You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Azure Firewall Premium IDPS, private IP address ranges are used to identify if traffic is inbound, outbound, or internal (East-West). Each signature is applied on specific traffic direction, as indicated in the signature rules table. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. So traffic sent from a private IP address range to a private IP address range is considered internal. To modify your private IP addresses, you can now easily edit, remove, or add ranges as needed.
63
-
64
-
:::image type="content" source="media/firewall-preview/idps-private-ip.png" alt-text="Screenshot showing I D P S private IP address ranges.":::
65
-
66
60
### Structured firewall logs (preview)
67
61
68
62
Today, the following diagnostic log categories are available for Azure Firewall:
@@ -179,6 +173,22 @@ Policy analytics starts monitoring the flows in the DNAT, Network, and Applicati
179
173
> [!TIP]
180
174
> Policy Analytics has a dependency on both Log Analytics and Azure Firewall resource specific logging. Verify the Firewall is configured appropriately or follow the previous instructions. Be aware that logs take 60 minutes to appear after enabling them for the first time. This is because logs are aggregated in the backend every hour. You can check logs are configured appropriately by running a log analytics query on the resource specific tables such as **AZFWNetworkRuleAggregation**, **AZFWApplicationRuleAggregation**, and **AZFWNatRuleAggregation**.
181
175
176
+
### Single click upgrade/downgrade (preview)
177
+
178
+
You can now easily upgrade you existing Firewall Standard SKU to Premium SKU as well as downgrade from Premium to Standard SKU. The process is fully automated and has no service impact (zero service downtime).
179
+
180
+
In the upgrade process, you can select the policy to be attached to the upgraded Premium SKU. Either by using an existing Premium Policy or by using your existing Standard Policy. You can use your existing Standard policy and let the system automatically duplicate, upgrade to Premium Policy, and then attach it to the newly created Premium Firewall.
181
+
182
+
This new capability is available through the Azure portal as as shown here, as well as via PowerShell and Terraform simply by changing the sku_tier attribute.
Copy file name to clipboardExpand all lines: articles/firewall/premium-features.md
+7-1Lines changed: 7 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ author: vhorne
5
5
ms.service: firewall
6
6
services: firewall
7
7
ms.topic: conceptual
8
-
ms.date: 10/12/2022
8
+
ms.date: 11/07/2022
9
9
ms.author: victorh
10
10
ms.custom: references_regions
11
11
---
@@ -77,6 +77,12 @@ IDPS allows you to detect attacks in all ports and protocols for non-encrypted t
77
77
78
78
The IDPS Bypass List allows you to not filter traffic to any of the IP addresses, ranges, and subnets specified in the bypass list.
79
79
80
+
### IDPS Private IP ranges
81
+
82
+
In Azure Firewall Premium IDPS, private IP address ranges are used to identify if traffic is inbound, outbound, or internal (East-West). Each signature is applied on specific traffic direction, as indicated in the signature rules table. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. So traffic sent from a private IP address range to a private IP address range is considered internal. To modify your private IP addresses, you can now easily edit, remove, or add ranges as needed.
83
+
84
+
:::image type="content" source="media/premium-features/idps-private-ip.png" alt-text="Screenshot showing I D P S private IP address ranges.":::
0 commit comments