Azure Firewall Setup – 8 Days implementation

iSmile Technologies provides the implementation of a Firewall on Azure to enhance security, giving multi-layered advanced security to protect against cyber-attacks.

Azure Firewall Setup_featured

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. 

 
iSmile Technologies will configure Azure Firewall to capture all egress traffic from your Virtual Machine by defining a routeing table with a default route pointing to the Azure Firewall. We’ll configure Azure Firewall policies to allow outbound Internet connections only to the PowerShell Gallery. 

Azure Firewall offers the following features:

Built-in high availability 
High availability is built-in, so no additional load balancers are required, and you need to configure nothing. 

Unrestricted cloud scalability 
Azure Firewall can scale up as much as you need to accommodate changing network traffic flows, so you don’t need to budget for your peak traffic. 

Application FQDN filtering rules 
You can limit outbound HTTP/S traffic to a specified list of fully qualified domain names (FQDN), including wild cards. This feature does not require SSL termination. 

Network traffic filtering rules 
You can centrally create allow or deny network filtering rules by source and destination IP address, port, and protocol. Azure Firewall is fully stateful to distinguish legitimate packets for different connections. Rules are enforced and logged across multiple subscriptions and virtual networks. 

FQDN tags 
FQDN tags make it easy for you to allow well known Azure service network traffic through your firewall. For example, say you want to allow Windows Update network traffic through your firewall. You create an application rule and include the Windows Update tag. Now network traffic from Windows Update can flow through your firewall. 

Outbound SNAT support 
All outbound virtual network traffic IP addresses are translated to the Azure Firewall public IP (Source Network Address Translation). You can identify and allow traffic from your virtual network to remote Internet destinations. 

Inbound DNAT support 
Inbound network traffic to your firewall public IP address is translated (Destination Network Address Translation) and filtered to the private IP addresses on your virtual networks. 

Azure Monitor logging 
All events are integrated with Azure Monitor, allowing you to archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics.

Steps For Implementation:

Phase 1: Discovery and Assessment Phase (2 Days) 
Gather below Details from Customer on Current Active Directory Infrastructure 

  • Audit Current Infrastructure on Azure – IaaS, PaaS, Storage with the existing security posture 
  • Gather information on Client Application, 3rd Party integration / API and Database deployed 
  • Discuss with Clients on their business goals, strategic objectives, and security compliance requirements 
  • Audit Internal; External Users are accessing Environment

Phase 2: Solution Design and Documentation Phase (2 Days) 

  • Document – Azure Infrastructure summary – Asset List, Concurrent Hits, RPO /RTO required etc 
  • Propose Fortinet Infrastructure sizing for target environment based on performance metrics 
  • Document Approach for rules Migration from Existing Firewall if any to Fortinet Firewall (If compatible) 
  • Provide Azure Estimated Consumption; Fortinet components Estimate 

Phase 3: Setup of Fortinet Firewall Under Azure Infrastructure (3 Days) 

  • Set up Azure VM for Fortinet Firewall with or without HA 
  • Deploy and Configure Fortinet Firewall Configuration, Rules, Establish VPN etc 
  • Bring Existing or New Azure IaaS or PaaS infrastructure Fortinet Firewall 
  • Monitor the Fortinet Firewall working with Azure Client Infrastructure 
  • Monitor replication health status in case of HA 

Phase 4: DR Test (1 Day) 

  • Carry DR test Drill in case of Fortinet HA Firewall 
  • Hand over to Client 

Related Proposals

Request a Consultation

Looking for a customized solution for your IT requirements?

ISmile Technologies is here to ensure you get the best solution for your IT-related challenges. Checkout out our Pre-designed proposals or share your challenges with us and get your problems solved to keep your operations going effectively.