New Azure Firewall certification and features in Q1 CY2020

This post was co-authored by Suren Jamiyanaa, Program Manager, Azure Networking

We continue to be amazed by the adoption, interest, positive feedback, and the breadth of use cases customers are finding for our service. Today, we are excited to share several new Azure Firewall capabilities based on your top feedback items:

  • ICSA Labs Corporate Firewall Certification.
  • Forced tunneling support now in preview.
  • IP Groups now in preview.
  • Customer configured SNAT private IP address ranges now generally available.
  • High ports restriction relaxation now generally available.

Azure Firewall is a cloud native firewall as a service (FWaaS) offering that allows you to centrally govern and log all your traffic flows using a DevOps approach. The service supports both application and network level filtering rules and is integrated with the Microsoft Threat Intelligence feed for filtering known malicious IP addresses and domains. Azure Firewall is highly available with built-in auto scaling.

ICSA Labs Corporate Firewall Certification

ICSA Labs is a leading vendor in third-party testing and certification of security and health IT products, as well as network-connected devices. They measure product compliance, reliability, and performance for most of the world’s top technology vendors.

Azure Firewall is the first cloud firewall service to attain the ICSA Labs Corporate Firewall Certification. For the Azure Firewall certification report, see information here. For more information, see the ICSA Labs Firewall Certification program page.
Front page of the ICSA Labs Certification Testing and Audit Report for Azure Firewall.

Figure one – Azure Firewall now ICSA Labs certified.

Forced tunneling support now in preview

Forced tunneling lets you redirect all internet bound traffic from Azure Firewall to your on-premises firewall or a nearby Network Virtual Appliance (NVA) for additional inspection. By default, forced tunneling isn't allowed on Azure Firewall to ensure all its outbound Azure dependencies are met.

To support forced tunneling, service management traffic is separated from customer traffic. An additional dedicated subnet named AzureFirewallManagementSubnet is required with its own associated public IP address. The only route allowed on this subnet is a default route to the internet, and BGP route propagation must be disabled.

Within this configuration, the AzureFirewallSubnet can now include routes to any on-premise firewall or NVA to process traffic before it's passed to the Internet. You can also publish these routes via BGP to AzureFirewallSubnet if BGP route propagation is enabled on this subnet. For more information see Azure Firewall forced tunneling documentation.

Creating a firewall with forced tunneling enabled

Figure two – Creating a firewall with forced tunneling enabled.

IP Groups now in preview

IP Groups is a new top-level Azure resource in that allows you to group and manage IP addresses in Azure Firewall rules. You can give your IP group a name and create one by entering IP addresses or uploading a file. IP Groups eases your management experience and reduce time spent managing IP addresses by using them in a single firewall or across multiple firewalls. For more information, see the IP Groups in Azure Firewall documentation.

Azure Firewall application rules utilize an IP group

Figure three – Azure Firewall application rules utilize an IP group.

Customer configured SNAT private IP address ranges

Azure firewall provides automatic Source Network Address Translation (SNAT) for all outbound traffic to public IP addresses. Azure Firewall doesn’t SNAT when the destination IP address is a private IP address range per IANA RFC 1918. If your organization uses a public IP address range for private networks or opts to force tunnel Azure Firewall internet traffic via an on-premises firewall, you can configure Azure Firewall to not SNAT additional custom IP address ranges. For more information, see Azure Firewall SNAT private IP address ranges.

Azure Firewall with custom private IP address ranges

Figure four – Azure Firewall with custom private IP address ranges.

High ports restriction relaxation now generally available

Since its initial preview release, Azure Firewall had a limitation that prevented network and application rules from including source or destination ports above 64,000. This default behavior blocked RPC based scenarios and specifically Active Directory synchronization. With this new update, customers can use any port in the 1-65535 range in network and application rules.

Next steps

For more information on everything we covered above please see the following blogs, documentation, and videos.

Azure Firewall central management partners:

45 Comments

  1. I have a Blogspot blog, and I want that any time I publish a new post on my blog, a link to the new post will automatically be added to my Facebook news feed. Is there anyway to do this?.

  2. Hi. I’m looking for a good site that offers creative writing prompts or creative writing exercises since I heard that anyone who is serious about writing should do creative writing exercises. So does anyone know of a good one?.

  3. As soon as I detected this website I went on reddit to share some of the love with them.

  4. I am constantly thought about this, regards for putting up.

  5. What i do not understood is in fact how you are no longer actually much more neatly-preferred than you may be now. You’re very intelligent. You know therefore significantly when it comes to this matter, made me individually imagine it from so many numerous angles. Its like men and women are not interested until it is something to accomplish with Lady gaga! Your individual stuffs outstanding. Always take care of it up!

