β–ˆβ–ˆFRβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ β–ˆINTELLβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆ

πŸ”’ Configuring Secure Access to Workloads with Azure Firewall


This content originally appeared on DEV Community and was authored by PETER Samuel

When building modern cloud applications, security is non-negotiable. As workloads scale, organizations need centralized and flexible network security. Azure Firewall provides exactly that β€” with application-level filtering, network rules, and threat intelligence baked in.

Recently, I implemented secure access for an application virtual network using Azure Firewall. Here’s a breakdown of the approach.

The Scenario

The application virtual network (app-vnet) needed:

Centralized network security for inbound and outbound traffic.

Granular application filtering to control what services the app can talk to.

Continuous updates from Azure DevOps pipelines.

DNS resolution to external servers.

To meet these, I deployed Azure Firewall with a firewall policy to manage rules at scale.

Key Steps

  1. Deploying Azure Firewall

Created a dedicated AzureFirewallSubnet inside app-vnet.

Provisioned a Standard SKU Azure Firewall with a new public IP (fwpip).

Attached a firewall policy (fw-policy) to centralize rule management.

2. Configuring Firewall Policy

Firewall policies make it easy to group and manage rules. I added:

** Application Rule Collection**

Allowed the application subnet (10.1.0.0/23) to securely reach Azure DevOps and Azure websites for CI/CD updates:

Protocol: HTTPS

Destination FQDNs: dev.azure.com, azure.microsoft.com

** Network Rule Collection**

Enabled DNS resolution by allowing outbound UDP traffic on port 53:

Source: 10.1.0.0/23

Destination IPs: 1.1.1.1, 1.0.0.1 (Cloudflare DNS)

Results

All outbound traffic is filtered through the firewall.

Application has secure, controlled access only to Azure DevOps and Azure websites.

DNS resolution is enabled without exposing unnecessary outbound access.

The firewall and policy deployment completed successfully and are now centrally managed.

Key Takeaways

Azure Firewall provides centralized, cloud-native network security.

Firewall policies simplify management of rules across environments.

Application rules focus on FQDN-based filtering.

Network rules focus on IP/port/protocol control.

This setup ensures that workloads in app-vnet remain locked down yet functional β€” with only the necessary access for deployments and operations.


This content originally appeared on DEV Community and was authored by PETER Samuel