifies data handling, and provides better schema discovery, enhancing the overall user experience.
  4. How Does the Explicit Proxy Feature Work? The Explicit Proxy feature in Azure Firewall allows proxy settings to be configured on the sending application. In addition, it leads to traffic being routed directly to the firewall’s private IP address, optimizing network flow control.
  5. What Are the Benefits of the Top Flows Feature in Azure Firewall? The Top Flows feature gives administrators a snapshot of the most active network flows through the Azure Firewall. In addition, it allows for better network traffic monitoring and helps identify potential security threats or performance issues.

Wrapping up

Adding these new preview features to Azure Firewall shows Microsoft’s commitment to improving its cybersecurity offerings and overall features. By providing more detailed insights and controls, these features allow network administrators to better manage, diagnose, and resolve network issues. As the digital landscape continues to evolve, Azure Firewall is also continuing to evolve, helping to meet future challenges.

With the Preview features, Microsoft encourages users to deploy and test them in their environments. Feedback from this testing phase will contribute to the final versions of these features, helping to refine their functionality and user experience. Then, when they move to General Availability (GA), they’ll be available to all customers without enabling a feature flag.

 

Hey! Found Brandon’s article helpful? Looking to deploy a new, easy-to-manage, and cost-effective hyperconverged infrastructure?
Alex Bykovskyi
Alex Bykovskyi StarWind Virtual HCI Appliance Product Manager
Well, we can help you with this one! Building a new hyperconverged environment is a breeze with StarWind Virtual HCI Appliance (VHCA). It’s a complete hyperconverged infrastructure solution that combines hypervisor (vSphere, Hyper-V, Proxmox, or our custom version of KVM), software-defined storage (StarWind VSAN), and streamlined management tools. Interested in diving deeper into VHCA’s capabilities and features? Book your StarWind Virtual HCI Appliance demo today!