Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
Find out more

SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS

Valon_Kolica
Microsoft

‎Aug 29 2023 03:51 PM - edited ‎Sep 26 2023 05:31 PM

‎Aug 29 2023 03:51 PM - edited ‎Sep 26 2023 05:31 PM

SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS

UPDATED, post-AMA: Here is the AMA recording in case you

missed the live session.

 

*************************************************************

Please join us in this Ask Me Anything session with the Azure Network Security CxE PM team. During this session, the Azure Network Security SME (Subject Matter Experts), will answer your questions on Azure Firewall, Azure Firewall Manager, Azure Web Application Firewall and Azure DDoS. This will be a great forum for our Public Community members to learn, interact and have their feedback listened to by the Azure Network Security team.

 

Feel free to post your questions about Azure Network Security solution areas anytime in the comments before the event starts. The team will be answering questions during the live session, with priority given to the pre-submitted questions from the comments below. If you are new to Microsoft Tech-Community, please follow the sign-in instructions.

 

To register for the upcoming live AMA Sep 26, 2023, visit aka.ms/SecurityCommunity.

 

@Mohit_Kumar @andrewmathu @SaleemBseeu 

@davidfrazee @ShabazShaik @tobiotolorin @gusmodena 

 ANSlogo.png

 

 

5,500 Views
0 Likes
21 Replies
Reply
21 Replies
Rinus Werkhoven

‎Oct 02 2023 02:41 AM

‎Oct 02 2023 02:41 AM

Re: SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS

@Valon_Kolica how does Microsoft position the WAF? As a centrally managed device by a network team? Or decentral managed by an application team? We are building an Azure Landing zone as per CAF. The network edge devices like Azure Firewall etc, are managed by a central team. We see the WAF as a centrally managed device.

1 Like
Reply
andrewmathu

‎Oct 02 2023 03:38 AM

‎Oct 02 2023 03:38 AM

Re: SEP 26, 2023 | Ask-Me-Anything | Azure Firewall, Azure WAF and Azure DDoS

Hello @htakur03,

Thanks for your question.
To begin with, we would recommend that you use Application Gateway (SKU version 2) as Application Gateway (SKU version 1) will be retired - Deprecation Announcement - April 23, 2023 - https://learn.microsoft.com/en-us/azure/application-gateway/v1-retirement.

For the Azure Firewall Premium, the intermediate certificate is used. You can view the certificate requirements from this page - https://learn.microsoft.com/en-us/azure/firewall/premium-certificates. For production deployments, you should use an Enterprise PKI to generate the certificates that you use with Azure Firewall Premium. This is outlined in this document - https://learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca.

For the Application Gateway backend settings, you will use the root certificate of the Azure Firewall. You can check out this link for the end-to-end setup of Application Gateway with Firewall - https://learn.microsoft.com/en-us/azure/architecture/example-scenario/gateway/application-gateway-be.... You can also check out this blog on Zero Trust with Azure Network Security, which shows the steps when deploying Application Gateway with WAF, Azure Firewall and Azure DDoS - https://techcommunity.microsoft.com/t5/azure-network-security-blog/zero-trust-with-azure-network-sec...
0 Likes
Reply