Simplify and centralize network security management with Azure Firewall Manager…


We’re excited to introduce you to this Azure Web Application Firewall (WAF) policy and Azure DDoS Protection plan management Microsoft Azure Firewall Manager is now generally available.

With the increasing need to secure cloud deployments through a zero-trust approach, the ability to manage network security policies and resources in one place is an important security measure.

Today you can now manage centrally Azure Web Application Firewall (WAF) Delivering Layer 7 application security for your application delivery platforms, Azure front doorand Azure application gateway, across your networks and across subscriptions. You can also configure DDoS protection standard to protect your virtual networks from Layer 3 and Layer 4 attacks.

Azure Firewall Manager is a centralized network security policy and route management service that enables administrators and organizations to protect their networks and cloud platforms at scale in one place.

Azure Web Application Firewall is a cloud-native Web Application Firewall (WAF) service that provides powerful protection for web apps against common hacking techniques such as SQL injection and security vulnerabilities such as cross-site scripting.

Azure DDoS Protection Standard provides enhanced Distributed Denial-of-Service (DDoS) mitigation capabilities to protect against DDoS attacks. It is automatically optimized to protect all public IP addresses in virtual networks. Protection is easily enabled on any new or existing virtual network and requires no application or resource changes.

By using WAF policies and DDoS protection on your network, this provides multi-layered protection for all your critical workloads and applications.

Management of WAF policies and DDoS protection plans is a complement to Azure Firewall management in Azure Firewall Manager.

Centrally protect your application delivery platforms using WAF policies

In Azure Firewall Manager, you can now manage and protect your Azure Front Door or Application Gateway deployments by mapping WAF policies at scale. This allows you to view all your important deployments in one place along with Azure Firewall deployments and DDoS protection plans.

Upgrade from WAF configuration to WAF policy

In addition, the platform supports administrators to upgrade from a WAF configuration to WAF policies for application gateways by selecting the service and Upgrade from WAF configuration. This allows for a smoother process for migrating to WAF policies that support WAF policy settings, managed rule sets, exclusions, and disabled rule groups.

Note that any WAF configuration previously created in Application Gateway can be run through the WAF policy.

Upgrading a WAF configuration to a WAF policy

Manage DDoS protection plans for your virtual networks

You can enable DDoS Protection Plan Standard for your virtual networks listed in Azure Firewall Manager across subscriptions and regions. This allows you to see which virtual networks have Azure Firewall and/or DDoS protection in one place.

    Figure 3: Enabling DDoS Protection Standard in a virtual network in Azure Firewall Manager

View and create WAF policies and DDoS protection plans in Azure Firewall Manager

You can view and create WAF policies and DDoS protection plans from the Azure Firewall Manager experience alongside Azure Firewall policies.

In addition, you can import existing WAF policies to create a new WAF policy, so you don’t have to start from scratch if you want to keep similar settings.

Figure 4: Web Application Firewall policies view in Azure Firewall Manager

Figure 5: View of DDoS protection plans in Azure Firewall Manager

Monitor your entire network security

Azure Firewall Manager provides monitoring of your overall network security status. Here you can easily see which virtual networks and virtual hubs are protected by Azure Firewall, a third-party security provider, or the DDoS protection standard. This overview can help you identify and prioritize vulnerabilities that reside in your Azure environment, across subscriptions, or for the entire tenant.

Figure 6 Monitoring page in Azure Firewall Manager

You will also soon be able to view your Application Gateway and Azure Front Door monitors for a complete view of network security.

Learn more

To learn more about these features in Azure Firewall Manager, visit the Manage web application firewall policies tutorial, WAF in the Application Gateway documentationand WAF on Azure Front Door documentation. For DDoS information visit the Configure the Azure DDoS protection plan using the Azure Firewall Manager tutorial and Azure DDoS Protection documentation.

To learn more about Azure Firewall Manager, please visit the Azure Firewall Manager home page.

Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.