Back in February, Microsoft announced the public preview of Azure Firewall Premium, a next generation firewall service for highly sensitive and regulated environments. After testing the service for past few months, Microsoft yesterday announced the general availability of Azure Firewall Premium. Obviously, customers have to pay more for Azure Firewall Premium when compared to the Standard offering. The deployment charge is 40 percent higher than Azure Firewall Standard and the data processing charge remains the same as Azure Firewall Standard.
- TLS inspection: Azure Firewall Premium terminates outbound and east-west transport layer security (TLS) connections. Inbound TLS inspection is supported in conjunction with Azure Application Gateway allowing end-to-end encryption. Azure Firewall performs the required value-added security functions and re-encrypts the traffic which is sent to the original destination.
- IDPS: Azure Firewall Premium provides signature-based intrusion detection and prevention system (IDPS) to allow rapid detection of attacks by looking for specific patterns, such as byte sequences in network traffic or known malicious instruction sequences used by malware.
- Web categories: Allows administrators to filter outbound user access to the internet based on categories (for example, social networking, search engines, gambling, and so on), reducing the time spent on managing individual fully qualified domain names (FQDNs) and URLs. This capability is also available for Azure Firewall Standard based on FQDNs only.
- URL filtering: Allow administrators to filter outbound access to specific URLs, not just FQDNs. This capability works for both plain text and encrypted traffic if TLS inspection is enabled.