For the last article of the year, it thought I would discuss Azure Firewall Basic, a new firewall offering now in preview within Azure designed for the SMB market.


Azure has had firewall offerings for quite some time within the Standard and Premium tiers, they target quite a broad set of requirements and features like layers 3-7 filtering and alert support, built in HA, central management, threat protection and more. Historically though from an SMB point of view they have not quite worked out from a value proposition, while they do provide value, they do so at a high barrier to entry – Standard for example is designed for large amounts of data processing eg. 30Gbps and priced accordingly. Due to this high barrier of entry, we often provide infrastructure pricing for third party firewall offerings which provide in some instances a better SMB value proposition.


With the introduction of Azure Firewall Basic, Microsoft is looking to introduce a more SMB friendly offering while providing a cut down features set from the Standard and Premium tiers. The Basic version includes throughput of up to 250Mbps, layer 3-7 filtering and alerts on malicious traffic, built-in threat intelligence, integration into Azure Monitor, Event Hub, and Defender for Cloud, all of which gives you more visibility into your environment so you can identify and respond to threats quickly.


At a high level, the key features of Azure Firewall Basic are


Comprehensive, cloud-native network firewall security.

  •  Network and application traffic filtering.
  •  Threat intelligence to alert on malicious traffic.
  • Built-in high availability.
  • Seamless integration with other Azure services.
  • Simple setup and easy to use.


Set up in just a few minutes.

  • Automate deployment (deploy as code).
  • Zero maintenance with automatic updates.
  • Central management via Azure Firewall Manager.

Cost-effective.

  • Designed to deliver essential, cost-effective Firewall protection for your resources within your virtual network.


If you are after a picture of what Azure Firewall Basic looks like at a high level, below is a great image from Microsoft.

 

If we take a step back and look at the Azure Firewall tiers overall – Basic, Standard, Premium – and where they are positioned, think of Premium for highly sensitive applications (typically in the payment processing world) with support for advanced threat protection around malware and TLS inspection, Standard for layer 3-7 firewall requirements and with traffic peaks of 30Gbps along with threat intelligence, DNS proxy, custom DNS, categories, etc. and lastly Basic for SMB customers looking for a cloud native firewall with throughput of up to 250Mbps.

 

For additional details on Azure Firewall and its offerings see the following links.

 

As this is the last article of the year, I hope you have a great Christmas and New Year’s!

See you in 2023!