You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall-manager/overview.md
+16-16Lines changed: 16 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,11 @@
1
1
---
2
2
title: What is Azure Firewall Manager?
3
-
description: Learn about Azure Firewall Manager features
3
+
description: Learn about Azure Firewall Manager features.
4
4
author: vhorne
5
5
ms.service: firewall-manager
6
6
services: firewall-manager
7
7
ms.topic: overview
8
-
ms.date: 01/17/2023
8
+
ms.date: 02/26/2024
9
9
ms.author: victorh
10
10
---
11
11
@@ -17,10 +17,10 @@ Firewall Manager can provide security management for two network architecture ty
17
17
18
18
-**Secured virtual hub**
19
19
20
-
An [Azure Virtual WAN Hub](../virtual-wan/virtual-wan-about.md#resources) is a Microsoft-managed resource that lets you easily create hub and spoke architectures. When security and routing policies are associated with such a hub, it is referred to as a *[secured virtual hub](secured-virtual-hub.md)*.
20
+
An [Azure Virtual WAN Hub](../virtual-wan/virtual-wan-about.md#resources) is a Microsoft-managed resource that lets you easily create hub and spoke architectures. When security and routing policies are associated with such a hub, it's referred to as a *[secured virtual hub](secured-virtual-hub.md)*.
21
21
-**Hub virtual network**
22
22
23
-
This is a standard Azure virtual network that you create and manage yourself. When security policies are associated with such a hub, it is referred to as a *hub virtual network*. At this time, only Azure Firewall Policy is supported. You can peer spoke virtual networks that contain your workload servers and services. You can also manage firewalls in standalone virtual networks that aren't peered to any spoke.
23
+
This is a standard Azure virtual network that you create and manage yourself. When security policies are associated with such a hub, it's referred to as a *hub virtual network*. At this time, only Azure Firewall Policy is supported. You can peer spoke virtual networks that contain your workload servers and services. You can also manage firewalls in standalone virtual networks that aren't peered to any spoke.
24
24
25
25
For a detailed comparison of *secured virtual hub* and *hub virtual network* architectures, see [What are the Azure Firewall Manager architecture options?](vhubs-and-vnets.md).
26
26
@@ -38,20 +38,20 @@ You can centrally deploy and configure multiple Azure Firewall instances that sp
38
38
39
39
You can use Azure Firewall Manager to centrally manage Azure Firewall policies across multiple secured virtual hubs. Your central IT teams can author global firewall policies to enforce organization wide firewall policy across teams. Locally authored firewall policies allow a DevOps self-service model for better agility.
40
40
41
-
### Integrated with third-party security-as-a-service for advanced security
41
+
### Integrated with partner security-as-a-service for advanced security
42
42
43
-
In addition to Azure Firewall, you can integrate third-party security as a service (SECaaS) providers to provide additional network protection for your VNet and branch Internet connections.
43
+
In addition to Azure Firewall, you can integrate partner security as a service (SECaaS) providers to provide more network protection for your virtual network and branch Internet connections.
44
44
45
45
This feature is available only with secured virtual hub deployments.
46
46
47
-
-VNet to Internet (V2I) traffic filtering
47
+
-Virtual network to Internet (V2I) traffic filtering
48
48
49
-
- Filter outbound virtual network traffic with your preferred third-party security provider.
50
-
-Leverage advanced user-aware Internet protection for your cloud workloads running on Azure.
49
+
- Filter outbound virtual network traffic with your preferred partner security provider.
50
+
-Use advanced user-aware Internet protection for your cloud workloads running on Azure.
51
51
52
52
- Branch to Internet (B2I) traffic filtering
53
53
54
-
Leverage your Azure connectivity and global distribution to easily add third-party filtering for branch to Internet scenarios.
54
+
Use your Azure connectivity and global distribution to easily add partner filtering for branch to Internet scenarios.
55
55
56
56
For more information about security partner providers, see [What are Azure Firewall Manager security partner providers?](trusted-security-partners.md)
57
57
@@ -61,7 +61,7 @@ Easily route traffic to your secured hub for filtering and logging without the n
61
61
62
62
This feature is available only with secured virtual hub deployments.
