Introduction

Azure Firewall Manager is the centralized control plane for deploying and operating Azure Firewall at scale. Instead of configuring each firewall instance independently, Firewall Manager lets you define and enforce consistent security policies across multiple firewalls, subscriptions, and regions—reducing configuration drift and improving governance. In this lesson we will cover four core objectives that are essential for designing an enterprise-grade Firewall Manager deployment:

Understand Azure Firewall Manager’s capabilities and its role in enterprise security.
Create, manage, and apply Firewall Policies at scale to enforce consistent rules.
Compare deployment models: Hub Virtual Network (hub-and-spoke) vs. Secure Virtual Hub (Azure Firewall Manager integrated with Virtual WAN) and when to use each.
Apply design best practices to build a secure, scalable, and operationally efficient Firewall Manager architecture.

A slide titled "Learning Objectives" that lists four goals for Azure Firewall Manager: understand its key capabilities, create/manage/apply security policies at scale, compare hub virtual networks versus secured virtual hubs, and review steps and best practices to secure cloud environments. The layout includes a blue-green gradient sidebar with colorful numbered markers for each objective.

Why these objectives matter

Learning Objective	Why it matters	Example outcome
Understand capabilities	Clarifies how Firewall Manager fits into a secure cloud network posture	Easier ROI justification and governance planning
Create/manage security policies	Ensures consistent enforcement across deployments	Fewer security gaps and faster policy rollout
Compare deployment models	Helps choose the right architecture for connectivity and scale	Select Hub VNet for classical hub-and-spoke, Secure Virtual Hub for Virtual WAN scenarios
Best practices & design	Reduces operational burden and improves reliability	Automated policy lifecycle, monitoring, and incident response

Tip: Azure Firewall Manager works with Azure Firewall and Firewall Policy resources. Use management groups and policy inheritance to apply rules across subscriptions and regions. For official docs, see Azure Firewall Manager documentation.

This lesson will guide you through the concepts, configuration patterns, and best practices so you can design an Azure Firewall Manager deployment that is secure, scalable, and operationally manageable. Let’s get started.

Watch Video

Verify Circuit Provisioning and State

Azure Firewall Manager

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

Introduction

Watch Video