Compare the AWS Network firewall features with the BC Gov Mandatory Firewall features checklist
Additional Context
BC Gov fiewall Checklist
Intrusion Detection and Prevention System (IDPS) -
Signature-based IDPS: Azure Firewall Premium offers IDPS capabilities that detect and prevent known vulnerabilities by inspecting incoming and outgoing network traffic. It can block or log malicious activities based on a set of known signatures.
Transport Layer Security (TLS) Inspection
Allows Azure Firewall to inspect encrypted traffic (SSL/TLS) passing through the firewall. It decrypts, inspects, and then re-encrypts the traffic to detect threats hidden inside encrypted connections, such as malware and command-and-control communication.
URL Filtering
Supports category-based filtering to allow or deny traffic based on specific categories (e.g., Social Media, Gambling, etc.) of websites.
FQDN-based filtering allows blocking or allowing specific fully qualified domain names.
Threat Intelligence-based Filtering
Azure Premium Firewall uses Microsoft Threat Intelligence to filter traffic based on known malicious IP addresses, domains, and URLs.
This feature allows blocking traffic based on whether the source/destination is recognized as a potential threat by Microsoft's global threat intelligence network.
Supports allowlist and blocklist creation for specific IP addresses, domains, or URLs.
Network and Application Traffic Filtering
Network Filtering Rules: Allows creating rules based on source/destination IP addresses, subnets, protocols, and ports. These rules apply to all traffic passing through the firewall.
Application Filtering Rules: Provides filtering for specific web applications or services based on their URL or FQDN. It can filter both HTTP and HTTPS traffic.
Web Categories for Outbound Traffic
You can control access to web categories for outbound traffic, providing granular control over what users and workloads can access on the internet.
It enables administrators to block specific web categories such as gaming, social media, etc.
Advanced Threat Protection (ATP)
Azure Firewall Premium integrates with Microsoft Defender for Endpoint to detect and block advanced malware and other security threats before they reach the target network.
Application Protocol Filtering
Azure Premium Firewall can inspect specific protocols, such as HTTP/S, SSH, FTP, etc., allowing or blocking traffic based on protocol-level inspection, ensuring application-level security.
East-West Traffic Filtering
Provides filtering of both north-south (inbound/outbound) and east-west (within a virtual network) traffic. This helps segment the network to ensure internal security between workloads.
Policy Management and Logging
Centralized firewall policy management across multiple Azure regions and subscriptions.
Supports detailed logging and analytics for traffic flows, application filtering, threat intelligence hits, and more. Logs can be integrated into Azure Sentinel or third-party SIEM solutions for further analysis.
Integration with Azure Services
Azure Monitor: Logs and metrics for visibility into firewall activities.
Azure Sentinel: Integration for advanced security analytics and threat detection.
Azure Policy: To govern security policies across the firewall.
Scalability and High Availability
Supports automatic scaling based on traffic demands.
Built-in high availability to ensure continuous protection without a single point of failure.
Hybrid Network Support
Azure Premium Firewall can work in hybrid environments, filtering traffic across on-premises networks and Azure virtual networks through VPN or ExpressRoute connections
Acceptance Criteria
Compare AWS network firewall with the checklist, create a small documentation with each feature pointing to an AWS documentation
Describe the Issue
Additional Context
Acceptance Criteria