question

Chapter7-2723 avatar image
0 Votes"
Chapter7-2723 asked AndreasBaumgarten edited

Azure firewall ns NSG

Hi

I read many articles. But could not understand what are the major difference between Azure firewall and NSG. Please tell me with example. thanks

azure-firewall
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered Chapter7-2723 commented

Hi @Chapter7-2723 ,

with Azure NSGs you are able to filter network traffic based on the following criteria in the Security Rules:

  • Inbound/Outbound traffic

  • Source IP and Port

  • Destination IP and Port

  • Protocol (TCP/UDP/ICMP/All)

  • Allow/Access

Source: https://docs.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

In addition to the NSGs the Azure Firewall offers more options:
Azure Firewall Standard: https://docs.microsoft.com/en-us/azure/firewall/features
Azure Firewall Premium: https://docs.microsoft.com/en-us/azure/firewall/premium-features

If you need more than simple network traffic control than the NSGs with Security Rules offers the Azure Firewall might be a good option.
Just keep in mind: An NSG is free of charge. The Azure Firewall costs are based on Tier (Standard/Premium), hours of deployed Firewall and traffic processed.


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Azure firewall has all NSG features?

0 Votes 0 ·
Chapter7-2723 avatar image
0 Votes"
Chapter7-2723 answered

Hi

Please answer me of these questions.

1- All NSG features are available in Azure firewall?

2- If we have some denied rules in NSG but same those rules are allowed in Azure firewall. In this case which rule will apply?


Regards

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered

Hi @Chapter7-2723 ,

regarding 1: yes
regarding 2: "deny" rule will "win"


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Chapter7-2723 avatar image
0 Votes"
Chapter7-2723 answered

Hi

Its mean NSG rule is stronger than Azure firewall?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered AndreasBaumgarten edited

Hi @Chapter7-2723 ,

it's not a matter of "stronger" or "weaker".
In a combination of different rules in NSG and Firewall a deny rule will block no matter if another rule allows.

FW - allow + NSG - deny = deny
FW - deny + NSG - allow = deny
FW - allow + NSG - allow = allow
FW - deny + NSG - deny = deny


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.