azure-firewall

Expert knowledge for Azure Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when building, debugging, or optimizing Azure Firewall applications. Not for Azure Web Application Firewall (use azure-web-application-firewall), Azure Firewall Manager (use azure-firewall-manager), Azure Virtual Network (use azure-virtual-network), Azure Networking (use azure-networking).

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "azure-firewall" with this command: npx skills add microsoftdocs/agent-skills/microsoftdocs-agent-skills-azure-firewall

Azure Firewall Skill

This skill provides expert guidance for Azure Firewall. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.

How to Use This Skill

IMPORTANT for Agent: This file may be large. Use the Category Index below to locate relevant sections, then use read_file with specific line ranges (e.g., L136-L144) to read the sections needed for the user's question

IMPORTANT for Agent: If metadata.generated_at is more than 3 months old, suggest the user pull the latest version from the repository. If mcp_microsoftdocs tools are not available, suggest the user install it: Installation Guide

This skill requires network access to fetch documentation content:

  • Preferred: Use mcp_microsoftdocs:microsoft_docs_fetch with query string from=learn-agent-skill. Returns Markdown.
  • Fallback: Use fetch_webpage with query string from=learn-agent-skill&accept=text/markdown. Returns Markdown.

Category Index

CategoryLinesDescription
TroubleshootingL37-L42Known Azure Firewall bugs/limits and how to diagnose traffic issues using packet capture to analyze flows, rule matches, and connectivity problems.
Best PracticesL43-L48Guidance on tuning Azure Firewall rules and SKUs for performance, plus security best practices for policies, rule design, logging, and threat protection configuration.
Decision MakingL49-L57Guidance on choosing the right Azure Firewall SKU, comparing features and performance, planning capacity, and executing SKU changes, including Basic SKU deployment for SMB scenarios.
Architecture & Design PatternsL58-L69Architectural patterns and topologies for Azure Firewall: hub-and-spoke routing, forced tunneling, SLB integration, hybrid connectivity, DNAT with overlapping IPs, DDoS protection, and traffic separation.
Limits & QuotasL70-L77Configuring Azure Firewall capacity and limits: multiple public IPs, SNAT port scaling with NAT Gateway, prescaling capacity ranges, and TCP session idle timeout settings.
SecurityL78-L96Securing Azure Firewall: policies, roles, TLS inspection, threat intel, hybrid/AKS/AVD/M365 protection, Sentinel integration, DNAT, and compliance configuration.
ConfigurationL97-L120Configuring Azure Firewall rules, DNS/proxy, IP groups, SNAT/DNAT, Premium features, logging/monitoring, and bulk or policy-based rule management and change tracking.
Integrations & Coding PatternsL121-L125Configuring Azure Firewall to securely access Azure Storage via SFTP, including required rules, network paths, and integration patterns for SFTP traffic.
DeploymentL126-L132How to deploy Azure Firewall (including Premium) and IP Groups using ARM templates, Bicep, or Terraform, with example templates and infrastructure-as-code guidance.

Troubleshooting

TopicURL
Address Azure Firewall known issues and limitationshttps://learn.microsoft.com/en-us/azure/firewall/firewall-known-issues
Troubleshoot Azure Firewall using packet capturehttps://learn.microsoft.com/en-us/azure/firewall/packet-capture

Best Practices

TopicURL
Optimize Azure Firewall configuration for performancehttps://learn.microsoft.com/en-us/azure/firewall/firewall-best-practices
Apply security best practices to Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/secure-firewall

Decision Making

TopicURL
Decide and execute Azure Firewall SKU changeshttps://learn.microsoft.com/en-us/azure/firewall/change-sku
Select the appropriate Azure Firewall SKUhttps://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku
Deploy Azure Firewall Basic for SMB scenarioshttps://learn.microsoft.com/en-us/azure/firewall/deploy-firewall-basic-portal-policy
Compare Azure Firewall features across SKUshttps://learn.microsoft.com/en-us/azure/firewall/features-by-sku
Plan Azure Firewall performance and SKU selectionhttps://learn.microsoft.com/en-us/azure/firewall/firewall-performance

Architecture & Design Patterns

TopicURL
Architect multi-hub and spoke routing with Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke
Design Azure Firewall forced tunneling topologyhttps://learn.microsoft.com/en-us/azure/firewall/forced-tunneling
Integrate Azure Firewall with Standard Load Balancerhttps://learn.microsoft.com/en-us/azure/firewall/integrate-lb
Use Azure Firewall Management NIC for traffic separationhttps://learn.microsoft.com/en-us/azure/firewall/management-nic
Secure hybrid networks with Azure Firewall and policyhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy
Deploy Azure Firewall in a hybrid network via PowerShellhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps
Use private IP DNAT for overlapped Azure networkshttps://learn.microsoft.com/en-us/azure/firewall/tutorial-private-ip-dnat
Protect Azure Firewall with Azure DDoS Protectionhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-protect-firewall-ddos

