We’re in the early research phase of implementing an Azure Firewall, behind which we will be placing existing non-domain-joined Azure VMs that act as web servers hosting our corporate website.

Today, we have a load balancer in place that balances sessions and persistence and we’d like to be more aggressive with what requests we let in - namely geolocation based.

I welcome your experiences if you have recently implemented an Azure Firewall in your tenant.

6 Spice ups

Didn’t even know that was a thing…but it might solve a hypothetical I’ve been pondering and keep some future potential costs down! I’ll keep this in my back pocket for a bit :wink:

1 Spice up

I suggest looking at cloudflare WAF (web application firewall) also. It is on my upcoming project lists, and I have been advised its better (easier to manage and use, more effective) than the Azure equivalents.

In my research you can even combine it with cloudflare tunnels so you can keep your Web servers in a private network and not directly expose your machines to the internet.

1 Spice up

Hello. As someone that deployed an Azure Firewall, I would strongly suggest a different type of virtual firewall in azure. While it is cost effective it is definitely a bit harder to grasp and not so straight forward to manage. Logging is all done through the workspace analytics. I have been using it for 2 years and currently migrating to a virtual palo alto.

1 Spice up