Skip navigation

Azure Firewall

Cloud-native network security to protect your Azure Virtual Network resources

Azure Firewall Standard

  • Stateful firewall as a service
  • Built-in high availability with unrestricted cloud scalability
  • Centralised network and application-level connectivity policy
  • Threat intelligence-based filtering
  • Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways

Azure Firewall Premium (Public Preview)

  • Built-in TLS Inspection for customer’s selected encrypted applications
  • Ability to detect and block malicious traffic through advanced IDPS engine
  • Restrict access to Web content via built-in URL Filtering for both plain text and encrypted traffic
  • Web Categories provide enhanced content filtering capabilities
  • IDPS signatures and web categories are fully managed and constantly updated

Stateful firewall as a service

Enable turnkey firewall capabilities in your virtual network to control and log access to apps and resources. Azure Firewall supports filtering for both inbound and outbound traffic, internal spoke-to-spoke, as well as hybrid connections through Azure VPN and ExpressRoute gateways.

High availability and cloud scale

Azure Firewall automatically scales with your usage during peak load or as your business grows, eliminating the need to predict and reserve capacity for peak usage.

Network- and application-level connectivity policies

Write policies that span fully qualified domain name filtering for outbound HTTP(s) traffic and network filtering controls, using IP address, port and protocol. Restrict access, prevent data exfiltration and create connectivity policies across multiple subscriptions and virtual networks.

Intelligent near real-time security

Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services, including Azure Security Center.

TLS inspection and web filtering

TLS inspection enables the prevention of malware transmitted through encrypted connections. Azure Firewall can decrypt outbound traffic, perform the required security checks and then encrypt the traffic to the destination. It can work in conjunction with URL Filtering and Web Categories by letting administrators allow or deny user access to website categories such as gambling, social media or other websites.

Intrusion detection and prevention system (IDPS)

IDPS uses signatures to continuously monitor for malicious activities, generate alerts and log information, and optionally attempt to block it.
It can detect attacks in all ports and protocols for non-encrypted traffic. Encrypted traffic utilises its TLS inspection capability to decrypt the traffic to better detect malicious activities.

Why trust Azure Firewall?

  • Microsoft invests more than USD 1 billion annually on cybersecurity research and development.

  • We employ more than 3,500 security experts completely dedicated to your data security and privacy.

  • Azure has more compliance certifications than any other cloud service provider. View the comprehensive list.

Azure Firewall pricing

  • No upfront cost
  • No termination fees
  • Pay only for what you use

Everything you need to get started

Get instant access and a $200 credit by signing up for a free Azure account.

Learn how to use Azure Firewall with 5-minute quickstart tutorials and documentation.

Enhance Azure Firewall with additional features and products, such as security and backup services.

Related products and services

Virtual Network

Provision private networks, optionally connect to on-premises datacenters

Azure Security Center

Extend threat protection to any infrastructure

Azure DDoS Protection

Protect your applications from Distributed Denial of Service (DDoS) attacks

Ready when you are – let’s set up your Azure free account