• 2 min read

Streamline your DDoS management with new Azure Firewall Manager capabilities

As customers continue to adopt a Zero Trust security approach in their digital transformation, they often prefer a way to manage their network security policies and resources in one central place. Today, we are announcing that Azure Firewall Manager now supports managing Azure DDoS Protection Standard for virtual networks. This support is now in preview.

This post was co-authored by Alethea Toh, Program Manager, Azure Networking.

As customers continue to adopt a Zero Trust security approach in their digital transformation, they often prefer a way to manage their network security policies and resources in one central place. Today, we are announcing that Azure Firewall Manager now supports managing Azure DDoS Protection Standard for virtual networks. This support is now in preview.

Azure Firewall Manager is a security management service that provides a central security policy for cloud-based security perimeters. Through Azure Firewall Manager, customers can automatically deploy a firewall to a virtual network or secured virtual hub.

Azure DDoS Protection Standard provides enhanced Distributed Denial-of-Service (DDoS) mitigation features to defend against DDoS attacks. It is automatically tuned to protect all public IP addresses in virtual networks. Protection is simple to enable on any new or existing virtual network and does not require any application or resource changes.  

Enabling DDoS Protection Standard on a virtual network will protect the Azure Firewall and any publicly exposed endpoints that reside within the virtual network.

Manage DDoS Protection Plans on your virtual networks

In Azure Firewall Manager, you can now manage DDoS Protection Plans alongside Azure Firewall deployments in a single pane, improving overall user experience and reducing time spent managing multiple network security products. 

Figure 1: Enabling DDoS Protection Standard on a hub virtual network in Azure Firewall Manager

Figure 1: Enabling DDoS Protection Standard on a virtual network in Azure Firewall Manager

Figure 2: DDoS Protection Plan attached to a hub virtual network in Azure Firewall Manager

Figure 2: DDoS Protection Plan attached to virtual networks in Azure Firewall Manager

View and create DDoS Protection Plans in Azure Firewall Manager

You can also view and create DDoS Protection Plans from the Azure Firewall Manager experience.

Figure 3: View of DDoS Protection Plans in Azure Firewall Manager

Figure 3: View of DDoS Protection Plans in Azure Firewall Manager

Monitor your overall network security posture

Azure Firewall Manager now provides monitoring of your overall network security posture. Here, you can easily see which virtual networks and virtual hubs are protected by Azure Firewall, a third-party security provider, or DDoS Protection Standard. This overview can help you identify and prioritize any security gaps that are in your Azure environment, across subscriptions, or for the whole tenant.

Figure 4: Monitoring page in Azure Firewall Manager

Figure 4: Monitoring page in Azure Firewall Manager

Learn more

To learn more about these features in Azure Firewall Manager, visit the “Configure Azure DDoS Protection Plan using Azure Firewall Manager” tutorial and Azure DDoS Protection documentation. To learn more about Azure Firewall Manager, please visit the Azure Firewall Manager home page.