  6. Do you mind if I quote a few of your posts as long as I provide credit and sources back to your site? My blog site is in the very same niche as yours and my users would definitely benefit from a lot of the information you provide here. Please let me know if this ok with you. Cheers!

  7. I have a school project for my creative writing class that requires a writing portfolio, but I have no clue how to make one. I never really understood what a portfolio was. If someone could help out, it’d be wonderful..

  8. You are my breathing in, I own few blogs and occasionally run out from to post .

  9. Hi there! This post couldn’t be written any better! Reading through this post reminds me of my previous room mate! He always kept talking about this. I will forward this article to him. Pretty sure he will have a good read. Thank you for sharing!

  10. I got what you mean , appreciate it for posting.Woh I am glad to find this website through google. “Spare no expense to make everything as economical as possible.” by Samuel Goldwyn.

  11. Its excellent as your other articles : D, thanks for posting.

  12. Keep functioning ,great job!

  13. If my background image was labeled for commercial reuse can I claim copyright on all other content?

  14. You could definitely see your enthusiasm within the work you write. The world hopes for even more passionate writers such as you who aren’t afraid to say how they believe. At all times follow your heart.

  15. I love your blog.. very nice colors & theme. Did you create this website yourself? Plz reply back as I’m looking to create my own blog and would like to know wheere u got this from. thanks

  16. Hello just wanted to give you a quick heads up and let you know a few of the pictures aren’t loading properly. I’m not sure why but I think its a linking issue. I’ve tried it in two different internet browsers and both show the same results.

  17. Thank you from the bottom of my heart for everything

  18. Woh I enjoy your posts, saved to favorites! .

  19. Your place is valueble for me. Thanks!…

  20. Hello! I could have sworn I’ve been to this blog before but after browsing through some of the post I realized it’s new to me. Anyways, I’m definitely happy I found it and I’ll be book-marking and checking back frequently!

  21. Good – I should certainly pronounce, impressed with your website. I had no trouble navigating through all the tabs and related info ended up being truly simple to do to access. I recently found what I hoped for before you know it at all. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your customer to communicate. Excellent task.

  22. Hello.This article was really remarkable, especially because I was searching for thoughts on this issue last Tuesday.

  23. I couldn’t resist commenting

  24. I like gathering useful information , this post has got me even more info! .

  25. Very nice post. I just stumbled upon your blog and wanted to say that I have truly loved surfing around your blog posts. After all I’ll be subscribing for your feed and I am hoping you write again soon!

  26. I?¦ll immediately grab your rss as I can not find your e-mail subscription hyperlink or newsletter service. Do you’ve any? Please allow me recognise so that I may subscribe. Thanks.

  27. Hello, Neat post. There’s an issue along with your web site in web explorer, could test this… IE nonetheless is the market chief and a big section of people will leave out your magnificent writing because of this problem.

  28. I will immediately clutch your rss as I can’t in finding your email subscription hyperlink or e-newsletter service. Do you’ve any? Please allow me know in order that I may subscribe. Thanks.

  29. Hey very cool site!! Man .. Excellent .. Superb .. I’ll bookmark your blog and take the feeds also…I’m glad to find numerous useful information here within the post, we’d like develop extra techniques in this regard, thank you for sharing. . . . . .

  30. Great post. I was checking continuously this blog and I’m impressed! Extremely helpful info particularly the last part 🙂 I care for such info much. I was looking for this certain info for a long time. Thank you and best of luck.

  31. Excellent blog here! Also your web site a lot up fast! What host are you the usage of? Can I am getting your affiliate hyperlink to your host? I wish my website loaded up as quickly as yours lol

  32. I like the helpful information you provide for your articles. I will bookmark your blog and test once more here regularly. I’m quite certain I’ll learn plenty of new stuff proper right here! Good luck for the next!

  33. Good – I should definitely pronounce, impressed with your site. I had no trouble navigating through all the tabs as well as related information ended up being truly easy to do to access. I recently found what I hoped for before you know it in the least. Quite unusual. Is likely to appreciate it for those who add forums or anything, website theme . a tones way for your customer to communicate. Excellent task..

  34. Wow! This blog looks just like my old one! It’s on a completely different topic but it has pretty much the same page layout and design. Excellent choice of colors!

  35. I’ve been absent for some time, but now I remember why I used to love this blog. Thanks , I¦ll try and check back more often. How frequently you update your site?

  36. Hey! I just wanted to ask if you ever have any issues with hackers? My last blog (wordpress) was hacked and I ended up losing months of hard work due to no backup. Do you have any solutions to prevent hackers?

Leave a Reply

Your email address will not be published.