You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/secure-virtual-network.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ ms.author: allensu
6
6
ms.service: azure-virtual-network
7
7
ms.topic: conceptual
8
8
ms.custom: horz-security
9
-
ms.date: 06/03/2025
9
+
ms.date: 06/18/2025
10
10
ai-usage: ai-assisted
11
11
---
12
12
@@ -24,7 +24,7 @@ Network security for Virtual Networks focuses on controlling traffic flow, imple
24
24
25
25
-**Enable NSG flow logs for traffic monitoring**: Configure NSG flow logs to capture information about IP traffic flowing through your network security groups. Send these logs to Azure Monitor Log Analytics and use Traffic Analytics to visualize network activity and identify security threats. For more information, see [NSG flow logs](/azure/network-watcher/network-watcher-nsg-flow-logging-portal).
26
26
27
-
-**Deploy Azure Firewall with threat intelligence and IDPS**: Use Azure Firewall with threat intelligence-based filtering enabled to automatically alert on and deny traffic to known malicious IP addresses and domains. For enhanced protection, use Azure Firewall Premium with intrusion detection and prevention system (IDPS) features to monitor and block malicious network traffic. Position the firewall at network boundaries to provide centralized protection. For more information, see [Azure Firewall threat intelligence](/azure/firewall/threat-intel).
27
+
-**Deploy Azure Firewall for centralized, stateful protection**: Use Azure Firewall to control both inbound and outbound traffic across your virtual networks with fully stateful packet inspection. Define and manage application and network rules at scale using centralized Firewall Policies. Azure Firewall supports DNAT for secure inbound access and SNAT for consistent outbound connectivity. For enhanced security, enable threat intelligence-based filtering to automatically alert on and deny traffic to known malicious IP addresses and domains, and use Azure Firewall Premium with intrusion detection and prevention system (IDPS) to monitor and block malicious network traffic. Integrate with Azure Monitor for full traffic visibility and log analysis. For more information, see [Azure Firewall](/azure/firewall/overview).
28
28
29
29
-**Enable DDoS Protection Standard**: Activate DDoS Protection Standard on your virtual networks to defend against distributed denial-of-service attacks. This service provides enhanced DDoS mitigation capabilities and real-time monitoring for your public IP addresses. For more information, see [Azure DDoS Protection Standard](/azure/ddos-protection/manage-ddos-protection).
30
30
@@ -34,7 +34,7 @@ Network security for Virtual Networks focuses on controlling traffic flow, imple
34
34
35
35
-**Implement Azure Bastion for secure RDP/SSH access**: Use Azure Bastion to securely connect to virtual machines over RDP or SSH without exposing them to the public internet. Bastion eliminates the need for public IP addresses on VMs and reduces attack surface. For more information, see [Azure Bastion](/azure/bastion/bastion-overview).
36
36
37
-
-**Implement Azure NAT Gateway for outbound traffic**: Use Azure NAT Gateway to provide a static outbound IP address for virtual network resources, ensuring consistent egress traffic and simplifying firewall rules. NAT Gateway also provides protection against port exhaustion. For more information, see [Azure NAT Gateway](/azure/virtual-network/nat-gateway/nat-overview).
37
+
-**Implement Azure NAT Gateway for outbound traffic**: Use Azure NAT Gateway to provide a static outbound IP address for virtual network resources, ensuring secure and scalable egress traffic. NAT Gateway also provides protection against port exhaustion. For more information, see [Azure NAT Gateway](/azure/virtual-network/nat-gateway/nat-overview).
38
38
39
39
-**Use private endpoints and Private Link for Azure services**: Use Azure Private Link to access Azure PaaS services (like Azure Storage, SQL Database) over a private endpoint within your virtual network. Private Link eliminates exposure to the public internet and enhances security by keeping traffic within the Azure backbone network. For more information, see [Azure Private Link](/azure/private-link/private-link-overview).
0 commit comments