How to Create Firewall Manager Policies on Microsoft Azure

Firewall Policy is an Azure resource that contains NAT, network, and application rule collections, and Threat Intelligence settings. It’s a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Policies work across regions and subscriptions.

 

  • Login to microsoft azure portal.
  • Click on All Services.
  • Select Firewall Policies.

 

Fig 1

 

  • Click on Add.

 

Fig 2

 

  • On Basics Tab provide the following values:-
  • Subscription: An Azure subscription grants you access to Azure services.
  • Resource group name: A resource group is a collection of resources.
  • Select Region.

 

Fig. 3

 

  • Select Standard or Premium Policy Tier.
  • Then click on Next DNS Settings.

 

Fig. 4

 

  • DNS settings can be either disable or enable.
  • Click on Next TLS inspection.

 

Fig. 5

 

  • On Standard Policy Tier, TLS inspection is not available.

 

Fig. 6

 

  • If you Select Premium Policy Tier then TLS inspection is available.
  • By default TLS inspection is disable.
  • Click on Next Rules.

 

Fig. 7

 

  • At Rules click on Add a rule collection.

 

Fig. 8

 

  • Provide the rule collection name.
  • Select Rule collection type.
  • Set the Priority.
  • Then provide the rule name, Source IP, protocols, Destination ports & Destination IP address.
  • Click on Add.

 

Fig. 9

 

  • Once Rule Collection is added then click on Next IDPS.

 

Fig.10

 

  • On Standard Policy Tier, IDPS is not available.
  • If you select Premium policy tier then you can select Alert or Alert & deny option when suspicious traffic is detected.
  • Click on Next Threat intelligence.

 

Fig.11

 

  • Click on Add allow list addresses for  alert & block traffic to/from malicious IP addresses.

 

Fig.12

 

  • We can Drag & Drop the files or provide the IP address & range.
  • Click on Add.

 

Fig.13

 

  • Once List addresses is added click on Next Tags.

 

Fig.14

 

  • On Tags Tab provide the tag name and value for Firewall Policy.
  • Click Next on Review + Create.

 

Fig.15

 

  • If you get a message “Validation passed”.
  • Then click on Create.

 

Fig.16

 

  • After some time, you will see a message as “Your deployment is ready”.
  • Click on “Go to resources” & You can see that the Firewall Policy is there with the name we provide.

 

Fig.15

 

Leave a Reply