Use the VM-Series firewall in Azure to secure your network users in the following scenarios:
Hybrid and VNet to VNet —The VM-Series firewall in Azure allows you to securely extend your physical data center/private cloud into Azure using IPSec and ExpressRoute. To improve your data center security, if you have segmented your network and deployed your workloads in separate VNets, you can secure traffic flowing between VNets with an IPSec tunnel and application whitelisting policies.
Inter-Subnet —The VM-Series firewall can front your servers in a VNet and protects against lateral threats for inter-subnet traffic between applications in a multi-tier architecture. Gateway—The VM-Series firewall serves as the VNet gateway to protect Internet-facing deployments in the Azure Virtual Network (VNet). The VM-Series firewall secures traffic destined to the servers in the VNet and it also protects against lateral threats for inter-subnet traffic between applications in a multi-tier architecture. GlobalProtect—Use the Azure infrastructure to quickly and easily deploy the VM-Series firewall as GlobalProtect™ and extend your gateway security policy to remote users and devices, regardless of location.
You can continue with Deploy the VM-Series Firewall in Azure (Solution Template) and configure the firewall and Azure for your deployment needs, or you can learn about the VM-Series Firewall Templates in Azure that you can use to deploy the firewall. For information on bootstrapping, see Bootstrap the VM-Series Firewall in Azure.

Related Documentation