Merge pull request #237902 from vhorne/fw-suren-511

prmerger-automator[bot] · web-flow · commit 43f1ba3d9714 · 2023-05-12T13:15:21.000Z
update prem category and 3rd party config
diff --git a/articles/firewall-manager/deploy-trusted-security-partner.md b/articles/firewall-manager/deploy-trusted-security-partner.md
@@ -114,6 +114,14 @@ Next, you can check if VNet virtual machines or the branch site can access the I
 
 After finishing the route setting steps, the VNet virtual machines as well as the branch sites are sent a 0/0 to the third-party service route. You can't RDP or SSH into these virtual machines. To sign in, you can deploy the [Azure Bastion](../bastion/bastion-overview.md) service in a peered VNet.
 
+## Rule configuration
+
+Use the partner portal to configure firewall rules. Azure Firewall passes the traffic through.
+
+For example, you may observe allowed traffic through the Azure Firewall, even though there is no explicit rule to allow the traffic. This is because Azure Firewall passes the traffic to the next hop security partner provider (ZScalar, CheckPoint, or iBoss). Azure Firewall still has rules to allow outbound traffic, but the rule name is not logged.
+
+For more information, see the partner documentation.
+
 ## Next steps
 
 - [Tutorial: Secure your cloud network with Azure Firewall Manager using the Azure portal](secure-cloud-network.md)
diff --git a/articles/firewall/premium-features.md b/articles/firewall/premium-features.md
@@ -125,6 +125,8 @@ URL Filtering can be applied both on HTTP and HTTPS traffic. When HTTPS traffic
 
 Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Web categories are also included in Azure Firewall Standard, but it's more fine-tuned in Azure Firewall Premium. As opposed to the Web categories capability in the Standard SKU that matches the category based on an FQDN, the Premium SKU matches the category according to the entire URL for both HTTP and HTTPS traffic.
 
+Azure Firewall Premium web categories are only available in firewall policies. Ensure that your policy SKU matches the SKU of your firewall instance. For example, if you have a Firewall Premium instance, you must use a Firewall Premium policy.
+
 > [!IMPORTANT]
 > Microsoft is transitioning to an updated and new Web Content Filtering category feed in the next couple weeks. This will contain more granularity and additional subcategorizations.
 >

Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,8 @@ URL Filtering can be applied both on HTTP and HTTPS traffic. When HTTPS traffic`
`125`	`125`
`126`	`126`	`Web categories lets administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Web categories are also included in Azure Firewall Standard, but it's more fine-tuned in Azure Firewall Premium. As opposed to the Web categories capability in the Standard SKU that matches the category based on an FQDN, the Premium SKU matches the category according to the entire URL for both HTTP and HTTPS traffic.`
`127`	`127`
	`128`	`+Azure Firewall Premium web categories are only available in firewall policies. Ensure that your policy SKU matches the SKU of your firewall instance. For example, if you have a Firewall Premium instance, you must use a Firewall Premium policy.`
	`129`	`+`
`128`	`130`	`> [!IMPORTANT]`
`129`	`131`	`> Microsoft is transitioning to an updated and new Web Content Filtering category feed in the next couple weeks. This will contain more granularity and additional subcategorizations.`
`130`	`132`	`>`