Azure 防火墙集中管理Azure Firewall central management

如果管理多个防火墙,你会发现,不断变化的防火墙规则将使其难以保持同步。中央 IT 团队需要一种方法来定义基本防火墙策略,并跨多个业务部门实施这些策略。If you manage multiple firewalls, you know that continuously changing firewall rules make it difficult to keep them in sync. Central IT teams need a way to define base firewall policies and enforce them across multiple business units. 同时,DevOps 团队希望创建自己的本地派生防火墙策略,以提高灵活性。At the same time, DevOps teams want to create their own local derived firewall policies for better agility.

Azure 防火墙管理器可以帮助解决这些问题。Azure Firewall Manager can help solve these problems.

Azure 防火墙管理器Azure Firewall Manager

Azure 防火墙管理器是一种网络安全管理服务,可为基于云的安全外围提供安全策略和路由集中管理。Azure Firewall Manager is a network security management service that provides central security policy and route management for cloud-based security perimeters. 借助它,企业 IT 团队可以轻松地集中定义跨多个 Azure 防火墙实例进行流量筛选的网络和应用程序级规则。It makes it easy for Enterprise IT teams to centrally define network and application level rules for traffic filtering across multiple Azure Firewall instances. 你可以跨中心和分支体系结构中的不同 Azure 区域和订阅来调控和保护流量。You can span different Azure regions and subscriptions in hub and spoke architectures for traffic governance and protection. 它还通过跨组织实施的派生本地防火墙安全策略,为 DevOps 提供更好的灵活性。It also provides DevOps better agility with derived local firewall security policies that are implemented across organizations.

防火墙策略Firewall policy

防火墙策略是包含 NAT、网络和应用程序规则集合以及威胁情报设置的 Azure 资源。A Firewall policy is an Azure resource that contains NAT, network, and application rule collections and Threat Intelligence settings. 它是一种全局资源,可跨安全虚拟中心和中心虚拟网络中的多个 Azure 防火墙实例使用 。It's a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks . 可以从头开始创建新策略,或者从现有策略继承策略。New policies can be created from scratch or inherited from existing policies. DevOps 可以通过继承在组织规定的基本策略之上创建本地防火墙策略。Inheritance allows DevOps to create local firewall policies on top of organization mandated base policy. 策略跨区域和订阅工作。Policies work across regions and subscriptions.

你可以使用 Azure 防火墙管理器创建防火墙策略和关联项。You can create Firewall Policy and associations with Azure Firewall Manager. 不过,你也可以使用 REST API、模板、Azure PowerShell 和 CLI 来创建和管理策略。However, you can also create and manage a policy using REST API, templates, Azure PowerShell, and CLI. 创建策略后,可以将其与虚拟 WAN 中心的防火墙关联,使其成为安全虚拟中心,以及/或者与虚拟网络中的防火墙关联,使其成为中心虚拟网络。Once you create a policy, you can associate it with a firewall in a virtual WAN hub making it a Secured Virtual Hub and/or a firewall in a virtual network making it Hub Virtual Network .


策略根据防火墙关联计费。Policies are billed based on firewall associations. 存在零个或一个防火墙关联的策略是免费的。A policy with zero or one firewall association is free of charge. 存在多个防火墙关联的策略按固定费率计费。A policy with multiple firewall associations is billed at a fixed rate. 有关详细信息,请参阅 Azure 防火墙管理器定价For more information, see Azure Firewall Manager Pricing.

Azure 防火墙管理合作伙伴Azure Firewall Management partners

以下行业领先的第三方解决方案支持使用标准 Azure REST API 进行 Azure 防火墙集中管理。The following leading third-party solutions support Azure Firewall central management using standard Azure REST APIs. 其中每个解决方案都有其独特的特性和功能:Each of these solutions has its own unique characteristics and features: