Create and implement Azure Firewall Manager policies

5.4 Azure Firewall and Firewall Manager

📘Microsoft Azure Networking Solutions (AZ-700)

Overview

Azure Firewall Manager is a centralized management service for controlling one or more Azure Firewalls across multiple subscriptions and virtual networks.

Think of it as a control center that lets you define security rules once and apply them everywhere. Instead of configuring each firewall individually, you use Firewall Manager policies to enforce consistent rules across your organization.

Key Concepts

  1. Firewall Policy
    • A Firewall Policy is a collection of rules and settings that define how Azure Firewall should inspect and allow/deny traffic.
    • Policies include:
      • Network rules – control traffic between subnets, VNets, or the internet (based on IP addresses and ports).
      • Application rules – control access to specific domains or URLs (like example.com or *.microsoft.com).
      • Threat intelligence settings – block traffic from known malicious IPs/domains.
      • DNS settings – manage DNS traffic through the firewall.
  2. Policy Hierarchy
    • Firewall Manager supports hierarchical policies:
      • Parent Policy – applied globally to multiple firewalls or regions.
      • Child Policy – applied to specific firewalls, inherits parent policy rules, and can add exceptions.
    Example: You can create a parent policy blocking all traffic from malicious IPs and allow child policies for specific applications on certain firewalls.
  3. Centralized vs. Local Management
    • Centralized: Manage all policies from Firewall Manager for multiple firewalls.
    • Local: Each firewall can have its own policy (less common in enterprise setups).

Steps to Create and Implement Azure Firewall Manager Policies

Step 1: Plan Your Policies

Before creating policies, decide:

  • What traffic needs to be allowed or denied?
  • Which subnets, VNets, or regions should these rules apply to?
  • Any exceptions for specific applications or services?

Example: In an organization, you might block social media traffic across all VNets but allow it for the marketing team subnet.

Step 2: Create a Firewall Policy

  1. Go to Azure Portal → Firewall Manager → Policies → Add.
  2. Choose the policy type: Network rule collection, Application rule collection, or Threat intelligence.
  3. Define your rules:
    • Network rules: Specify source IPs, destination IPs, ports, and protocols.
    • Application rules: Specify source IPs and allowed FQDNs/domains.
    • Threat intelligence: Enable or disable alert or block mode for known malicious traffic.
  4. Configure additional settings like logging, DNS, and NAT rules if needed.

Tip for exam: Remember policy contains rules, logging, and threat intelligence settings.

Step 3: Assign the Policy to Firewalls

  • After creating a policy, you assign it to one or more Azure Firewalls.
  • You can assign:
    • Globally – parent policy for multiple firewalls.
    • Individually – child policies for specific firewalls with exceptions.

Example: Marketing team firewall could have a child policy allowing social media, while all other firewalls inherit the stricter parent policy.

Step 4: Policy Evaluation and Priority

  • Firewall Manager evaluates policies in priority order:
    1. Child policy rules
    2. Parent policy rules
  • If traffic matches multiple rules, the most specific rule wins.
  • This is important to know for the exam because rule conflicts are resolved using hierarchy and priority.

Step 5: Monitor and Update Policies

  • Policies are dynamic; you can update them anytime.
  • Use Azure Monitor and Logs to check traffic hits and blocked connections.
  • Updating a policy automatically updates all firewalls assigned to it.

Example: If a new malicious IP list is released, you can update your threat intelligence settings in the parent policy, and all firewalls will automatically block traffic from those IPs.

Exam Tips – Key Points to Remember

  1. Firewall Manager manages multiple firewalls centrally.
  2. Firewall Policies contain network, application, and threat intelligence rules.
  3. Policies can be hierarchical (parent → child).
  4. Child policies can override parent policies.
  5. Rules have priorities; most specific wins.
  6. Policies are dynamic – changes propagate automatically.
  7. Always associate policies to Azure Firewalls to enforce them.

Quick IT-focused Example Scenario

  • A company has 3 VNets in different regions: Finance, HR, and Marketing.
  • They create a parent firewall policy:
    • Block all traffic from known malicious IPs (Threat Intel)
    • Allow HTTPS traffic to internal applications
  • Then, they create child policies:
    • Finance VNet: Only allow finance app traffic
    • Marketing VNet: Allow social media and marketing tools
  • All firewalls are now managed centrally with consistent security rules.

This scenario helps you visualize policy hierarchy, central management, and exceptions, which are key points for the exam.

Summary:
Azure Firewall Manager policies let you define, apply, and centrally manage security rules across multiple Azure Firewalls. You create a policy (network, application, threat intelligence), assign it to firewalls, and optionally use child policies for exceptions. Policies propagate automatically and ensure consistent security enforcement across your organization.

Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by