Introduction

Design and implement Azure Firewall. In this lesson we examine Azure Firewall — a cloud-native, stateful firewall-as-a-service that protects resources within Azure Virtual Networks. This module emphasizes practical configuration and architectural integration so you can deploy Azure Firewall as a centralized security control in cloud networks.

Learning objective	What you’ll learn	Reference
Understand core capabilities	Stateful traffic inspection, built‑in high availability, scalability, logging/monitoring, and integrations with Azure services	Azure Firewall overview
Rule processing (NAT, network, application)	How Azure Firewall evaluates and applies NAT rules, network rules, and application rules to control traffic flow	Rule overview
Deployment and configuration	Step‑by‑step setup from the Azure portal, recommended settings, and operational best practices	Azure portal
Hub-and-spoke integration	Using Azure Firewall as a central security point in a hub-and-spoke topology, routing and UDR considerations, and traffic inspection patterns	Hub-and-spoke architecture

A presentation slide titled "Learning Objectives" showing four numbered goals about Azure Firewall. The objectives cover its key capabilities (stateful inspection, high availability, Azure integration), how it handles NAT/network/application rules, setup via the Azure portal, and using it as a central security point in a hub-and-spoke design.

Before you begin, ensure familiarity with Azure Virtual Network fundamentals, route tables (UDRs), and basic Azure role-based access control (RBAC). These topics ease deployment and troubleshooting when you configure Azure Firewall rules and routing.

In the sections that follow we will:

Introduce core Azure Firewall concepts and capabilities, including high availability and telemetry.
Step through rule processing order and examples for NAT rules, network rules, and application rules.
Demonstrate a common hub-and-spoke deployment pattern with configuration examples, routing considerations, and traffic-flow diagrams to reinforce the concepts.

Watch Video

ExpressRoute SKUs

Azure Firewall

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

Introduction

Watch Video