Azure Firewall Basic Diagram by Microsoft Docs

Azure Firewall Basic SKU is now GA

Microsoft announces with the Azure Firewall Standard and Premium two native Firewall Services available as PaaS solution what are a great benefit to classic Firewall deployments, because of native Autoscaling Features, no need for VM Management and more. Unfortunately the price was to high for SMBs, with 900€ for the Standard and over 1200€ for the Premium Edition. A frequently requested Features, was a cheaper variant aimed at small and medium businesses.

This wish has been answered and last year October with the Azure Firewall Basic edition (public preview). The Azure Firewall Basic (AzFw Basic) has leaved the Public Preview and are now GA. The planned subscription must first be prepared before the deployment can begin with some Powershell commands.

Now Azure offers three different Azure Firewall solutions. The following table list the different SKUs and the price for using in West Europe (03/2023).

Microsoft has made some changes to deploy the Firewall Basic compared to the Firewall Standard and Premium SKU for better Service avalability. This article will give you a short overview of this changes.

Deployment

AzureFirewallManagementSubnet is only needed for the Azure Firewall Basic. The Azure Firewall Basic has limited throughput about 250MBps to avoid disruptions Microsoft route the Microsoft management traffic over this subnet. When try to deploy the Basic SKU in an existing VNET, this subnet must be created before deploying. The minimum subnet size for the AzureFirewallManagementSubnet is /26

{"code":"AzureFirewallSubnetIsNotBigEnough","message":"Subnet /subscriptions/xxxxxx-d309-4659-94ac-xxxxxxxxxxxx/resourceGroups/network_rg/providers/Microsoft.Network/virtualNetworks/VNET-Connectivity-Hub-Prod-WE/subnets/AzureFirewallManagementSubnet has a /28 address space, but it must be at least /26 for deploying an Azure Firewall."}]}

The Basic SKU needs two Public IP adresses. One is for the Outgoing/Incoming traffic and the other one are bound to the AzureFirewallManagement for separate Microsoft management traffic.

Microsoft Secure

Microsoft will start with a new digital event – Microsoft Secure. The Microsoft secure event will take place on March 28 and will focus on Microsoft security products like Defender for Cloud, Microsoft Sentinel and more. Take your seat on this free event.

Links

Leave a Reply

Your email address will not be published. Required fields are marked *