Microsoft has announced that the new Premium tier for its managed cloud-based network security service Azure Firewall has entered public preview starting today.

Azure Firewall requires zero maintenance and it provides customers with protection for their Azure Virtual Network resources, as well as with unrestricted cloud scalability and seamless deployment.

The Azure Firewall Premium public preview adds new capabilities required by highly sensitive and regulated environments.

“Azure Firewall Premium is utilizing Firewall Policy, a global resource that can be used to centrally manage your firewalls using Azure Firewall Manager,” Microsoft said.

“Starting this release, all new features will be configurable via Firewall Policy only. This includes TLS Inspection, IDPS, URL Filtering, web categories and more.”

Customers will still be able to use Firewall Rules (Classic) for configuring existing features for the Standard Firewall, while Firewall Policy can be managed independently or with the help of the Azure Firewall manager. 

Azure Firewall Premium Preview
Image: Microsoft

As detailed by Microsoft in today’s announcement, the new Azure Firewall Premium tier adds the following new capabilities:

  1. Transport Layer Security (TLS) Inspection: Azure Firewall Premium decrypts outbound traffic, performs the required value-added security functions and re-encrypt the traffic which is sent to the original destination.
  2. Intrusion Detection and Prevention System (IDPS): Azure Firewall Premium provides signature-based IDPS to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic, or known malicious instruction sequences used by malware.
  3. Web Categories: Allows administrators to allow or deny user access to the Internet based on categories (e.g. social networking, search engines, gambling), reducing the time spent on managing individual FQDNs and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
  4. URL Filtering: Allow users to access specific URLs for both plain text and encrypted traffic, typically being used in congestion with web categories.

The TLS Inspection capability blocks malware from being transmitted via encrypted connections and IDPS (short for intrusion detection and prevention system) helps to detect and block malicious traffic and activities.

Azure Firewall Premium also makes it possible to restrict access to web content using built-in URL filtering and enhanced content filtering capabilities through the Web Categories feature.

To deploy and configure Azure Firewall Premium Preview you need a free account and an Azure subscription.

Microsoft provides the template needed to deploy a complete Azure Firewall Premium testing environment here.