By default, Azure Firewall operates in a transparent proxy mode, where traffic is routed through the firewall using a user-defined route (UDR) configuration.
Well, you can now enable explicit proxy mode for outbound traffic.
With this mode enabled, you have the option to configure a proxy setting (either manually or using PAC file) on the sending application, such as a web browser, with Azure Firewall acting as the designated proxy.
This allows traffic from the sending application to be directed to the private IP address of the firewall, facilitating direct egress from the firewall without the need for a UDR.
The Explicit proxy mode, currently available for HTTP/S traffic.
NOTE this new capability is only available for standard or premium firewall policy SKU
To enable explicit proxy mode, lookup for the Azure policy you want to enable to functionality and access the Explicit proxy blade to turn it on
When enabling the explicit mode, you can then defined the HTTP and HTTPS proxy ports as well as if you want to use a PAC file
If you want to use a PAC file, you will have to first upload it on a storage account and then grab the corresponding shared access signature (SAS) from the container hosting the PAC file; the SAS URL must have read permission.
If the PAC file is updated, a new SAS must be generated.