Merge pull request #197362 from vhorne/fwm-waf-integrate

start manage waf policies

Author: denrea

articles/firewall-manager/manage-web-application-firewall-policies.md

@@ -0,0 +1,55 @@
+---
+title: Manage Azure Web Application Firewall policies (preview)
+description: Learn how to use Azure Firewall Manager to manage Azure Web Application Firewall policies
+author: vhorne
+ms.author: victorh
+ms.service: firewall-manager
+ms.topic: how-to
+ms.date: 06/01/2022
+---
+
+# Manage Web Application Firewall policies (preview)
+
+You can centrally create and associate Web Application Firewall (WAF) policies for your application delivery platforms, including Azure Front Door and Azure Application Gateway.
+
+> [!IMPORTANT]
+> Managing Web Application Firewall policies using Azure Firewall Manager is currently in PREVIEW.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+## Prerequisites 
+
+- A deployed [Azure Front Door](../frontdoor/quickstart-create-front-door.md) or [Azure Application Gateway](../application-gateway/quick-create-portal.md)
+
+## Associate a WAF policy
+
+1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
+2. In the Azure portal search bar, type **Firewall Manager** and press **Enter**.
+3. On the Azure Firewall Manager page, select **Application Delivery Platforms**.
+   :::image type="content" source="media/manage-web-application-firewall-policies/application-delivery-platforms.png" alt-text="Screenshot of Firewall Manager application delivery platforms.":::
+1. Select your application delivery platform (Front Door or Application Gateway) to associate a WAF policy. In this example, we'll associate a WAF policy to a Front Door.
+1. Select **Manage Security** and then select **Associate WAF policy**.
+   :::image type="content" source="media/manage-web-application-firewall-policies/associate-waf-policy.png" alt-text="Screenshot of Firewall Manager associate WAF policy.":::
+1. Select either an existing policy or **Create New**.
+1. Select the domain(s) that you want the WAF policy to protect with your Azure Front Door profile.
+1. Select **Associate**.
+
+## View and manage WAF policies
+
+1. On the Azure Firewall Manager page, under **Security**, select **Web application firewall policies** to view all your policies.
+1. Select **Add** to create a new WAF policy or import settings from an existing WAF policy.
+   :::image type="content" source="media/manage-web-application-firewall-policies/web-application-firewall-policies.png" alt-text="Screenshot of Firewall Manager Web Application Firewall policies.":::
+
+## Upgrade Application Gateway WAF configuration to WAF policy
+
+For Application Gateway with WAF configuration, you can upgrade the WAF configuration to a WAF policy associated with Application Gateway. 
+
+The WAF policy can be shared to multiple application gateways. Also, a WAF policy allows you to take advantage of advanced and new features like bot protection, newer rule sets, and reduced false positives. New features are only released on WAF policies.
+
+To upgrade a WAF configuration to a WAF policy, select **Upgrade from WAF configuration** from the desired application gateway.
+
+:::image type="content" source="media/manage-web-application-firewall-policies/upgrade-policy.png" alt-text="Screenshot showing upgrade from WAF configuration.":::
+
+## Next steps
+
+- [Configure an Azure DDoS Protection Plan using Azure Firewall Manager (preview)](configure-ddos.md)
+

articles/firewall-manager/media/manage-web-application-firewall-policies/application-delivery-platforms.png

@@ -66,6 +66,8 @@
     href: rule-hierarchy.md
   - name: Configure DDoS Protection Plan
     href: configure-ddos.md
+  - name: Manage WAF policies
+    href: manage-web-application-firewall-policies.md
 - name: Reference
   items:
   - name: Azure CLI

articles/firewall-manager/media/manage-web-application-firewall-policies/associate-waf-policy.png

@@ -5,7 +5,7 @@ services: web-application-firewall
 author: vhorne
 ms.service: web-application-firewall
 ms.topic: conceptual
-ms.date: 03/30/2022
+ms.date: 05/06/2022
 ms.author: victorh
 ---
 
@@ -108,7 +108,7 @@ If bot protection is enabled, incoming requests that match bot rules are logged
 
 ## Configuration
 
-You can configure and deploy all WAF rule types using the Azure portal, REST APIs, Azure Resource Manager templates, and Azure PowerShell.
+You can configure and deploy all WAF policies using the Azure portal, REST APIs, Azure Resource Manager templates, and Azure PowerShell. You can also configure and manage Azure WAF policies at scale using Firewall Manager integration (preview). For more information, see [Use Azure Firewall Manager to manage Web Application Firewall policies (preview)](../shared/manage-policies.md).
 
 ## Monitoring
 

articles/firewall-manager/media/manage-web-application-firewall-policies/upgrade-policy.png

@@ -5,7 +5,7 @@ description: This article provides an overview of Web Application Firewall (WAF)
 services: web-application-firewall
 author: vhorne
 ms.service: web-application-firewall
-ms.date: 04/21/2022
+ms.date: 05/06/2022
 ms.author: victorh
 ms.topic: conceptual
 ---
@@ -141,6 +141,10 @@ There's a threshold of 5 for the Anomaly Score to block traffic. So, a single *C
 > [!NOTE]
 > The message that's logged when a WAF rule matches traffic includes the action value "Blocked." But the traffic is actually only blocked for an Anomaly Score of 5 or higher. For more information, see [Troubleshoot Web Application Firewall (WAF) for Azure Application Gateway](web-application-firewall-troubleshoot.md#understanding-waf-logs). 
 
+### Configuration
+
+You can configure and deploy all WAF policies using the Azure portal, REST APIs, Azure Resource Manager templates, and Azure PowerShell. You can also configure and manage Azure WAF policies at scale using Firewall Manager integration (preview). For more information, see [Use Azure Firewall Manager to manage Web Application Firewall policies (preview)](../shared/manage-policies.md).
+
 ### WAF monitoring
 
 Monitoring the health of your application gateway is important. Monitoring the health of your WAF and the applications that it protects are supported by integration with Microsoft Defender for Cloud, Azure Monitor, and Azure Monitor logs.

articles/firewall-manager/media/manage-web-application-firewall-policies/web-application-firewall-policies.png

@@ -0,0 +1,25 @@
+---
+title: Use Azure Firewall Manager to manage Web Application Firewall policies (preview)
+description: Learn about managing Azure Web Application Firewall policies using Azure Firewall Manager
+author: vhorne
+ms.author: victorh
+ms.service: web-application-firewall
+ms.topic: conceptual
+ms.date: 06/01/2022
+---
+
+# Use Azure Firewall Manager to manage Web Application Firewall policies (preview)
+
+> [!IMPORTANT]
+> Managing Web Application Firewall policies using Azure Firewall Manager is currently in PREVIEW.
+> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
+
+Azure Firewall Manager is a central network security policy and route management service that allows administrators and organizations to protect their networks and cloud platforms at scale, all in one central place.
+
+## Create and associate policies
+
+You can use Azure Firewall Manager to centrally create, associate, and manage Web Application Firewall (WAF) policies for your application delivery platforms, including Azure Front Door and Azure Application Gateway.
+
+## Next steps
+
+- [Manage Azure Web Application Firewall policies (preview)](../../firewall-manager/manage-web-application-firewall-policies.md)

articles/firewall-manager/toc.yml

@@ -141,6 +141,8 @@
       href: ./afds/waf-front-door-tutorial-geo-filtering.md
     - name: Monitoring and logging
       href: ./afds/waf-front-door-monitor.md
+  - name: Manage policies
+    href: ./shared/manage-policies.md
   - name: Using Microsoft Sentinel with Web Application Firewall
     href: waf-sentinel.md
   - name: Troubleshoot