This is the Trace Id: 9d4903b77ca511e3d97a2b85a8531d4c
Skip to main content
Azure

Azure Firewall

Protect your Azure Virtual Network resources with cloud-native network security.
Try Azure for free Create a pay-as-you-go account
A person seated on a chair using a laptop in a softly lit indoor space with light-colored walls and natural sunlight casting shadows.
OVERVIEW

Firewall security to help protect your digital assets

Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. The stateful firewall service has built-in high availability and unrestricted cloud scalability to help you create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
  • Get advanced threat protection that meets the needs of highly sensitive and regulated environments. Azure Firewall taps into real-time security signals from a wide range of sources using Microsoft threat intelligence to guard against evolving threats and zero-day vulnerabilities.
    A person using a phone and a computer.
  • Enable turnkey firewall security capabilities in Azure Virtual Network to control and log access to apps and resources. Azure Firewall supports filtering for both inbound and outbound traffic, internal spoke-to-spoke connections, and hybrid connections through Azure VPN and ExpressRoute gateways.
    A close-up of a computer.
  • Azure Firewall decrypts outbound traffic, performs required security checks, and then encrypts the traffic to the destination. It works in conjunction with URL filtering and web categories by letting administrators allow or deny user access to website categories such as gambling or social media.
    A person sitting at a desk with a computer screen.
  • The intrusion detection and prevention system (IDPS) capability uses signatures to continuously monitor activities, generate alerts, log information, and optionally attempt to block the attack. It can detect attacks in all ports and protocols for non-encrypted traffic. Encrypted traffic utilizes the TLS inspection capability for decryption.
    A group of people sitting at a table.
Features

Explore Event Hub

Threat intelligence–based filtering

Enable real-time alerts and deny traffic from/to known malicious IP addresses and domains.

Deploy and scale in minutes

Simplify deployment and management of your network security with a scalable and highly available cloud native firewall.

Full visibility and protection

Transport Layer Security (TLS) inspection prevents malware from being transmitted through encrypted connections.

Unified management

Centrally manage security across all virtual networks with a common set of network and application rules.
Security

Embedded security and compliance

34,000
Full-time equivalent engineers dedicated to security initiatives at Microsoft.
Learn more
15,000
Partners with specialized security expertise.
 
Learn more
>100
Compliance certifications, including over 50 specific to global regions and countries.
Learn more
Learn more about security on Azure
A couple of men standing in front of a computer.
Pricing

Azure Firewall pricing

Setup is easy, and billing comprises a fixed per-hour consumption rate and variable fees based on traffic. There are no upfront costs or termination fees—pay only for what you use.
See pricing details
Customer stories

Trusted by companies of all sizes

  1. fdbVela Logo
  2. MVP Healthcare Logo
A building with glass doors and light reflecting on them.
fdbVela Logo
“Our decision to work with Azure was driven by more than just scalability. It was about finding a cloud platform that could offer the security capabilities necessary to meet our privacy requirements and regulatory demands—all with the customer support we could count on.”
Sean Taylor, Director of Research & Development, FDB Vela
The California Republic flag waving in the foreground with the domed state capitol building visible against a clear blue sky.
MVP Healthcare Logo
"As we looked at other vendors and platforms, we realized that it was a no-brainer. Microsoft offers the cohesive solution we need. Everything it brings to the table fits beautifully with our direction. It has become an outstanding support for us."
Michael Della Villa, CIO and Head of Shared Services, MVP Health Care
Back to carousel navigation controls
Resources

Azure Firewall resources and documentation

  1.
A woman sitting at a table with a computer.

Azure Firewall documentation

Learn how to deploy Azure Firewall, a cloud-based network security service.
Learn more 
A person sitting at a desk with a computer and two monitors, with a shelf of books visible in the background.

Introduction to Azure Firewall learning module

Get an introduction to Azure Firewall and learn core concepts, capabilities, and deployment fundamentals in this guided learning module.
Learn more 
Back to PARTNER SOLUTIONS - Enable intelligent factories tab section
Back to tabs

Frequently asked questions

  • Set up Azure Firewall in the Azure portal or with PowerShell, REST API, or templates. Read a tutorial for step-by-step instructions.
  • Yes. Azure Firewall supports inbound and outbound filtering. Inbound protection is typically used for non-HTTP/S protocols such as RDP, SSH, and FTP protocols. For the best inbound HTTP/S protection, use a web application firewall such as Azure Web Application Firewall (WAF).
  • Azure Firewall is integrated with Azure Monitor for viewing and analyzing firewall logs. Logs can be sent to Log Analytics, Azure Storage, or Event Hubs. They can be analyzed in Log Analytics or by different tools such as Excel and Power BI. For more information, see Tutorial: Monitor Azure Firewall logs.
  • Yes, Azure Firewall Premium provides advanced threat protection that meets the needs of highly sensitive and regulated environments, such as the financial services and healthcare industries. A signature-based IDPS looks for specific patterns to rapidly detect attacks. These patterns can include byte sequences in network traffic or known malicious instruction sequences used by malware. There are more than 58,000 signatures in more than 50 categories which are updated in real time to protect against new and emerging exploits. The exploit categories include malware, phishing, coin mining, and Trojan attacks.
  • Yes, Azure Firewall allows you to inspect traffic destined for a private endpoint. Private endpoints enable Azure resources deployed in a virtual network to communicate privately with private link resources. You may need to inspect or block traffic from clients to the services exposed via private endpoints using Azure Firewall.
  • For secure access to platform services, we recommend service endpoints. You can choose to enable service endpoints in the Azure Firewall subnet and disable them on the connected spoke virtual networks. This way you benefit from both features—service endpoint security and central logging for all traffic.
A man using a laptop in office setup.
Next Steps

Get started with an Azure free account

Pay as you go or try Azure free for up to 30 days.
Try Azure for free
A person sitting at a table.
Azure solutions

Learn about more Azure cloud solutions

Solve your business problems with proven combinations of Azure cloud services, as well as sample architectures and documentation.
Explore Azure AI solutions
A group of people sitting at a table.
Business Solutions Hub

Find the right Microsoft Cloud solution

Browse the Microsoft Business Solutions Hub to find the products and solutions that can help your organization reach its goals.
Explore solutions