Choose the right Azure Firewall version to meet your needs
Azure Firewall offers three versions to meet various customer needs:
- Azure Firewall Premium: Ideal for securing highly sensitive applications, such as payment processing. It includes advanced threat protection features like malware and TLS inspection.
- Azure Firewall Standard: Suitable for customers requiring Layer 3–Layer 7 firewall capabilities with autoscaling to manage peak traffic up to 30 Gbps. It includes enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
- Azure Firewall Basic: Designed for SMB customers with throughput requirements up to 250 Mbps.
Feature comparison
Compare the features of the three Azure Firewall versions:
| Category | Feature | Firewall Basic | Firewall Standard | Firewall Premium |
|---|---|---|---|---|
| L3-L7 filtering | Application level FQDN filtering (SNI based) for HTTPS/SQL | ✓ | ✓ | ✓ |
| Network level FQDN filtering – all ports and protocols | ✓ | ✓ | ||
| Stateful firewall (5 tuple rules) | ✓ | ✓ | ✓ | |
| Network address translation (SNAT+DNAT) | ✓ | ✓ | ✓ | |
| Reliability & performance | Availability zones | ✓ | ✓ | ✓ |
| Built-in HA | ✓ | ✓ | ✓ | |
| Cloud scalability (auto-scale as traffic grows) | Up to 250Mbps | Up to 30 Gbps | Up to 100 Gbps | |
| Fat flow support | N/A | 1 Gbps | 10 Gbps | |
| Ease of management | Central management via firewall manager | ✓ | ✓ | ✓ |
| Policy analytics (rule management over time) | ✓ | ✓ | ✓ | |
| Enterprise integration | Full logging including SIEM integration | ✓ | ✓ | ✓ |
| Service tags and FQDN tags for easy policy management | ✓ | ✓ | ✓ | |
| Easy DevOps integration using REST/PowerShell/CLI/templates/Terraform | ✓ | ✓ | ✓ | |
| Web content filtering (web categories) | ✓ | ✓ | ||
| DNS proxy + custom DNS | ✓ | ✓ | ||
| Advanced threat protection | Threat intelligence-based filtering (known malicious IP address/domains) | Alert | ✓ | ✓ |
| Inbound TLS termination (TLS reverse proxy) | Using Azure Application Gateway | |||
| Outbound TLS termination (TLS forward proxy) | ✓ | |||
| Fully managed IDPS | ✓ | |||
| URL filtering (full path - including SSL termination) | ✓ |
Flow chart
Use the following flow chart to determine the best Azure Firewall version for your needs.