Limits & Quotas

TopicURL
Deploy Azure Firewall with multiple public IP limitshttps://learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell
Scale Azure Firewall SNAT ports with NAT Gatewayhttps://learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway
Configure Azure Firewall prescaling capacity rangeshttps://learn.microsoft.com/en-us/azure/firewall/prescaling
Manage Azure Firewall TCP session idle timeoutshttps://learn.microsoft.com/en-us/azure/firewall/tcp-session-behavior

Security

TopicURL
Understand Azure Firewall compliance certificationshttps://learn.microsoft.com/en-us/azure/firewall/compliance-certifications
Deploy and configure Azure Firewall policy via PowerShellhttps://learn.microsoft.com/en-us/azure/firewall/deploy-ps-policy
Detect malware using Microsoft Sentinel and Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/detect-malware-with-sentinel
Secure Azure Firewall deployments with Azure Policyhttps://learn.microsoft.com/en-us/azure/firewall/firewall-azure-policy
Integrate Azure Firewall with Microsoft Sentinelhttps://learn.microsoft.com/en-us/azure/firewall/firewall-sentinel-overview
Configure TLS inspection certificates for Firewall Premiumhttps://learn.microsoft.com/en-us/azure/firewall/premium-certificates
Deploy Enterprise CA chain for Azure Firewall Premiumhttps://learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca
Protect AKS clusters using Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service
Secure Azure Virtual Desktop with Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop
Allow Microsoft 365 traffic through Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/protect-office-365
Understand Azure Firewall roles and permissionshttps://learn.microsoft.com/en-us/azure/firewall/roles-permissions
Configure Azure Firewall threat intelligence filteringhttps://learn.microsoft.com/en-us/azure/firewall/threat-intel
Deploy and configure Azure Firewall in portalhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal
Configure Azure Firewall DNAT for inbound filteringhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat
Configure Azure Firewall for hybrid network securityhttps://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal

Configuration

TopicURL
Create Azure Firewall IP Groups for rule managementhttps://learn.microsoft.com/en-us/azure/firewall/create-ip-group
Set customer-controlled maintenance windows for Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/customer-controlled-maintenance
Bulk manage Azure Firewall rules with PowerShellhttps://learn.microsoft.com/en-us/azure/firewall/deploy-rules-powershell
Configure and monitor Azure Firewall DNAT ruleshttps://learn.microsoft.com/en-us/azure/firewall/destination-nat-rules
Understand Azure Firewall DNS Proxy behaviorhttps://learn.microsoft.com/en-us/azure/firewall/dns-details
Configure DNS servers and DNS proxy for Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/dns-settings
Use Azure Firewall Policy Draft and Deploymenthttps://learn.microsoft.com/en-us/azure/firewall/draft-deploy
Configure Azure Firewall explicit proxy modehttps://learn.microsoft.com/en-us/azure/firewall/explicit-proxy
Analyze Azure Firewall data with Workbookshttps://learn.microsoft.com/en-us/azure/firewall/firewall-workbook
Use FQDN tags in Azure Firewall application ruleshttps://learn.microsoft.com/en-us/azure/firewall/fqdn-tags
Configure Azure Firewall FTP active and passive modeshttps://learn.microsoft.com/en-us/azure/firewall/ftp-support
Configure and use IP Groups in Azure Firewall ruleshttps://learn.microsoft.com/en-us/azure/firewall/ip-groups
Configure monitoring and logging for Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/monitor-firewall
Use Azure Firewall monitoring data and logs with Azure Monitorhttps://learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference
Implement Azure Firewall Premium advanced featureshttps://learn.microsoft.com/en-us/azure/firewall/premium-features
Track Azure Firewall rule changes with Resource Graphhttps://learn.microsoft.com/en-us/azure/firewall/rule-set-change-tracking
Configure Azure Firewall rules with service tagshttps://learn.microsoft.com/en-us/azure/firewall/service-tags
Configure Azure Firewall SNAT private IP rangeshttps://learn.microsoft.com/en-us/azure/firewall/snat-private-range
Configure Azure Firewall application rules for SQL FQDNshttps://learn.microsoft.com/en-us/azure/firewall/sql-fqdn-filtering
Configure Azure Firewall DNAT policy for inbound traffichttps://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy

Integrations & Coding Patterns

TopicURL
Access Azure Storage via SFTP through Azure Firewallhttps://learn.microsoft.com/en-us/azure/firewall/firewall-sftp

Deployment

TopicURL
Deploy Azure Firewall Premium with templatehttps://learn.microsoft.com/en-us/azure/firewall/premium-deploy
Deploy Azure Firewall and IP Groups using Bicephttps://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-bicep
Deploy Azure Firewall and IP Groups via ARM templatehttps://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-template
Deploy Azure Firewall and IP Groups with Terraformhttps://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-terraform

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

azure-security

No summary provided by upstream source.

Repository SourceNeeds Review
7-microsoftdocs
Automation

azure-architecture

No summary provided by upstream source.

Repository SourceNeeds Review
10-microsoftdocs
Automation

azure-logic-apps

No summary provided by upstream source.

Repository SourceNeeds Review
8-microsoftdocs
Automation

azure-blob-storage

No summary provided by upstream source.

Repository SourceNeeds Review
8-microsoftdocs