Azure NSG vs Firewall

Azure nsg (network security group)  is to filter network traffic to and from Azure resources in an Azure virtual network. A network security group contains security rules that allow or deny inbound network traffic to or outbound network traffic from, several types of Azure resources whereas Azure Firewall is a managed cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.

Network Security Group

  • A network security group is used to enforce and control network traffic.
  • Controls the inbound and outbound traffic at the subnet level.
  • Rules are applied to all resources in the associated subnet.
  • Has separate rules for inbound and outbound traffic.
  • NSG has a limit of 1000 rules.
  • Supports ALLOW and DENY rules.
  • Not allowed to specify multiple IP addresses and IP address ranges in the NSG created by the classic deployment model.

Azure Firewall

  • Support application FQDN tags.
  • Source and destination Network address translation(SNAT and DNAT) Support.
  • Service tags support.
  • web categories (in preview).
  • Threat intelligence support.

Both are the two security features in Azure for managing inbound and outbound traffic to and from Azure resources like virtual machines that are running an SQL Server, web applications, or domain services: Azure Firewall and Network Security Groups (NSGs).

2 responses to “Azure NSG vs Firewall”

Leave a Reply