Deploy and enable Azure Firewall for TLS Inspection
Implementation Effort: High
User Impact: Medium
Overview
Deploy and enable Azure Firewall Premium’s TLS inspection by provisioning your firewall in the AzureFirewallSubnet
of your Hub VNet and configuring the TLS inspection feature in your Firewall Policy.
Under TLS inspection, switch the feature to Enabled, specify the firewall’s managed identity, select the Key Vault and certificate to use. Once enabled, Azure Firewall intercepts TLS handshakes, decrypts sessions with the configured certificate, passes the plaintext traffic through your IDPS and application rule collections for inspection, and then re-encrypts the sessions before forwarding to their destinations.