Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Firewall offers three versions to meet various customer needs:
- Azure Firewall Premium: Ideal for securing highly sensitive applications, such as payment processing. It includes advanced threat protection features like malware and TLS inspection.
- Azure Firewall Standard: Suitable for customers requiring Layer 3-Layer 7 firewall capabilities with autoscaling to manage peak traffic up to 30 Gbps. It includes enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
- Azure Firewall Basic: Designed for SMB customers with throughput requirements up to 250 Mbps.
Feature comparison
Compare the features of the three Azure Firewall versions:
Category | Feature | Firewall Basic | Firewall Standard | Firewall Premium |
---|---|---|---|---|
L3-L7 filtering | Application level FQDN filtering (SNI based) for HTTPS/SQL | ✓ | ✓ | ✓ |
Network level FQDN filtering - all ports and protocols | ✓ | ✓ | ||
Stateful firewall (5 tuple rules) | ✓ | ✓ | ✓ | |
Network address translation (SNAT+DNAT) | ✓ | ✓ | ✓ | |
Reliability & performance | Availability zones | ✓ | ✓ | ✓ |
Built-in HA | ✓ | ✓ | ✓ | |
Cloud scalability (auto-scale as traffic grows) | Up to 250Mbps | Up to 30 Gbps | Up to 100 Gbps | |
Fat flow support | N/A | 1 Gbps | 10 Gbps | |
Ease of management | Central management via firewall manager | ✓ | ✓ | ✓ |
Policy analytics (rule management over time) | ✓ | ✓ | ✓ | |
Enterprise integration | Full logging including SIEM integration | ✓ | ✓ | ✓ |
Service tags and FQDN tags for easy policy management | ✓ | ✓ | ✓ | |
Easy DevOps integration using REST/PowerShell/CLI/templates/Terraform | ✓ | ✓ | ✓ | |
Web content filtering (web categories) | ✓ | ✓ | ||
DNS proxy + custom DNS | ✓ | ✓ | ||
Advanced threat protection | Threat intelligence-based filtering (known malicious IP address/domains) | Alert | ✓ | ✓ |
Inbound TLS termination (TLS reverse proxy) | Using Azure Application Gateway | |||
Outbound TLS termination (TLS forward proxy) | ✓ | |||
Fully managed IDPS | ✓ | |||
URL filtering (full path - including SSL termination) | ✓ |
Flow chart
Use the following flow chart to determine the best Azure Firewall version for your needs.