You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-preview.md
-4Lines changed: 0 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,10 +38,6 @@ With Structured Firewall Logs, you'll be able to choose to use Resource Specific
38
38
39
39
For more information, see [Azure Structured Firewall Logs (preview)](firewall-structured-logs.md).
40
40
41
-
### Policy Analytics (preview)
42
-
43
-
Policy Analytics provides insights, centralized visibility, and control to Azure Firewall. IT teams today are challenged to keep Firewall rules up to date, manage existing rules, and remove unused rules. Any accidental rule updates can lead to a significant downtime for IT teams.
44
-
45
41
### Explicit proxy (preview)
46
42
47
43
With the Azure Firewall Explicit proxy set on the outbound path, you can configure a proxy setting on the sending application (such as a web browser) with Azure Firewall configured as the proxy. As a result, traffic from a sending application goes to the firewall's private IP address, and therefore egresses directly from the firewall without using a user defined route (UDR).
description: Learn about Azure Firewall Policy Analytics (preview)
2
+
title: Azure Firewall Policy Analytics
3
+
description: Learn about Azure Firewall Policy Analytics
4
4
services: firewall
5
5
author: vhorne
6
6
ms.service: firewall
7
7
ms.topic: conceptual
8
-
ms.date: 01/26/2023
8
+
ms.date: 05/09/2023
9
9
ms.author: victorh
10
10
---
11
11
12
-
# Azure Firewall Policy Analytics (preview)
12
+
# Azure Firewall Policy Analytics
13
13
14
14
15
-
> [!IMPORTANT]
16
-
> This feature is currently in PREVIEW.
17
-
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
18
-
19
15
Policy Analytics provides insights, centralized visibility, and control to Azure Firewall. IT teams today are challenged to keep Firewall rules up to date, manage existing rules, and remove unused rules. Any accidental rule updates can lead to a significant downtime for IT teams.
20
16
21
17
For large, geographically dispersed organizations, manually managing Firewall rules and policies is a complex and sometimes error-prone process. The new Policy Analytics feature is the answer to this common challenge faced by IT teams.
@@ -26,7 +22,7 @@ You can now refine and update Firewall rules and policies with confidence in jus
26
22
27
23
## Pricing
28
24
29
-
Enabling Policy Analytics on a Firewall Policy associated with a single firewall is billed per policy as described on the [Azure Firewall Manager pricing](https://azure.microsoft.com/pricing/details/firewall-manager/) page. Enabling Policy Analytics on a Firewall Policy associated with more than one firewall is offered at no added cost.
25
+
New pricing for policy analytics is now in effect. See the [Azure Firewall Manager pricing](https://azure.microsoft.com/pricing/details/firewall-manager/) page for the latest pricing details.
30
26
31
27
## Key Policy Analytics features
32
28
@@ -35,48 +31,23 @@ Enabling Policy Analytics on a Firewall Policy associated with a single firewall
35
31
-**Traffic flow analysis**: Maps traffic flow to rules by identifying top traffic flows and enabling an integrated experience.
36
32
-**Single Rule analysis**: Analyzes a single rule to learn what traffic hits that rule to refine the access it provides and improve the overall security posture.
37
33
38
-
## Prerequisites
39
-
40
-
- An Azure Firewall Standard or Premium
41
-
- An Azure Firewall Standard or Premium policy attached to the Firewall
42
-
- The [Azure Firewall network rule name logging (preview)](firewall-network-rule-logging.md) must be enabled to view network rules analysis.
43
-
- The [Azure Structured Firewall Logs (preview)](firewall-structured-logs.md) must be enabled on Firewall Standard or Premium.
44
-
45
34
46
35
## Enable Policy Analytics
47
36
48
37
Policy analytics starts monitoring the flows in the DNAT, Network, and Application rule analysis only after you enable the feature. It can't analyze rules hit before the feature is enabled.
49
38
50
-
### Firewall with no diagnostics settings configured
51
-
52
39
53
-
1. Once all prerequisites are met, select **Policy analytics (preview)** in the table of contents.
40
+
1. Select **Policy analytics** in the table of contents.
54
41
2. Next, select **Configure Workspaces**.
55
42
3. In the pane that opens, select the **Enable Policy Analytics** checkbox.
56
43
4. Next, choose a log analytics workspace. The log analytics workspace should be the same as the Firewall attached to the policy.
57
44
5. Select **Save** after you choose the log analytics workspace.
58
-
6. Go to the Firewall attached to the policy and enter the **Diagnostic settings** page. You'll see the **FirewallPolicySetting** added there as part of the policy analytics feature.
59
-
7. Select **Edit Setting**, and ensure the **Resource specific** toggle is checked, and the highlighted tables are checked. In the previous example, all logs are written to the log analytics workspace.
60
-
61
-
### Firewall with Diagnostics settings already configured
62
-
63
-
1. Ensure that the Firewall attached to the policy is logging to **Resource Specific** tables, and that the following three tables are also selected:
64
-
- AZFWApplicationRuleAggregation
65
-
- AZFWNetworkRuleAggregation
66
-
- AZFWNatRuleAggregation
67
-
2. Next, select **Policy Analytics (preview)** in the table of contents. Once inside the feature, select **Configure Workspaces**.
68
-
3. Now, select **Enable Policy Analytics**.
69
-
4. Next, choose a log analytics workspace. The log analytics workspace should be the same as the Firewall attached to the policy.
70
-
5. Select **Save** after you choose the log analytics workspace.
71
-
72
-
During the save process, you might see the following error message: **Failed to update Diagnostic Settings**
73
-
74
-
You can disregard this error message if the policy was successfully updated.
75
45
76
46
> [!TIP]
77
47
> Policy Analytics has a dependency on both Log Analytics and Azure Firewall resource specific logging. Verify the Firewall is configured appropriately or follow the previous instructions. Be aware that logs take 60 minutes to appear after enabling them for the first time. This is because logs are aggregated in the backend every hour. You can check logs are configured appropriately by running a log analytics query on the resource specific tables such as **AZFWNetworkRuleAggregation**, **AZFWApplicationRuleAggregation**, and **AZFWNatRuleAggregation**.
78
48
79
49
## Next steps
80
50
81
51
82
-
- To learn more about Azure Firewall logs and metrics, see [Azure Firewall logs and metrics](logs-and-metrics.md).
52
+
- To learn more about Azure Firewall logs and metrics, see [Azure Firewall logs and metrics](logs-and-metrics.md).
53
+
- To learn more about Azure Firewall structured logs, see [Azure Firewall structured logs](firewall-structured-logs.md).
0 commit comments