What is Azure Firewall?

Azure Firewall is a cloud-native, intelligent network firewall security service that offers top-tier threat protection for your Azure cloud workloads. It is a fully stateful firewall as a service, featuring built-in high availability and unlimited cloud scalability. Azure Firewall inspects both east-west and north-south traffic. To understand these traffic types, see ast-west and north-south traffic.

Azure Firewall is available in three SKUs: Basic, Standard, and Premium.

Azure Firewall Basic

Azure Firewall Basic is designed for small and medium-sized businesses (SMBs) to secure their Azure cloud environments. It provides essential protection at an affordable price.

Key limitations of Azure Firewall Basic include:

• Supports Threat Intel alert mode only
• Fixed scale unit with two virtual machine backend instances
• Recommended for environments with an estimated throughput of 250 Mbps

For more information, see Azure Firewall Basic features.

Azure Firewall Standard

Azure Firewall Standard offers L3-L7 filtering and threat intelligence feeds directly from Microsoft Cyber Security. It can alert and block traffic from/to known malicious IP addresses and domains, updated in real-time to protect against new and emerging threats.

For more information, see Azure Firewall Standard features.

Azure Firewall Premium

Azure Firewall Premium provides advanced capabilities, including signature-based IDPS for rapid attack detection by identifying specific patterns. These patterns can include byte sequences in network traffic or known malicious instruction sequences used by malware. With over 67,000 signatures in more than 50 categories, updated in real-time, it protects against new and emerging exploits such as malware, phishing, coin mining, and Trojan attacks.

For more information, see Azure Firewall Premium features.

Feature comparison

To compare all Azure Firewall SKU features, see Choose the right Azure Firewall SKU to meet your needs.

Azure Firewall Manager

Azure Firewall Manager allows you to centrally manage Azure Firewalls across multiple subscriptions. It uses firewall policies to apply a common set of network and application rules and configurations to the firewalls in your tenant.

Firewall Manager supports firewalls in both virtual network and Virtual WAN (Secure Virtual Hub) environments. Secure Virtual Hubs use the Virtual WAN route automation solution to simplify routing traffic to the firewall with just a few steps.

To learn more, see Azure Firewall Manager.

Pricing and SLA

For pricing details, see Azure Firewall pricing.

For SLA information, see Azure Firewall SLA.

Supported regions

For a list of supported regions, see Azure products available by region.

What's new

To learn about the latest updates, see Azure updates.

Known issues

For known issues, see Azure Firewall known issues.

Next steps

• Quickstart: Create an Azure Firewall and a firewall policy - ARM template
• Quickstart: Deploy Azure Firewall with Availability Zones - ARM template
• Tutorial: Deploy and configure Azure Firewall using the Azure portal
• Learn module: Introduction to Azure Firewall
• Learn more about Azure network security