View high-priority firewall logs as security alerts on
the Azure Security Center dashboard with the default Azure Security
Center Log Forwarding profile.
The VM-Series firewall integration with Azure Security Center provides
a single pane of glass for high-priority security alerts so you
can start triaging an incident directly from the Azure Security
Center dashboard. To start using this integration, you must enable
Azure Security Center on your Azure subscription.
When you deploy a VM-Series firewall
on Azure directly from Azure Security Center, the firewall is automatically
configured with two example Security policy rules to safely inspect
and allow inbound web-browsing traffic and outbound traffic, and
it includes a log forwarding rule to send security-related logs
to Azure. With this log forwarding profile, Threat and WildFire
Submissions logs of low, medium, high, or critical severity generated
on the firewall are displayed as security alerts on the Azure Security
Currently Azure restricts you from
deploying a multi NIC appliance in an existing resource group. Therefore,
you cannot deploy the VM-Series firewall in a resource group where
you have deployed the workloads you want to secure. To work around
this limitation and make practical use of the default configuration
for the VM-Series firewall, you can stage a security risk and deploy
a workload with a public IP address that is exposed to the internet.
Doing so will trigger the Azure Security Center recommendation for
a next-generation firewall, and you can use this recommendation
to deploy the firewall in an empty resource group. The deployment
workflow is the same as the Azure Marketplace for VM-Series firewall.
After you deploy the VM-Series firewall, delete the internet exposed
workload, you can deploy your applications or workloads in the resource
group when needed within the resource group where you've already
deployed the firewall.
Azure Security Center can also automatically
discover an existing or new VM-Series firewall instance that you
launch with PAN-OS 8.1 from the Azure marketplace or have a custom
deployment using the Azure CLI, PowerShell or ARM template. To enable
the discovery of the VM-Series firewall as a Security Solution on
the Azure Security Center dashboard, you must have the Standard
tier of Azure Security Center enabled on your subscription. The
workflow to forward security-related logs from the VM-Series firewall
to Azure Security Center is more involved and requires you to use
an intermediate Linux virtual machine and configure Syslog forwarding
to send the required logs from the VM-Series firewall. If you have
already configured your firewall, you can manually attach the Azure
Security Center- default Log Forwarding profile directly on the
firewall or use Panorama templates and device groups to
enable managed firewalls to forward logs to Azure Security Center.