Azure Firewall
기본 제공 고가용성, 무제한 클라우드 확장성 및 유지 관리 불필요가 적용된 기본 방화벽 기능
Protect your workloads in Azure Virtual Network
Deploy a cloud-native and intelligent network firewall solution to help secure your digital assets. Azure Firewall is easy to set up and scales automatically with your network.
Deploy and scale in minutes
Simplify deployment and management of your network security with a scalable and highly available cloud-native firewall.
Centralize connectivity policy
Create network and application-level rules on a stateful firewall that can identify legitimate packets for different types of connections.
거의 실시간 인텔리전트 보안
방화벽에서 위협 인텔리전스 기반 필터링을 사용하여 알려진 악성 IP 주소 및 도메인과 주고받는 트래픽을 경고하고 거부하도록 할 수 있습니다. IP 주소 및 도메인은 Microsoft 위협 인텔리전스 피드에서 제공됩니다. Intelligent Security Graph는 Microsoft 위협 인텔리전스를 구동하며 Azure Security Center를 비롯한 여러 서비스에서 사용됩니다.
IDPS(침입 탐지 및 방지 시스템)
Use signatures to continuously monitor for malicious activities and block them.
Deploy a stateful firewall in minutes
Enable turnkey firewall security capabilities in Azure Virtual Network to control and log access to apps and resources. Azure Firewall supports filtering for both inbound and outbound traffic, internal spoke-to-spoke connections, and hybrid connections through Azure VPN and ExpressRoute gateways.
Get real-time protection based on threat intelligence
Enable threat intelligence–based filtering for your firewall to alert and deny traffic from/to known malicious IP addresses and domains sourced from the Microsoft threat intelligence feed. Microsoft Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.
Prevent malware and viruses from spreading
Transport Layer Security (TLS) inspection enables the prevention of malware transmitted through encrypted connections. Azure Firewall decrypts outbound traffic, performs required security checks, and then encrypts the traffic to the destination. It works in conjunction with URL filtering and web categories by letting administrators allow or deny user access to website categories such as gambling or social media.
Inspect traffic in real time for malicious activities
The intrusion detection and prevention system (IDPS) capability uses signatures to continuously monitor activities, generate alerts, log information, and optionally attempt to block the attack. It can detect attacks in all ports and protocols for non-encrypted traffic. Encrypted traffic utilizes the TLS inspection capability for decryption.
Azure Firewall을 신뢰하는 이유
-
Microsoft는 사이버 보안 연구 및 개발에 매년 USD 10억 넘게 투자합니다.
-
Microsoft에 소속된 3,500명의 보안 전문가가 데이터 보안 및 개인 정보 보호를 전담합니다.
-
Azure는 다른 어떤 클라우드 공급 기업보다도 많은 인증을 취득했습니다. 전체 목록을 확인하세요.
Azure Firewall 가격
Setup is easy with billing comprised of a fixed per-hour consumption rate and variable fees based on traffic. There are no upfront costs or termination fees—pay only for what you use.
Azure Firewall resources and documentation
Trusted by companies of all sizes
Rockefeller Capital Management
Joe Ferlisi, CIO and Chief Security Officer, Rockefeller Capital Management"Microsoft has created a single ecosystem that incorporates the scalability and security of Azure, Microsoft 365, and Dynamics 365, and which will grow synergistically over time."
NCR
Isidro Rodriguez, Head of Digital Transformation, SaaS Operations, NCR"Azure Security Center is one of the most critical security tools managing the Azure ecosystem at NCR. With its single pane of glass, we get an overview of security across our Azure cloud deployments in real time."
MVP Health Care
Michael Della Villa, CIO and Head of Shared Services, MVP Health Care"As we looked at other vendors and platforms, we realized that it was a no-brainer. Microsoft offers the cohesive solution we need. Everything it brings to the table fits beautifully with our direction. It has become an outstanding support for us."
Frequently asked questions about Azure Firewall
-
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
-
Set up Azure Firewall in the Azure portal or with PowerShell, REST API, or templates. Read a tutorial for step-by-step instructions.
-
Yes. Azure Firewall supports inbound and outbound filtering. Inbound protection is typically used for non-HTTP/S protocols such as RDP, SSH, and FTP protocols. For the best inbound HTTP/S protection, use a web application firewall such as Azure Web Application Firewall (WAF).
-
Azure Firewall is integrated with Azure Monitor for viewing and analyzing firewall logs. Logs can be sent to Log Analytics, Azure Storage, or Event Hubs. They can be analyzed in Log Analytics or by different tools such as Excel and Power BI. For more information, see Tutorial: Monitor Azure Firewall logs.
-
Azure Firewall is a basic firewall network service that can address certain customer scenarios. It's expected that you'll have a mix of third-party NVAs and Azure Firewall. Working better together is a core priority.
-
For secure access to platform services, we recommend service endpoints. You can choose to enable service endpoints in the Azure Firewall subnet and disable them on the connected spoke virtual networks. This way you benefit from both features—service endpoint security and central logging for all traffic.