Published: May 17, 2023
Microsoft has announced new network traffic analysis capabilities for its Azure Firewall solution. The latest logging and metric improvements enable customers to view detailed insights about the traffic processed by the firewall.
Azure Firewall is a cloud-based network firewall security solution that helps IT admins to protect cloud workloads running in Microsoft Azure. The service works as a bridge between the application server and end user to control traffic data and security policies. Azure Firewall provides various security capabilities to prevent attackers from gaining unauthorized access to cloud resources.
Powered by the Pingmesh technology, the Latency Probe metric tool lets administrators measure and analyze network interactions in large data centers. The feature doesn’t measure the end-to-end latency, and it can only track the average latency of Azure Firewall.
“The Latency Probe metric measures the overall latency of Azure Firewall and provides insight into the health of the service. IT administrators can use this metric for monitoring and alerting if there is observable latency and diagnosing if Azure Firewall is causing latency in a network. If Azure Firewall is experiencing latency, it could be due to various reasons such as high CPU utilization, traffic throughput, or networking issues,” Microsoft explained.
Azure Firewall allows users to log different data types, including threat intelligence, application, and network. However, it doesn’t provide insights into the complete TCP handshake process. This release lets IT Pros first monitor the SYN packet network logs and then configure Flow Trace to detect invalid packets.
Lastly, the Top Flows feature (also called Fat Flows) makes it easier to identify top connections that are driving the highest bandwidth through the firewall. It also helps to detect traffic-related issues as well as allow/block network traffic. However, Microsoft warned that running the Top Flows tool impact CPU performance. It’s recommended that IT admins should only use the tool to troubleshoot the root cause of a specific issue for “no longer than one week at a time.”