Planning and Procedures for deploying Azure Firewall best practice?

Question

People,

I need some help in planning and deploying Azure Firewall.
What's the best practice and the steps to configure it properly for multi-region deployments to protect workload like:

• Azure VMs
• Azure API
• Web Application

Thanks in advance.

Answer 1

@EnterpriseArchitect , Azure Firewall can be deployed in a central virtual network and peer other virtual networks to it in a hub-and-spoke model. You can then set the default route from the peered virtual networks to point to this central firewall virtual network. Global VNet peering is supported, but it isn't recommended because of potential performance and latency issues across regions. For best performance, deploy one firewall per region.

The advantage of this model is the ability to centrally exert control on multiple spoke VNETs across different subscriptions. There are also cost savings as you don't need to deploy a firewall in each VNet separately.

----------

Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

Answer 2

@EnterpriseArchitect ,

If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.

---

Best regards
Subhash