This weblog was co-authored by Gopikrishna Kannan, Principal Program Supervisor, Azure Networking.
Community safety insurance policies are continuously evolving to maintain tempo with the calls for of workloads. With the acceleration of workloads to the cloud, community safety insurance policies—Azure Firewall insurance policies specifically—are continuously altering and infrequently up to date a number of instances in per week (in lots of instances a number of instances in a day). Over time, the Azure Firewall community and software guidelines develop and may turn into suboptimal, impacting the firewall efficiency and safety. For instance, excessive quantity and continuously hit guidelines may be unintentionally prioritized decrease. In some instances, functions are hosted in a community that has been migrated to a distinct community. Nonetheless, the firewall guidelines referencing older networks haven’t been deleted.
Optimizing Firewall guidelines is a difficult job for any IT crew. Particularly for giant, geographically dispersed organizations, optimizing Azure Firewall coverage may be guide, complicated, and contain a number of groups internationally. Updates are dangerous and may doubtlessly affect a important manufacturing workload inflicting critical downtime. Properly, not anymore!
Coverage Analytics has been developed to assist IT groups handle Azure Firewall guidelines over time. It supplies important insights and proposals for optimizing Azure Firewall guidelines with a objective of strengthening your safety posture. We are actually excited to share that Coverage Analytics for Azure Firewall is now in preview.
Optimize Azure Firewall guidelines with Coverage Analytics
Coverage Analytics helps IT groups handle these challenges by offering visibility into site visitors flowing by the Azure Firewall. Key capabilities obtainable within the Azure Portal embody:
- Firewall stream logs: Shows all site visitors flowing by the Azure Firewall alongside hit charge and community and software rule match. This view helps determine high flows throughout all guidelines. You possibly can filter flows matching particular sources, locations, ports, and protocols.
- Rule analytics: Shows site visitors flows mapped to vacation spot community handle translation (DNAT), community, and software guidelines. This supplies enhanced visibility of all of the flows matching a rule over time. You possibly can analyze guidelines throughout each father or mother and little one insurance policies.
- Coverage perception panel: Aggregates coverage insights and highlights coverage suggestions to optimize your Azure Firewall insurance policies.
- Single-rule evaluation: The only-rule evaluation expertise analyzes site visitors flows matching the chosen rule and recommends optimizations primarily based on these noticed site visitors flows.
Deep dive into single-rule evaluation
Let’s examine single-rule evaluation. Right here we choose a rule of curiosity to research the matching flows and optimize thereof.
Customers can analyze Firewall guidelines with a couple of straightforward clicks.
Determine 1: Begin by choosing Single-rule evaluation.
With Coverage Analytics, you’ll be able to carry out rule evaluation by choosing the rule of curiosity. You possibly can decide a rule to optimize. For example, chances are you’ll wish to analyze guidelines with a variety of open ports or a lot of sources and locations.
Determine 2: Choose a rule and Run evaluation.
Coverage Analytics surfaces the suggestions primarily based on the precise site visitors flows. You possibly can evaluate and apply the suggestions, together with deleting guidelines which don’t match any site visitors or prioritizing them decrease. Alternatively, you’ll be able to lock down the foundations to particular ports matching site visitors.
Determine three: Assessment the outcomes and Apply chosen adjustments.
Whereas in preview, enabling Coverage Analytics on a Firewall Coverage related to a single firewall is billed per coverage as described on the Azure Firewall Supervisor pricing web page. Enabling Coverage Analytics on a Firewall Coverage related to a couple of firewall is obtainable at no further price.
Coverage Analytics for Azure Firewall simplifies firewall coverage administration by offering insights and a centralized view to assist IT groups have higher and constant management of Azure Firewall. To study extra about Coverage Analytics, see the next assets: