watching this was way better than reading the white paper, would recommend to anyone to watch this first before reading the Azure Documentation

Just wanted to share that this video is from 2 years ago, but it's still very relevant and useful, especially since I'm deploying the same solution at a customer's site.

Amazing training. Very detailed and well thought. I love the logical connection when you move from a session to the other, and then you explain it by examples. This is a big update in the teaching methodology. Thank you, John!

I have read a couple of your books, and finding this video was like finding gold. Well done fantastic deep dive. Also, congrats on your Kona finish, well done(and all your other finishes....nice!). I too am an IT nerd by day and Ironman all other times. I plan to do Texas one of these years, hope to see you there and if you ever get to Arizona, look me up it would be a pleasure to meet you. We have a great fast course out here, windy but always fun. Be Fast, Be Safe, Stay Healthy

BEST VIDEO OF AZ-FIREWALL, u r just amazing, your taught so many things that are not even documented may be, well done john, you are doing great work, well taught and explained

Always a joy to watch your videos - A prime resource for anyone wanting to learn Microsoft Azure!

John Cracking in depth walk through of AZ Firewall, just what I needed.

no words to say how awesome your way of teaching :), I just love it, Thanks a lot John

John , You Are my Hero. I watch hours and hours of ur movies. I learned so much from u. 😁

Thanks for this presentation of Azure Firewall, and especially for the explanation of TLS inspection using trusted CA!

Always love to watch your videos. We learn lot of things from your videos. Thank you John for this noble work. Please keep doing it

I doubt anyone else on this planet who can explain the topic and content with so much ease as you do. Superb, awesome.

Much thanks for all you have done John. these training is veeeeery useful. I have recommended your channel to pepole aroud me working on Azure in China. thanks again!

This was amazing, our clients do not really use this resource due to the price and most of them use a Linux firewall instead but its great to learn more about this topic! Thanks a lot!

You absolutely nailed it. I can see you have almost all topics for upcoming AZ-700 covered in your channel. However, if you create a video focusing on Azure Network Engineer AZ-700 technical concepts overview, that would be awsome , thank you so much

When premium was due to go GA I was literally waiting for your deap dive on the firewall haha, many thanks, legend. Hope your channel is/becomes profitable!! It must be a hell of a lot of work to put these together.

This was amazing. Thank you Sir John! I am using the Standard Azure Firewall in a current project, so lot of this was good solid refresher for me. I loved the section on how you explained how TLS inspection works and how it enables the url filtering part. Pretty cool to see the SNAT Port utilization. I had to quickly check whats ours haha... Thanks again John, your video with a morning cuppa is just the perfect mix. Brain cells++

Thanks a lot, John. You are the best IT teacher ever.

Hi John, thank you for doing this video i really appreciate you! With out you as my main source for knowledge for Azure my job would be so much harder, I would have to spend a lot of time reading documentation. Thank you for all the work you have been doing!

I pay for courses that aren't a patch on yours. I've worked in IT for too long, never needed to fully understand 'rowting' or fw's, always someone else's job. I'd never touched azure either. In the last week and a half I've gone from 'dark art' to having the confidence to set up a lab, replicate bits in my work place, secure the subnets, test out the product (secure az140 deep dive? #fingerscrossed) that I'm trying to architect and look really clever at work... You've had me covered at pretty much every base, you absolute lege!! Dunno how much you make out of this side-hussle, but good karma is definitely on the way! P.S. Hearing what I think is a southern UK accent saying the word 'route' like an American is weird, but it must be contagious as you've even got me bloody doing it :D

Thanks John, great deep dive as always. I feel comfortable to deploy FW now. Loved the background of Uluru.

I agree with @Edmond. Amazing resource! Very comprehensive exploration of such an important Azure service. Thank you John!

the best video about azure firewall I ever seen! :)

The Content and Presentation is awesome --> great learning ! Thanks John !

Useful video for anyone is preparing the AZ-700 😊

Another Great in-depth module. Thanks John for doing this.

Hi John, thank you very much for all the great content you produce and share. I sincerely appreciate it!

Super explained, it is obvious that John knows it, thanks for sharing.

Many Thanks John. As always very nicely explained.

Fantastic walkthrough as usual John. Thanks for sharing

Thank you John - that was a great deep dive. PS Congratulations on the Coeur D’Alene Iron man.

Great azure firewall deep dive. Thanks John!

great stuff..!! you made it really simple and easy to understand. Thanks John !!

