You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Updated Azure DDoS Protection and Firewall sections with tier details and business scenarios. Changed 'Azure virtual network security groups' to 'Azure network security groups' for consistency.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-network-solutions/includes/8-design-for-application-protection-services.md
+13-5Lines changed: 13 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,13 +5,17 @@ Azure offers several networking services to help protect your network resources.
5
5
6
6
### Azure DDoS Protection (distributed denial of service protection)
7
7
8
-
[Azure DDoS Protection](/azure/ddos-protection/manage-ddos-protection) provides countermeasures against the most sophisticated DDoS threats. The service provides enhanced DDoS mitigation capabilities for your application and resources deployed in your virtual networks. Additionally, customers who use Azure DDoS Protection have access to DDoS Rapid Response support to engage DDoS experts during an active attack.
8
+
[Azure DDoS Protection](/azure/ddos-protection/ddos-protection-overview) provides countermeasures against the most sophisticated DDoS threats with [two tiers](/azure/ddos-protection/ddos-protection-sku-comparison#tiers).
9
+
10
+
-**DDoS Network Protection**: VNet-level protection plan covering multiple resources, includes DDoS Rapid Response support and cost protection guarantees
11
+
-**DDoS IP Protection**: Pay-per-protected-IP model, no protection plan required, suitable for individual workloads.
9
12
10
13
#### Business scenarios
11
14
12
15
- Implement always-on traffic monitoring, adaptive tuning, and mitigation scale.
13
16
- Access multi-layered protection, including attack analytics, metrics, and alerting.
14
-
- Receive support from the DDoS rapid response team.
17
+
- Network protection with centralized management and Rapid Response support.
18
+
- IP protection for individual workloads or cost-sensitive architectures.
15
19
16
20
### Azure Private Link
17
21
@@ -25,7 +29,11 @@ Azure offers several networking services to help protect your network resources.
25
29
26
30
### Azure Firewall
27
31
28
-
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Azure Firewall uses a static public IP address for your virtual network resources, which allows outside firewalls to identify traffic originating from your virtual network. Azure Firewall provides inbound protection for non-HTTP/S protocols (such as RDP, SSH, and FTP), outbound network-level protection for all ports and protocols, and application-level protection for outbound HTTP/S.
32
+
[Azure Firewall](/azure/firewall/overview) is a managed, cloud-based network security service available in three tiers:
33
+
-**Basic**: Limited features, alert-only threat intelligence (not recommended for production).
34
+
-**Standard**: Full stateful firewall, FQDN filtering, threat intelligence, log analytics.
35
+
-**Premium**: Adds TLS inspection, IDPS with 67,000+ signatures, URL filtering, web categories, scales to 100 Gbps, PCI DSS compliance.
36
+
29
37
30
38
#### Business scenarios
31
39
@@ -45,7 +53,7 @@ Azure Firewall is a managed, cloud-based network security service that protects
45
53
- React faster to security threats by centrally patching known vulnerabilities instead of securing individual web apps.
46
54
- Deploy Web Application Firewall with Application Gateway, Front Door, and Content Delivery Network.
47
55
48
-
### Azure virtual network security groups
56
+
### Azure network security groups
49
57
50
58
You can filter network traffic to and from Azure resources in an Azure virtual network with [Azure network security group (NSGs)](/azure/virtual-network/network-security-groups-overview). You can use a network virtual appliance (NVA) such as Azure Firewall or firewalls from other vendors.
51
59
@@ -58,4 +66,4 @@ NSGs contain two sets of rules: inbound and outbound. The priority for a rule mu
58
66
- Control how Azure routes traffic from subnets.
59
67
- Limit the users in an organization who can work with resources in virtual networks.
60
68
- Restrict traffic to an individual NIC by associating an NSG directly to a NIC.
61
-
- Combine NSGs with JIT access to restrict access to your virtual machine management ports.
69
+
- Combine NSGs with JIT access to restrict access to your virtual machine management ports.
0 commit comments