63
63
64
-
You can use third-party providers for Branch to Internet (B2I) traffic filtering, side by side with Azure Firewall for Branch to VNet (B2V), VNet to VNet (V2V) and VNet to Internet (V2I).
64
+
You can use partner providers for Branch to Internet (B2I) traffic filtering, side by side with Azure Firewall for Branch to virtual network (B2V), virtual network to virtual network (V2V) and virtual network to Internet (V2I).
65
65
66
66
### DDoS protection plan
67
67
@@ -81,16 +81,16 @@ Azure Firewall Manager has the following known issues:
81
81
82
82
|Issue |Description |Mitigation |
83
83
|---------|---------|---------|
84
-
|Traffic splitting|Microsoft 365 and Azure Public PaaS traffic splitting isn't currently supported. As such, selecting a third-party provider for V2I or B2I also sends all Azure Public PaaS and Microsoft 365 traffic via the partner service.|Investigating traffic splitting at the hub.
84
+
|Traffic splitting|Microsoft 365 and Azure Public PaaS traffic splitting isn't currently supported. As such, selecting a partner provider for V2I or B2I also sends all Azure Public PaaS and Microsoft 365 traffic via the partner service.|Investigating traffic splitting at the hub.
85
85
|Base policies must be in same region as local policy|Create all your local policies in the same region as the base policy. You can still apply a policy that was created in one region on a secured hub from another region.|Investigating|
86
86
|Filtering inter-hub traffic in secure virtual hub deployments|Secured Virtual Hub to Secured Virtual Hub communication filtering is supported with the Routing Intent feature.|Enable Routing Intent on your Virtual WAN Hub by setting Inter-hub to **Enabled** in Azure Firewall Manager. See [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md) for more information about this feature.|
87
87
|Branch to branch traffic with private traffic filtering enabled|Branch to branch traffic can be inspected by Azure Firewall in secured hub scenarios if Routing Intent is enabled. |Enable Routing Intent on your Virtual WAN Hub by setting Inter-hub to **Enabled** in Azure Firewall Manager. See [Routing Intent documentation](../virtual-wan/how-to-routing-policies.md) for more information about this feature.|
88
88
|All Secured Virtual Hubs sharing the same virtual WAN must be in the same resource group.|This behavior is aligned with Virtual WAN Hubs today.|Create multiple Virtual WANs to allow Secured Virtual Hubs to be created in different resource groups.|
89
89
|Bulk IP address addition fails|The secure hub firewall goes into a failed state if you add multiple public IP addresses.|Add smaller public IP address increments. For example, add 10 at a time.|
90
-
|DDoS Protection not supported with secured virtual hubs|DDoS Protection is not integrated with vWANs.|Investigating|
91
-
|Activity logs not fully supported|Firewall policy does not currently support Activity logs.|Investigating|
92
-
|Description of rules not fully supported|Firewall policy does not display the description of rules in an ARM export.|Investigating|
93
-
|Azure Firewall Manager overwrites static and custom routes causing downtime in virtual WAN hub.|You should not use Azure Firewall Manager to manage your settings in deployments configured with custom or static routes. Updates from Firewall Manager can potentially overwrite static or custom route settings.|If you use static or custom routes, use the Virtual WAN page to manage security settings and avoid configuration via Azure Firewall Manager.<br><br>For more information, see [Scenario: Azure Firewall - custom](../virtual-wan/scenario-route-between-vnets-firewall.md).|
90
+
|DDoS Protection not supported with secured virtual hubs|DDoS Protection isn't integrated with vWANs.|Investigating|
91
+
|Activity logs not fully supported|Firewall policy doesn't currently support Activity logs.|Investigating|
92
+
|Description of rules not fully supported|Firewall policy doesn't display the description of rules in an ARM export.|Investigating|
93
+
|Azure Firewall Manager overwrites static and custom routes causing downtime in virtual WAN hub.|You shouldn't use Azure Firewall Manager to manage your settings in deployments configured with custom or static routes. Updates from Firewall Manager can potentially overwrite static or custom route settings.|If you use static or custom routes, use the Virtual WAN page to manage security settings and avoid configuration via Azure Firewall Manager.<br><br>For more information, see [Scenario: Azure Firewall - custom](../virtual-wan/scenario-route-between-vnets-firewall.md).|
0 commit comments