Firewall performance monitoring

Question

Firewall performance monitoring

HandinataTanudjaja-6677 380

Hi everyone,

Could we please have a guide to monitor Firewall's performance?

Thank you

Accepted answer

0 additional answers

Your answer

Answer 1

Hello Handinata Tanudjaja

I understand that you're looking to effectively monitor and evaluate your Firewall's performance. Here’s a step-by-step guide to help you identify any issues and optimize performance:

Identify Key Metrics to Monitor

To gauge the performance of your Firewall, focus on the following metrics:

Latency: Measure traffic latency to see how much delay your Firewall introduces. Compare latency measurements with and without the Firewall.
Traffic Throughput: Monitor the amount of data passing through the Firewall to understand its capacity.
Data Processed: Keep track of the total data processed to assess workload.
Rule Hits: Track which rules are hit most frequently to identify potential bottlenecks.

Set Up Monitoring Tools

Leverage Azure Monitor or equivalent solutions to collect and analyze the metrics mentioned above:

Use Azure Monitor to aggregate logs and performance data.
Set up alerts on key metrics to ensure you are notified of any concerning deviations from baseline performance. For example-Configure alerts for:
- CPU > 80% for more than 5 min
- SNAT port usage > 90%
- Throughput near SKU limit
- Unexpected spike in denied connections

Analyze Logs & Metrics Regularly

Regularly review the collected data:

Inspect traffic logs to analyze permitted vs. denied access attempts, looking for any patterns that indicate security threats or misconfigurations.
Use Log Analytics / SIEM / Dashboard: Set up custom dashboards or queries.

Configuration Adjustments

Based on the analysis:

Optimize Rules: If certain rules are causing latency spikes, reconsider their placement or structure. Use less restrictive rules where possible.
Logging and Audit: Ensure that your firewall logging is configured to capture essential events (like dropped packets) for further troubleshooting.

Regular Health Checks and Updates

Keep your firewall updated for performance fixes and enhancements.
Test the Firewall’s impact on network latency and adjust configurations if any thresholds are exceeded.
Simulate network traffic to assess the Firewall's performance under load.

Refer Best Practices for Azure Firewall, Azure Monitor Firewall

Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.

HandinataTanudjaja-6677 380 Reputation points

2025-05-07T01:24:59.6+00:00

Thank you.
Could you please explain on how to set it up?
Let's take an example of the Rule Hits.

Thanks
Sindhuja Dasari 940 Reputation points Microsoft External Staff Moderator

2025-05-07T10:24:03.65+00:00

Hello Handinata Tanudjaja

Thank you for your response. Let's walk through how to set up monitoring and analysis for Rule Hits in Azure Firewall using Log Analytics.

Enable Diagnostic Logging to Log Analytics

Go to your Azure Firewall resource.

In the left pane, click “Diagnostics settings”.

Click “+ Add diagnostic setting”.

Choose-->Category logs: Enable at least: AzureFirewallApplicationRule, AzureFirewallNetworkRule

Destination: Select Log Analytics workspace

Click Save.

Configure Log Analytics Workspace:

Ensure that logs are being stored in Azure Monitor.

Use Kusto Query Language (KQL) to analyze firewall logs if you need per-rule visibility.

Set Up Metrics for Rule Hits

Go to Azure Monitor > Metrics.

Select Azure Firewall as the resource.

Choose Application Rule Hit Count or Network Rule Hit Count to track rule usage.

Define Alerts for Rule Hits

In Azure Monitor, create an alert rule for excessive rule hits.

Set thresholds (e.g., if a rule is triggered 100 times in an hour, send a notification)

Eg. Alert if ApplicationRuleHitCount drops to 0 for 30 minutes (suggests outage or misrouting)

Eg. Alert if NetworkRuleHitCount exceeds a certain value (indicating surge in traffic)

Additionally, you can create an Azure Firewall Workbook for visualization

In your Log Analytics workspace: Go to Workbooks > + New.

Add a query tile: Paste a rule hit query. Visualize as bar chart or time chart.

Add filters for RuleName or TimeRange to allow interactivity.

Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.
Sindhuja Dasari 940 Reputation points Microsoft External Staff Moderator

2025-05-08T09:30:48.0266667+00:00

Hello Handinata Tanudjaja

Following up to see if the above information was helpful. And, if you have any further query do let us know.

Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.

Share via

Firewall performance monitoring

0 additional answers

Your answer