With the new Azure Firewall Premium now in public preview, you can now perform the following new capabilities:
- Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
- Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
- Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
- URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in congestion with web categories.
Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager. Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, web categories and more. Firewall Rules (Classic) continues to be supported and can be used for configuring existing features of Standard Firewall. Firewall Policy can be managed independently or using Azure Firewall manager. Firewall policy associated with a single firewall has no charge.
For more information, see the Azure Firewall Premium documentation.