How to Create Firewall Manager Policies on Microsoft Azure

Firewall Policy is an Azure resource that contains NAT, network, and application rule collections, and Threat Intelligence settings. It’s a global resource that can be used across multiple Azure Firewall instances in Secured Virtual Hubs and Hub Virtual Networks. Policies work across regions and subscriptions.


  • Login to microsoft azure portal.
  • Click on All Services.
  • Select Firewall Policies.


Fig 1


  • Click on Add.


Fig 2


  • On Basics Tab provide the following values:-
  • Subscription: An Azure subscription grants you access to Azure services.
  • Resource group name: A resource group is a collection of resources.
  • Select Region.


Fig. 3


  • Select Standard or Premium Policy Tier.
  • Then click on Next DNS Settings.


Fig. 4


  • DNS settings can be either disable or enable.
  • Click on Next TLS inspection.


Fig. 5


  • On Standard Policy Tier, TLS inspection is not available.


Fig. 6


  • If you Select Premium Policy Tier then TLS inspection is available.
  • By default TLS inspection is disable.
  • Click on Next Rules.


Fig. 7


  • At Rules click on Add a rule collection.


Fig. 8


  • Provide the rule collection name.
  • Select Rule collection type.
  • Set the Priority.
  • Then provide the rule name, Source IP, protocols, Destination ports & Destination IP address.
  • Click on Add.


Fig. 9


  • Once Rule Collection is added then click on Next IDPS.




  • On Standard Policy Tier, IDPS is not available.
  • If you select Premium policy tier then you can select Alert or Alert & deny option when suspicious traffic is detected.
  • Click on Next Threat intelligence.




  • Click on Add allow list addresses for  alert & block traffic to/from malicious IP addresses.




  • We can Drag & Drop the files or provide the IP address & range.
  • Click on Add.




  • Once List addresses is added click on Next Tags.




  • On Tags Tab provide the tag name and value for Firewall Policy.
  • Click Next on Review + Create.




  • If you get a message “Validation passed”.
  • Then click on Create.




  • After some time, you will see a message as “Your deployment is ready”.
  • Click on “Go to resources” & You can see that the Firewall Policy is there with the name we provide.




Leave a Reply