When to use Azure Firewall vs. Network Security Groups and App Security Groups

December 3 2021

There is often some confusion about when you should use an Azure Firewall versus Network Security Groups (NSG) or App Security Groups (ASG). A typical use for Azure Firewall is for protecting your enterprise network from incoming traffic with it positioned between your cloud network and the internet. ASGs are used to protect groups of servers with a common function, such as web servers or database servers.

An NSG works much like a firewall. While an Azure Firewall monitors traffic at more of a global level, an NSG is more defined and is applied to specific subnets and/or network interfaces. Both firewall and NSG allow you to apply rules based on IP addresses, port numbers, networks, and subnets.

About Jeff Christman

Jeff Christman is a Navy Veteran with over 20 years of experience in the IT field. Specializing in cloud migrations, he has worked for companies such as Raytheon, AT&T, and NASA. Currently, he is a Sr. Cloud Security Consultant at a large consulting firm. In addition to his daytime job, he also has published content and courses for Pluralsight.com, Techsnips.io, and Adamtheautomator.com. 

In his off time, he loves fantasy football, everything tech, and embarrassing his teenage daughters.

More about Jeff Christman