• Documentation
  • Pricing
  • Training Explore free online learning resources from videos to hands-on-labs
  • Blog Read the latest posts from the Azure team
  • Free account

    Azure Firewall

    Cloud-native network security to protect your Azure Virtual Network resources

    Product Features

  • Stateful firewall as a service
  • Built-in high availability with unrestricted cloud scalability
  • Ability to centrally create, enforce, and log application and network connectivity policies
  • Threat intelligence-based filtering
  • Source and destination Network Address Translation (SNAT and DNAT) support
  • Fully integrated with Azure Monitor for logging and analytics
  • Support for hybrid connectivity through deployment behind VPN and ExpressRoute Gateways
  • Stateful firewall as a service

    Enable turnkey firewall capabilities in your virtual network to control and log access to apps and resources. Azure Firewall supports filtering for both inbound and outbound traffic, internal spoke-to-spoke, as well as hybrid connections through Azure VPN and ExpressRoute gateways.

    High availability and cloud scale

    Azure Firewall automatically scales with your usage during peak load or as your business grows, eliminating the need to predict and reserve capacity for peak usage.

    Network- and application-level connectivity policies

    Write policies that span fully-qualified domain name filtering for outbound HTTP(s) traffic and network filtering controls, using IP address, port, and protocol. Restrict access, prevent data exfiltration, and create connectivity policies across multiple subscriptions and virtual networks.

    Intelligent near real-time security

    Threat intelligence-based filtering can be enabled for your firewall to alert and deny traffic from/to known malicious IP addresses and domains. The IP addresses and domains are sourced from the Microsoft Threat Intelligence feed. Intelligent Security Graph powers Microsoft threat intelligence and is used by multiple services including Azure Security Center.

    Communicate with Internet resources using SNAT and DNAT

    Azure Firewall utilizes a static public IP address for your virtual network resources using source network address translation (SNAT). This allows outside firewalls to identify traffic originating from your virtual network. Inbound traffic filtering for backend services in your Virtual Network (VNet) is supported by Destination Network Address Translation (DNAT).

    Central logging and analytics

    Use fully-integrated, built-in monitoring and reporting right in one place with Azure Monitor.

    Related products and services

    Virtual Network

    Provision private networks, optionally connect to on-premises datacenters

    Security Center

    Unify security management and enable advanced threat protection across hybrid cloud workloads

    Azure DDoS Protection

    Protect your applications from Distributed Denial of Service (DDoS) attacks

    Ready to start building?

    Let’s set up your free account.