- Understand the core capabilities of Azure Firewall, including stateful traffic inspection, built-in high availability, and integration with Azure Monitor, Azure Policy, and diagnostic logging.
- Learn how Azure Firewall evaluates and applies NAT rules, network rules, and application rules to control, filter, and translate traffic.
- Explore deployment options and step-by-step configuration of Azure Firewall using the Azure portal (Azure portal) and automation approaches.
- See how Azure Firewall functions as a central security enforcement point in hub-and-spoke network topologies, including traffic flow patterns and route considerations.
- Clarify differences between Azure Firewall and other Azure network controls (Network Security Groups, Azure DDoS Protection, Application Gateway) to determine the appropriate use case for each.

Learning outcomes (at a glance)
Tip: Use Azure Firewall as the centralized enforcement layer for outbound and east-west traffic in hub-and-spoke topologies, and pair it with NSGs for per-subnet micro-segmentation to achieve layered defense.
Links and references
- Azure portal: https://portal.azure.com
- Azure Firewall overview: https://learn.microsoft.com/azure/firewall
- Azure networking concepts: https://learn.microsoft.com/azure/architecture/reference-architectures/hybrid-networking/virtual-network-hub-spoke
Warning: Azure Firewall is billed based on deployment SKU and processed data; review pricing and service limits before production deployment. See the Azure Firewall pricing and limits documentation for details.