跳到主要内容

Enable and use Azure Firewall Application Rules to manage outbound and east-west traffic application layer traffic

Implementation Effort: Medium

User Impact: Low

Overview

Enable Azure Firewall Application Rules to secure outbound and east–west L7 traffic by filtering based on FQDNs, URLs, and HTTP/S protocols. Define one or more Application Rule Collections in your Firewall Policy—each with a priority and action (Allow/Deny)—to group related rules (for example, “Allow *.contoso.com” or “Block social media sites”). You can configure these via the Azure portal, CLI, ARM templates, or programmatically via Azure Firewall Manager.

By centralizing application-layer controls, you ensure that only approved services and domains are reachable from your VNets, preventing unauthorized or risky application traffic.

Reference