This blog was co-authored by Gopikrishna Kannan, Senior Program Manager, Azure Networking.
Network security policies are constantly evolving to keep pace with workload demands. With workloads accelerating to the cloud, network security policies, especially Azure firewall policies, change frequently and are often updated multiple times per week (in many cases multiple times per day) . Over time, Azure Firewall’s network and application rules grow and can become suboptimal, impacting firewall performance and security. For example, high volume, frequently accessed rules may unintentionally rank lower. In some cases, applications are hosted on a network that has been migrated to another network. However, firewall rules referencing older networks have not been removed.
Optimizing firewall rules is a difficult task for any IT team. Especially for large, geographically dispersed organizations, Azure Firewall policy optimization can be manual, complex, and involve multiple teams across the globe. Updates are risky and can potentially impact a critical production workload, causing severe downtime. Well, not anymore!
Policy Analytics was developed to help IT teams manage Azure Firewall rules over time. It provides essential information and recommendations for optimizing Azure Firewall rules to strengthen your security posture. We are now excited to share this Policy Analytics for Azure Firewall is now in preview.
Optimize Azure Firewall rules with Policy Analytics
Policy Analytics helps IT teams address these challenges by providing visibility into traffic passing through the Azure Firewall. Key features available in the Azure portal include:
- Firewall flow logs: Shows all traffic passing through the Azure Firewall, along with the success rate and network and application rule matching. This view allows you to identify the main flows in all the rules. You can filter flows for specific sources, destinations, ports, and protocols.
- Rules analysis: Shows traffic flows mapped to destination, network, and application network address translation (DNAT) rules. This provides better visibility of all flows matching a rule over time. You can analyze rules in parent and child policies.
- Policy Information Panel: Consolidates policy information and highlights policy recommendations to optimize your Azure firewall policies.
- Single rule analysis: The single-rule analysis experiment analyzes traffic flows that match the selected rule and recommends optimizations based on observed traffic flows.
Dive into single-rule analysis
Let’s look at single-rule analysis. Here we select a rule of interest to analyze the matching flows and optimize them.
Users can analyze firewall rules with just a few clicks.
Figure 1: Start by selecting Single rule analysis.
With Policy Analytics, you can perform rule analysis by selecting the rule of interest. You can choose a rule to optimize. For example, you might want to analyze rules with a wide range of open ports or a large number of sources and destinations.
Figure 2: Select a rule and Run Analysis.
Policy Analytics displays recommendations based on actual traffic flows. You can review and apply the recommendations, including removing rules that don’t match any traffic or giving them a lower priority. You can also lock rules to specific ports that match the traffic.
picture 3: Review the results and Apply selected changes.
Pricing
In preview, enabling Policy Analytics on a firewall policy associated with a single firewall is charged per policy, as described on the Azure Firewall Manager pricing page. Enabling Policy Analytics on a firewall policy associated with multiple firewalls is offered at no additional cost.
Next steps
Policy Analytics for Azure Firewall simplifies firewall policy management by providing insights and a centralized view to help IT teams have better and consistent control of Azure Firewall. To learn more about Policy Analytics, see the following resources:
