Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
iSmile Technologies will configure Azure Firewall to capture all egress traffic from your Virtual Machine by defining a routeing table with a default route pointing to the Azure Firewall. We’ll configure Azure Firewall policies to allow outbound Internet connections only to the PowerShell Gallery.
Azure Firewall offers the following features:
Built-in high availability
High availability is built-in, so no additional load balancers are required, and you need to configure nothing.
Unrestricted cloud scalability
Azure Firewall can scale up as much as you need to accommodate changing network traffic flows, so you don’t need to budget for your peak traffic.
Application FQDN filtering rules
You can limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDN), including wild cards. This feature does not require SSL termination.
Network traffic filtering rules
You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful to distinguish legitimate packets for different connections. Rules are enforced and logged across multiple subscriptions and virtual networks.
FQDN tags make it easy for you to allow well known Azure service network traffic through your firewall. For example, say you want to allow Windows Update network traffic through your firewall. You create an application rule and include the Windows Update tag. Now network traffic from Windows Update can flow through your firewall.
Outbound SNAT support
All outbound virtual network traffic IP addresses are translated to the Azure Firewall public IP (Source Network Address Translation). You can identify and allow traffic from your virtual network to remote Internet destinations.
Inbound DNAT support
Inbound network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks.
Azure Monitor logging
All events are integrated with Azure Monitor, allowing you to archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics.
Steps For Implementation:
Phase 1: Discovery and Assessment Phase (2 Days)
Gather below Details from Customer on Current Active Directory Infrastructure
- Audit Current Infrastructure on Azure – IaaS, PaaS, Storage with the existing security posture
- Gather information on Client Application, 3rd Party integration / API and Database deployed
- Discuss with Clients on their business goals, strategic objectives, and security compliance requirements
- Audit Internal; External Users are accessing Environment
Phase 2: Solution Design and Documentation Phase (2 Days)
- Document – Azure Infrastructure summary – Asset List, Concurrent Hits, RPO /RTO required etc
- Propose Fortinet Infrastructure sizing for target environment based on performance metrics
- Document Approach for rules Migration from Existing Firewall if any to Fortinet Firewall (If compatible)
- Provide Azure Estimated Consumption; Fortinet components Estimate
Phase 3: Setup of Fortinet Firewall Under Azure Infrastructure (3 Days)
- Set up Azure VM for Fortinet Firewall with or without HA
- Deploy and Configure Fortinet Firewall Configuration, Rules, Establish VPN etc
- Bring Existing or New Azure IaaS or PaaS infrastructure Fortinet Firewall
- Monitor the Fortinet Firewall working with Azure Client Infrastructure
- Monitor replication health status in case of HA
Phase 4: DR Test (1 Day)
- Carry DR test Drill in case of Fortinet HA Firewall
- Hand over to Client
Azure Firewall Setup - 8 Days Implementation is a service provided by ISmile Technologies that involves setting up a firewall in your Microsoft Azure environment. Our team of experts will work with you to design and deploy a custom firewall that meets your unique business needs and security requirements.
A firewall is an essential component of a secure cloud environment. It helps protect your network from unauthorized access, block malicious traffic, and ensure compliance with industry regulations. By setting up a firewall in your Azure environment, you can secure your applications, data, and infrastructure from potential threats.
Our team of experts will work with you to design and deploy a custom firewall solution in your Azure environment. The implementation process typically involves the following steps:
- Assessing your security requirements and designing a custom firewall solution
- Deploying and configuring the Azure Firewall in your environment
- Testing the firewall to ensure it is working as expected
- Documenting the setup and providing knowledge transfer to your team.
The Azure Firewall Setup - 8 Days Implementation service typically takes 8 business days to complete. However, the timeline may vary depending on the complexity of your environment and the specific requirements of your business.
After the implementation is complete, ISmile Technologies provides ongoing support to ensure that your firewall solution continues to meet your evolving security needs. We offer a range of support services, including monitoring, management, and maintenance, as well as access to our team of experts for troubleshooting and issue resolution.