Use Azure Security Center Recommendations to Secure Your
Workloads
Based on a recommendation from the Azure Security Center
dashboard, you can either deploy a new instance of the VM-Series
firewall or connect your existing VM-Series firewall to secure your
workloads on Microsoft Azure.
Microsoft has deprecated Azure Security Center support
for partner security solutions and replaced it with Azure Sentinel.
When
you deploy new workloads within your Azure subscription that is
enabled for Azure Security Center, Azure Security Center enables
you to secure these workloads in two ways. In one workflow, Azure
Security Center recommends you to deploy a new instance of the VM-Series
firewall to secure an internet-facing application workload. In the
other workflow, Azure Security Center discovers VM-Series firewalls
(partner security solutions) that you have deployed within the Azure
subscription and you have to then perform additional configuration
to connect the VM-Series firewall to Azure Security Center so that
you can view alerts on the dashboard. See Azure
Security Center Integration for details on the integration
and the pros and cons of each workflow:
Deploy a VM-Series Firewall Based on an Azure Security Center
Recommendation
Azure Security Center scans your Azure resources
and provides recommendations to secure workloads that need a next-generation
firewall. The recommendation displays on the dashboard and you can
then either deploy a new instance of the VM-Series firewall from
the Azure marketplace or you can use the Azure CLI, Powershell,
or an ARM template. The advantage of using a customized deployment
using Azure CLI, Powershell, or an ARM template is that you can
deploy the VM-Series firewall within the same resource group as
the workload that you need to secure. When you deploy the VM-Series
firewall using the Azure marketplace, Azure requires that you deploy
the firewall into a new resource group or an empty resource group
only. Therefore, the marketplace deployment requires you to then
ensure that the traffic from the workload you want to secure is
steered to the firewall that is in a different resoource group.
- Log in to your Azure portal and access the Security Center dashboard.
- SelectRecommendations.
- SelectAdd a Next Generation Firewall, select the workload you want to secure.
- Choose whether you want to deploy a new instance of the VM-Series firewall or use an existing instance of the VM-Series firewall.To use this workflow, stage a workload with a public IP address that is exposed to the internet and deploy an instance of the VM-Series firewall in a new resource group. Then, delete the workload you staged, and deploy your production workloads within the resource group in which you deployed the VM-Series firewall.
- ToCreate New, see Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template).
- ToUse existing solution, select the VM-Series firewall that you have previously deployed.
Connect an Existing VM-Series Firewall From Azure Security
Center
When Azure Security Center detects that you
have deployed the VM-Series firewall within the Azure subscription,
it displays the firewall as a security solution. You can then connect
the VM-Series firewall to Security Center using the Common Event
Format (CEF) over Syslog, and view firewall logs as alerts on the
Security Center dashboard.
- Log in to your Azure portal and access the Security Center dashboard.
- Select Security Solutions to view all available VM-Series firewalls within this Azure subscription.
- Expand Discovered solutions, and select the VM-Series firewall instance that is in the same resource group as the workload you want to secure and clickConnect.To view firewall logs as alerts on the Security Center dashboard, you need to follow the four-step process that displays on screen.
- On successfully connecting the VM-Series firewall to Security Center, the VM-Series firewall displays in the Connected solutions list.Click View to verify that the firewall is protecting the workload that you need to secure.
