Chapter 3
Controlling traffic with Azure Firewall
Azure Firewall is a platform-as-a-service (PaaS) stateful firewall. The PaaS aspect of Azure Firewall is a unique feature among firewalls. To understand what Azure Firewall is, it can be helpful to first understand what it is not. It is not the same thing as, nor does it replace, Network Security Groups (NSGs). Azure Firewall is not the same as the per-resource PaaS firewalls found on services such as Azure Key Vault. Rather, Azure Firewall is a PaaS service meant to exist in a virtual network (VNet) for the purpose of centrally controlling traffic. Firewall has a growing set of capabilities to detect threats, but the focus of this chapter will be on network segmentation.