Some of the most common networking related questions Codify receive during Cloudlift assessments are:
- How do I control traffic from Azure to the internet?
- Managing traffic entering and exiting Azure through ExpressRoute & Site-to-Site VPN’s?
While possible the only options have been a convoluted mix of a pair of Network Virtual Appliances (NVA’s), Network Security Groups (NSG’s) and Route Tables which lead to a complicated network routing patterns, and depending on your NVA vendor could involve convoluted failover processes.
The recently release Azure Firewall attempts to overcome some of these issues by offering a PaaS offering for network security. While it’s features are currently limited in Public Preview, it still covers most workloads that Codify have implemented previously. In conjunction with NSG’s & Log Analytics it comes out of the gate with a strong start.
- Highly available by default
- Simple to understand and use in the portal
- Integration with Log Analytics & OMS
- Limited functionality when compared to full products such as Palo Alto, Fortigate, ASA ect.
- Requires the use of User Defined Routes increasing complexity
- Outbound traffic only, requires the use of a WAF for inbound traffic
A great first step for a SaaS networking solution from Azure. The features released in the public preview cover over 80% of use cases that Codify have come across. Given that it is in public preview caution is advised as changes to the product may occur that impact your production environment.