You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/features.md
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: firewall
5
5
author: vhorne
6
6
ms.service: azure-firewall
7
7
ms.topic: concept-article
8
-
ms.date: 08/30/2023
8
+
ms.date: 01/30/2025
9
9
ms.author: victorh
10
10
---
11
11
@@ -37,7 +37,7 @@ Azure Firewall includes the following features:
37
37
- Web categories
38
38
- Certifications
39
39
40
-
To compare Azure Firewall features for all Firewall SKUs, see [Choose the right Azure Firewall SKU to meet your needs](choose-firewall-sku.md).
40
+
To compare Azure Firewall features for all Firewall versions, see [Choose the right Azure Firewall version to meet your needs](choose-firewall-sku.md).
41
41
42
42
## Built-in high availability
43
43
@@ -49,7 +49,7 @@ Azure Firewall can be configured during deployment to span multiple Availability
49
49
50
50
You can also associate Azure Firewall to a specific zone just for proximity reasons, using the service standard 99.95% SLA.
51
51
52
-
There's no extra cost for a firewall deployed in more than one Availability Zone. Also, Microsoft has announced that Azure won't charge for the data transfer across availability zones, regardless of whether you use private or public IPs on your [Azure resources](https://azure.microsoft.com/updates/update-on-interavailability-zone-data-transfer-pricing/).
52
+
There's no extra cost for a firewall deployed in more than one Availability Zone. Also, Microsoft announced that Azure doesn't charge for the data transfer across availability zones, regardless of whether you use private or public IPs on your [Azure resources](https://azure.microsoft.com/updates/update-on-interavailability-zone-data-transfer-pricing/).
53
53
54
54
As the firewall scales, it creates instances in the zones it's in. So, if the firewall is in Zone 1 only, new instances are created in Zone 1. If the firewall is in all three zones, then it creates instances across the three zones as it scales.
55
55
@@ -92,11 +92,11 @@ A [service tag](service-tags.md) represents a group of IP address prefixes to he
92
92
93
93
## DNS proxy
94
94
95
-
With DNS proxy enabled, Azure Firewall can process and forward DNS queries from a Virtual Network(s) to your desired DNS server. This functionality is crucial and required to have reliable FQDN filtering in network rules. You can enable DNS proxy in Azure Firewall and Firewall Policy settings. To learn more about DNS proxy, see [Azure Firewall DNS settings](dns-settings.md).
95
+
With DNS proxy enabled, Azure Firewall can process and forward DNS queries from virtual networks to your desired DNS server. This functionality is crucial and required to have reliable FQDN filtering in network rules. You can enable DNS proxy in Azure Firewall and Firewall Policy settings. To learn more about DNS proxy, see [Azure Firewall DNS settings](dns-settings.md).
96
96
97
97
## Custom DNS
98
98
99
-
Custom DNS allows you to configure Azure Firewall to use your own DNS server, while ensuring the firewall outbound dependencies are still resolved with Azure DNS. You can configure a single DNS server or multiple servers in Azure Firewall and Firewall Policy DNS settings. Learn more about Custom DNS, see [Azure Firewall DNS settings](dns-settings.md).
99
+
Custom DNS allows you to configure Azure Firewall to use your own DNS server, while ensuring the firewall outbound dependencies are still resolved with Azure DNS. You can configure a single DNS server or multiple servers in Azure Firewall and Firewall Policy DNS settings. To learn more about Custom DNS, see [Azure Firewall DNS settings](dns-settings.md).
100
100
101
101
Azure Firewall can also resolve names using Azure Private DNS. The virtual network where the Azure Firewall resides must be linked to the Azure Private Zone. To learn more, see [Using Azure Firewall as DNS Forwarder with Private Link](https://github.com/adstuart/azure-privatelink-dns-azurefirewall).
102
102
@@ -116,9 +116,9 @@ Forced Tunnel mode can't be configured at run time. You can either redeploy the
116
116
117
117
## Outbound SNAT support
118
118
119
-
All outbound virtual network traffic IP addresses are translated to the Azure Firewall public IP (Source Network Address Translation). You can identify and allow traffic originating from your virtual network to remote Internet destinations. When Azure Firewall has multiple public IPs configured for providing outbound connectivity, any public IP may be chosen and we do not recommend building any dependencies on which public IP may be used for outbound connections.
119
+
All outbound virtual network traffic IP addresses are translated to the Azure Firewall public IP (Source Network Address Translation). You can identify and allow traffic originating from your virtual network to remote Internet destinations. When Azure Firewall has multiple public IPs configured for providing outbound connectivity, any public IP can be chosen and we don't recommend building any dependencies on which public IP can be used for outbound connections.
120
120
121
-
In scenarios where you have high throughput or dynamic traffic patterns, it is recommended to use an [Azure NAT Gateway](/azure/nat-gateway/nat-overview). Azure NAT Gateway dynamically selects public IPs for providing outbound connectivity. To learn more about how to integrate NAT Gateway with Azure Firewall, see [Scale SNAT ports with Azure NAT Gateway](/azure/firewall/integrate-with-nat-gateway).
121
+
In scenarios where you have high throughput or dynamic traffic patterns, it's recommended to use an [Azure NAT Gateway](/azure/nat-gateway/nat-overview). Azure NAT Gateway dynamically selects public IPs for providing outbound connectivity. To learn more about how to integrate NAT Gateway with Azure Firewall, see [Scale SNAT ports with Azure NAT Gateway](/azure/firewall/integrate-with-nat-gateway).
122
122
123
123
Azure NAT Gateway can be used with Azure Firewall by associating NAT Gateway to the Azure Firewall subnet. See the [Integrate NAT gateway with Azure Firewall](/azure/nat-gateway/tutorial-hub-spoke-nat-firewall) tutorial for guidance on this configuration.
124
124
@@ -160,7 +160,7 @@ You can configure Azure Firewall to route all Internet-bound traffic to a design
160
160
161
161
## Web categories
162
162
163
-
Web categories let administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Web categories are included in Azure Firewall Standard, but it's more fine-tuned in Azure Firewall Premium. As opposed to the Web categories capability in the Standard SKU that matches the category based on an FQDN, the Premium SKU matches the category according to the entire URL for both HTTP and HTTPS traffic. For more information about Azure Firewall Premium, see [Azure Firewall Premium features](premium-features.md).
163
+
Web categories let administrators allow or deny user access to web site categories such as gambling websites, social media websites, and others. Web categories are included in Azure Firewall Standard, but it's more fine-tuned in Azure Firewall Premium. As opposed to the Web categories capability in the Standard version that matches the category based on an FQDN, the Premium version matches the category according to the entire URL for both HTTP and HTTPS traffic. For more information about Azure Firewall Premium, see [Azure Firewall Premium features](premium-features.md).
164
164
165
165
For example, if Azure Firewall intercepts an HTTPS request for `www.google.com/news`, the following categorization is expected:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments