Azure Firewall is a cloud-native and intelligent network firewall security service that provides the best of breed threat protection for your cloud workloads running in Azure. It's a fully stateful, firewall as a service with built-in high availability and unrestricted cloud scalability. It provides both east-west and north-south traffic inspection.
Azure Firewall is offered in three SKUs: Standard, Premium, and Basic.
Azure Firewall includes the following features:
Built-in high availability
Availability Zones
Unrestricted cloud scalability
Application FQDN filtering rules
Network traffic filtering rules
FQDN tags
Service tags
Threat intelligence
DNS proxy
Custom DNS
FQDN in network rules
Deployment without public IP address in Forced Tunnel Mode
Outbound SNAT support
Inbound DNAT support
Multiple public IP addresses
Azure Monitor logging
Forced tunneling
Web categories
Certifications
Built-in high availability
High availability is built in, so no extra load balancers are required and there's nothing you need to configure.
Availability Zones
Azure Firewall can be configured during deployment to span multiple Availability Zones for increased availability. With Availability Zones, your availability increases to 99.99% uptime. For more information, see the Azure Firewall Service Level Agreement (SLA). The 99.99% uptime SLA is offered when two or more Availability Zones are selected.
You can also associate Azure Firewall to a specific zone just for proximity reasons, using the service standard 99.95% SLA.
There's no additional cost for a firewall deployed in more than one Availability Zone. However, there are added costs for inbound and outbound data transfers associated with Availability Zones. For more information, see Bandwidth pricing details.
Azure Firewall Availability Zones are available in regions that support Availability Zones. For more information, see Regions that support Availability Zones in Azure
Note