Choose the right Azure Firewall version to meet your needs

Azure Firewall offers three versions to meet various customer needs:

Azure Firewall Premium: Ideal for securing highly sensitive applications, such as payment processing. It includes advanced threat protection features like malware and TLS inspection.
Azure Firewall Standard: Suitable for customers requiring Layer 3-Layer 7 firewall capabilities with autoscaling to manage peak traffic up to 30 Gbps. It includes enterprise features like threat intelligence, DNS proxy, custom DNS, and web categories.
Azure Firewall Basic: Designed for SMB customers with throughput requirements up to 250 Mbps.

Feature comparison

Compare the features of the three Azure Firewall versions:

Category	Feature	Firewall Basic	Firewall Standard	Firewall Premium
L3-L7 filtering	Application level FQDN filtering (SNI based) for HTTPS/SQL	✓	✓	✓
	Network level FQDN filtering - all ports and protocols		✓	✓
	Stateful firewall (5 tuple rules)	✓	✓	✓
	Network address translation (SNAT+DNAT)	✓	✓	✓
Reliability & performance	Availability zones	✓	✓	✓
	Built-in HA	✓	✓	✓
	Cloud scalability (auto-scale as traffic grows)	Up to 250Mbps	Up to 30 Gbps	Up to 100 Gbps
	Fat flow support	N/A	1 Gbps	10 Gbps
Ease of management	Central management via firewall manager	✓	✓	✓
	Policy analytics (rule management over time)	✓	✓	✓
Enterprise integration	Full logging including SIEM integration	✓	✓	✓
	Service tags and FQDN tags for easy policy management	✓	✓	✓
	Easy DevOps integration using REST/PowerShell/CLI/templates/Terraform	✓	✓	✓
	Web content filtering (web categories)		✓	✓
	DNS proxy + custom DNS		✓	✓
Advanced threat protection	Threat intelligence-based filtering (known malicious IP address/domains)	Alert	✓	✓
	Inbound TLS termination (TLS reverse proxy)			Using Azure Application Gateway
	Outbound TLS termination (TLS forward proxy)			✓
	Fully managed IDPS			✓
	URL filtering (full path - including SSL termination)			✓

Use the following flow chart to determine the best Azure Firewall version for your needs.