Azure Firewall premium IDPS support

venkatesh pillai 21 Reputation points
2022-05-31T13:14:43.687+00:00

I want to know how the IDPS will work in case of a file upload (malware) will that will be detected and blocked as part of Azure firewall traffic?

Do we need to enable the TLS inspection to test this for HTTPS based traffic. Does it scan the whole content of the file or just the traffic.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
787 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,778 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. SUNOJ KUMAR YELURU 15,496 Reputation points MVP
    2022-05-31T15:05:09.123+00:00

    Hi @venkatesh pillai

    A network intrusion detection and prevention system (IDPS) allows you to monitor network activities for malicious activity, log information about this activity, report it, and optionally attempt to block it.

    When HTTPS traffic is inspected, Azure Firewall Premium can use its TLS inspection capability to decrypt the traffic and extract the target URL to validate whether access is permitted. TLS inspection requires opt-in at the application rule level. Once enabled, you can use URLs for filtering with HTTPS.

    refer- https://learn.microsoft.com/en-us/azure/firewall/premium-features

    If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.

    0 comments No comments

  2. Devaraj G 2,096 Reputation points Volunteer Moderator
    2022-05-31T15:59:01.767+00:00

    Hi Venkatsh,

    Azure IDPS does scan and log the file downloads by using patterns and sequence. But this should not be directly compared with endpoint security tool (like endpoint defender) where the scanning methodlogy is differant.

    It mostly concentrate on traffic patterns based on the signatures defined. It has hundreds of signatures that are designed to detect C&C connectivity, trojans, some exe's, botnest etc.

    with TLS, its traffic validation based on signratures.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.