You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-network-security-monitoring/includes/10-implement-web-application-firewall-on-azure-front-door.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ There are two WAF policy modes: Detection and Prevention. By default, the WAF po
14
14
15
15
:::image type="content" source="../media/waf-policy-modes-4a04568d.png" alt-text="Screenshot of the WAF policy modes.":::
16
16
17
-
The Web Application Firewall works with the Application Gateway, Azure Front Door Service, and the Azure CDN Service.
17
+
The Web Application Firewall works with the Application Gatewayand Azure Front Door.
18
18
19
19
## Microsoft managed rule sets, rule groups, and rules
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-network-security-monitoring/includes/11-summary-resources.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,7 +12,7 @@ In this module, you explored a range of network security features.
12
12
13
13
- Azure Firewall Manager provides centralized configuration and management across multiple Azure Firewall instances. Azure Firewall Manager lets you create one or more firewall policies and rapidly apply them to multiple firewalls. Firewall Manager can provide security management for secured virtual hubs and hub virtual networks.
14
14
15
-
- Web Application Firewall provides centralized protection of your web applications from common exploits and vulnerabilities. There are two WAF policy modes: Detection and Prevention. WAF works with the Application Gateway, Azure Front Door Service, and the Azure CDN Service.
15
+
- Web Application Firewall provides centralized protection of your web applications from common exploits and vulnerabilities. There are two WAF policy modes: Detection and Prevention. WAF works with the Application Gatewayand Azure Front Door.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-network-security-monitoring/includes/6-azure-firewall.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,16 +16,20 @@ Azure Firewall has three [SKUs](/azure/firewall/choose-firewall-sku): Azure Fire
16
16
17
17
### How to choose the SKU
18
18
19
-
-**Basic**: Up to 250 Mbps; SMB environments; has threat intelligence in alert mode only.
20
-
-**Standard**: Up to 30 Gbps; enterprise environments; L3–L7 filtering, DNS proxy, web categories, and threat intelligence.
21
-
-**Premium**: Up to 100 Gbps; regulated/sensitive environments (healthcare, payment); adds TLS inspection, IDPS, full URL filtering, and PCI DSS compliance.
19
+
All SKUs support availability zone deployment for zone-redundant high availability. All SKUs include policy analytics for tracking rule usage over time and managing redundant or conflicting rules.
20
+
21
+
-**Basic SKU**: Up to 250 Mbps; SMB environments; has threat intelligence in alert mode only.
22
+
23
+
-**Standard SKU**: Up to 30 Gbps; enterprise environments; L3–L7 filtering, DNS proxy, web categories, and threat intelligence.
24
+
25
+
-**Premium SKU**: Up to 100 Gbps; regulated/sensitive environments (healthcare, payment); adds TLS inspection, IDPS, full URL filtering, and PCI DSS compliance.
22
26
23
27
24
28
25
29
26
30
## What are Azure Firewall rules?
27
31
28
-
An Azure Firewall denies all traffic by default, until rules are manually configured to allow traffic. Rules are organized inside Rule Collections which are contained in Rule Collection Groups. In the Azure Firewall, you can configure NAT rules, network rules, and applications rules.
32
+
An Azure Firewall denies all traffic by default, until rules are manually configured to allow traffic. Rules are organized inside Rule Collections that are contained in Rule Collection Groups. In the Azure Firewall, you can configure NAT rules, network rules, and applications rules.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-network-security-monitoring/includes/8-secure-networks-with-azure-firewall-manager.md
+14-7Lines changed: 14 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,15 +14,22 @@ Firewall Manager can provide security management for secured virtual hubs and hu
14
14
15
15
-**Hub Virtual Network**. A standard Azure virtual network that you create and manage. When you associate firewall policies with this type of hub, you're creating a hub virtual network. This architecture's underlying resource is a virtual network.
16
16
17
-
### Azure Firewall Manager features
17
+
### Azure Firewall Manager capabilities
18
18
19
-
If your organization has multiple Azure Firewall instances, you benefit from centralizing these configurations. Firewall Manager enables you to:
19
+
Azure Firewall Manager provides six key capability areas:
20
20
21
-
- Span multiple Azure subscriptions.
21
+
-**Central deployment and configuration**. Manage Azure Firewall deployment and policies across multiple subscriptions and regions.
22
+
23
+
-**Hierarchical policies**. Create global policies authored by central IT with locally authored overrides.
24
+
25
+
-**Security partner provider integration**. Route Internet-bound VNet and branch traffic through Zscaler, Check Point, or iboss while Azure Firewall handles private traffic in the same hub.
26
+
27
+
-**Centralized route management**. Automatically route spoke traffic to secured hubs without manually configuring user-defined routes.
28
+
29
+
-**DDoS protection plan management**. Associate virtual networks with a DDoS plan directly from Firewall Manager.
30
+
31
+
-**WAF policy management**. Centrally create, view, and associate WAF policies to Front Door and Application Gateway across subscriptions.
22
32
23
-
- Span different Azure regions.
24
-
25
-
- Implement hub and spoke architectures to provide for traffic governance and protection.
26
33
27
34
### Azure Firewall Manager decision criteria
28
35
@@ -36,4 +43,4 @@ Administrators who protect multiple Azure virtual networks use rules to control
36
43
37
44
38
45
> [!TIP]
39
-
> Learn more about Azure Firewall in the [Introduction to Azure Firewall Manager](/training/modules/introduction-azure-firewall/) module.
46
+
> Learn more about Azure Firewall in the [Introduction to Azure Firewall Manager](/training/modules/introduction-azure-firewall/) module.
Copy file name to clipboardExpand all lines: learn-pr/wwl-azure/design-implement-network-security-monitoring/index.yml
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ metadata:
13
13
ms.custom:
14
14
- N/A
15
15
ms.service: azure
16
-
ai-usage: human-only
16
+
ai-usage: ai-assisted
17
17
title: Design and implement network security
18
18
summary: You learn to design and implement network security solutions such as Azure DDoS, Network Security Groups, Azure Firewall, and Web Application Firewall.
0 commit comments