Enable and use Azure Firewall Application Rules to segment internal Azure or On-Prem sources and destinations

Implementation Effort: Medium

User Impact: Low

Overview

Enable and use Azure Firewall Application Rules to enforce granular, application-layer segmentation for internal Azure and on-premises traffic by defining Application Rule Collections—each with a priority, action (Allow/Deny), and rules that specify source IPs or IP Groups along with destination FQDNs (or FQDN tags), optional URL path patterns, and supported protocols (HTTP, HTTPS, and MSSQL). These rules also leverage the firewall’s built-in TLS inspection capability to decrypt and inspect encrypted application traffic.

Author and deploy your policies via the Azure portal, CLI, ARM templates, or centrally with Azure Firewall Manager to ensure that only explicitly permitted application flows traverse your east–west and north–south boundaries, dramatically reducing your attack surface.

Reference

Configure Azure Firewall rules
Azure Firewall Policy rule sets
Deploy and configure Azure Firewall using the Azure portal
What is Azure Firewall Manager?

Overview​

Reference​

Overview

Reference