This put up was co-authored by Eliran Azulai, Principal Program Supervisor, Azure Networking.
In the present day, we’re asserting new Azure Firewall capabilities in addition to updates for August 2021.
- Azure Firewall helps US West three, Jio India West, and Brazil Southeast.
- Auto-generated self-signed certificates for Azure Firewall Premium SKU.
- Safe Hub now helps Availability Zones.
- Deploy Azure Firewall with out public IP in Compelled Tunnel mode.
- Configure pre-existing Azure Firewalls in Power Tunnel mode utilizing cease or begin instructions.
Azure Firewall regional enlargement
We expanded Azure Firewall service to a few new public areas together with US West three, Jio India West, and Brazil Southeast. Each Commonplace and Premium Firewall SKUs can be found within the new public areas. Firewall Coverage assist is deliberate to launch shortly.
Azure Firewall Premium SKU assist for self-signed certificates
For non-production deployments, you should utilize the Azure Firewall Premium certification auto-generation mechanism, which robotically creates for you the next three sources, ties them collectively, and units up transport layer safety (TLS) inspection with a single click on of a button:
- Managed Identification.
- Key Vault.
- Self-signed intermediate CA certificates.
Safe Hub now helps Availability Zones
With Availability Zones, your availability will increase to 99.99 p.c uptime. A secured digital hub can now be configured throughout deployment to span a number of Availability Zones for elevated availability.
Deploy Azure Firewall with out public IP in Compelled Tunnel mode
Azure Firewall service requires public IP for its operational functions. Whereas safe, some deployments don’t choose exposing public IP on to the web. In such instances, clients can deploy Azure Firewall in Compelled Tunnel mode. This configuration creates a administration NIC which is utilized by Azure Firewall for its operations. The Tenant Datapath community could be configured with out a public IP, and web site visitors could be compelled tunneled to a different Firewall or utterly blocked.
Word that Compelled Tunnel mode can’t be configured at Run Time. You possibly can both redeploy the Firewall or use the cease and begin facility to reconfigure present Azure Firewalls in Compelled Tunnel mode. Safe Hub Firewalls are all the time deployed in Compelled Tunnel mode.
For extra info on every thing we coated above, see the next documentation: