Azure – You can now review and optimize your Azure Firewall policies with Policy Analytics (preview)

If you use Azure Firewall you know you have to create (and then maintain) a Firewall Policy; which can become a tricky operation as policy updates may be required several a week or a day.

In addition, the team in charge of maintaining such policies may not be aware of updates impacting the protected workloads – such as decommissioning, network reassignment or incorrect rules priority.

Ove time, with more and more rules, old/incorrect references, the firewall performance and potentially the security too.

To help maintaining and optimizing Firewall Policies, you can now use the Policy Analytics.

To do so, connect to your Azure portal (https://portal.azure.com/) and search for Firewall policies to access the list of all your policies

image

Then select the policy you want to analyze to access the Policy Analytics blade under the Monitoring section

image

There you will already have a high level Insights of your policy and rules health; you can then quickly have an overview of your policies

image

The insights report duplicate rules (same source/target/protocol, rules utilization… This is already a first level to quickly optimize your policy

Then you need to configure a Log Analytics workspace by hitting the Configure workspace; this will open the workspace configuration blade to let you enable the policy analytics, select the subscription, resource group and Log Analytics workspace you want to use

image  image

If you later disable the Policy Analytics, the associated data will be removed from the workspace

Once you have configured the workspace you will get additional insights, such as potential malicious sources

You can also use the Single-rule analysis which then will deeper help you to optimize the rules

image  image

After running the analysis, you will get deep insights for this specific rule with recommendations

image

Pricing: while in preview, the Policy Analytics is provided at no additional cost if the Firewall Policy is associated to more than 1firewall; if associated to only 1 firewall, it will be billed per policy (https://azure.microsoft.com/en-us/pricing/details/firewall-manager/)

Leave a Comment

Your email address will not be published. Required fields are marked *