Applying Policy Analytics for Azure Firewall, enhance your network security

To keep up with the needs of workloads, network security policies are always changing. As workloads move faster to the cloud, network security policies—specifically Azure Firewall policies—change regularly and are frequently modified multiple times per week (in many cases several times in a day). The network and application rules of the Azure Firewall might develop and degrade over time, affecting the firewall’s performance and security. High volume and often hit rules, for instance, may accidentally be given a lower priority. Applications may occasionally be hosted on a network that has been moved to another network. The firewall rules that make reference to previous networks, however, have not been removed.

For any IT staff, optimising Firewall rules is a difficult task. The process of refining Azure Firewall policy can be tedious, complex, and require several teams throughout the world, particularly for large, geographically scattered enterprises. Updates carry a risk and may affect a crucial production workload, perhaps leading to significant downtime. Well, no longer!

IT teams can use Policy Analytics to manage Azure Firewall policies over time. It offers vital information and suggestions for improving Azure Firewall rules with the intention of enhancing your security posture. Now that Policy Analytics for Azure Firewall is available in preview, we are thrilled to announce it.

Leverage Policy Analytics to improve Azure Firewall rules.

By giving insight into the traffic passing via the Azure Firewall, Policy Analytics assists IT teams in overcoming these difficulties. The Azure Portal’s main functionalities are as follows:

Firewall flow logs: Shows the hit rate, network and application rule match, and all traffic passing through the Azure Firewall. This view aids in locating the top flows among all rules. Specific sources, destinations, ports, and protocols can be used to filter flows.

Rule analytics: Shows traffic flows mapped to network, application, and destination network address translation (DNAT) rules. This gives all of the flows that match a rule more time-based visibility. Rules from both parent and child policies can be examined.

Policy insight panel: Aggregates policy insights and highlights policy recommendations in the policy insight panel to help you enhance your Azure Firewall policies.

Single-rule analysis: Based on the observed traffic flows, the single-rule analysis experience examines the traffic flows that match the chosen rule and makes optimization recommendations.

In-depth look at single-rule analysis

Examine single-rule analysis now. Here, we choose a rule of interest in order to evaluate and improve the matching flows.

Users only need a few simple clicks to analyse Firewall rules.

Graphic showing Policy Analytics product experience. The graphic highlights the experience when clicking on the Single-rule analysis tab and when selecting a single rule to analyze.

Figure 1: Start by selecting Single-rule analysis.

By selecting the rule of interest, Policy Analytics allows you to undertake rule analysis. You can decide which rule to improve. For instance, you might wish to examine rules that have a lot of sources and destinations or a variety of open ports.


Graphic showing Policy Analytics product experience. The graphic highlights the experience when clicking when selecting a single rule to analyze and the information you are able to see for each policy.

Figure 2Select a rule and Run analysis.


The recommendations are presented by Policy Analytics based on the actual traffic flows. You can review and put the suggestions into practise, such as eliminating rules that don’t match any traffic or lowering their priority. As an alternative, you can restrict the criteria to only match traffic on particular ports.

Graphic showing Policy Analytics product experience. The graphic highlights the experience when you receive and apply recommendations on your policy based on actual traffic flow.

Figure 3: Review the results and Apply selected changes.



While in preview, the Azure Firewall Manager price page states that enabling Policy Analytics on a Firewall Policy connected to a single firewall is charged per policy. It is free to enable policy analytics on a firewall policy that is linked to many firewalls.

 Next actions

By offering insights and a single view, Policy Analytics for Azure Firewall streamlines firewall policy management and aids IT organisations in maintaining stronger and more reliable control over Azure Firewall.

For more information, contact Professional Labs, the Best Cloud Managed Services Provider Qatar

Contact Us | Professional labs (