I have my AZ-500 upcoming. I am terrible at remembering everything through reading the microsoft docs, and most of the videos I have found out there are slightly outdated, so THANK YOU for this video! I've watched a good few of your videos in the past and I remember how clear they were, saw the date on this one and knew I was onto a winner. Question: Why is the billing model $100 per Firewall per policy group after the first associated firewall? I do not quite understand the benefit of the that over deploying a 'second' policy group that's got the same policies anyways. I understand its an effort towards scalability but maybe I'm missing something here.

New Tatoo, John? Thanks for the great content!

Outstanding and timely content as always John, Thank you! One quick question related to TLS inspection is in regard to private PaaS (say vNet integration). Is this even possible and would you just need to issue the cert from a public CA since PaaS services wouldn't trust in internal enterprise PKI CA?

Excellent video. Do you have a video for Azure FW vs 3rd Parties such as Palo Alto?

Thanks John, another excellent tutorial! Love the TLS inspection and the way you broke it down.

A good educational video, John, keep up the good work. Question: Will the Azure Firewall Premium be able to hive off a copy of un-encrypted data to another security device at any stage - I am assuming that the IDPS is a local service running on the firewall instance.

Thanks John for the great deep drive about Azure Firewall and the latest premium features. This is really demystified the azure firewall.

thx again John for this amazing explanation!

Wow, it's just awesome the way you explain these things. Thank you John for all the hard work on preparing the contents!

Awesome Thanks for the video We were just talking about using it and compare it with nsg for our solution. Legend 👏

This is good brief even me started adopting Azure understand.

enjoying this video for today learning, thanks a lot!

Amazing style and content John, you're giving a great high level overview incl. billing implications. Very educational, thank you very much!

Thanks John, for the awesome video with great explanation. One question though - for the route tables, I notice that you have multiple route tables created to cater the different subnets. Is that because the subnets are in different regions? If they weren't, could you have just used a single route table for all the routing to the firewall?

Oh men you’re so awesome!!

Wonderful session about Azure firewall, it will help me to work on landing zone security configurations. Thank you John, great work!

John's videos are the only ones which do not get thumbs down somehow. There is always 1% who will down vote a video for random reasons, but not here. 👍

Great walkthrough. Thanks

You are A Great teacher. !!

As always marvelous explanation. Thanks John. Just queries to know if for some reason I need to bypass the firewall for one of the spoke vnet. what would be the approch.

Awesome awesome !!! Thank you so much John ! :)

Amazing work John! As always, very infomative and super helpful!

Amazing content as always

Thanks a bunch! Helpful as always 🙂

Thanks for the great deep dive, I currently use Standard but am now considering upgrading, is it still worth doing if you don't want to go through the hassle of setting up TLS inspection or is that one of the main benefits of upgrading to premium?

This is a great deep dive, great work! This must also be an excellent way for you to gain a deeper understanding on your topics..

Excellent. Thank you!

great stuff . thank you! some follow-up - if I may: have you come across any 3rd party lab testing for its application signature and its accuracy ? Does the intelligence also work for multi-region deployments ?

Wonderful session John!! you made Azure firewall looks easy :)

Like you biceps 💪 and your knowledge

Great video. Thanks for that😊

Unless things have changed with the new SKU, you can have the excessively high count of outside IPs.. yes.. but you cannot lock a data path to any one of the outside IPs. The firewall will randomly use one of them for outbound comms. Not a big deal unless you are trying to white list that IP on the other end. Removing one of the outside IPs is also a big deal. You can ( last year) only do it via CLI and not from the RM. I discovered both of these the hard way last year with our Citrix client pool on the standard SKU. Just FYI

Does Azure Firewall also have to do SNAT for traffic coming from an external network? In your video about NVAs you talked about the fact that horizontally scalable NVAs have to perform SNAT in this case. Thanks for the great videos!

very well explained !

Dude - this is so legit. Love the simple explanation. Brilliant!

Hi John, would you use NSGs on top of Azure Firewall? Isn't it an admin nightmare?

Amazing training

If I want to know something tricky about azure, It's always one way, Lets watch JonhSavill's video :D

Fantastic Video, you are amazing

Thanks John for amazing training. Really helped to broaden mindset on all perspective. Respect ++

Thanks John for another great video. Trying to get a mental picture on how this all fits together with regards its networking. The private address that we see on the AzureFirewallSubnet is an internal standard load balancer which fronts a VM scale set - the VMs as part of this scale set have an interface on this subnet which we don't see. The Azure firewall Public Ip is another load balancer for both inbound and outbound, which explains why we cannot have a static NAT for outbound. Is this picture accurate?

Thanks John. Legendary session there as usual !

amazing and very informative video as always, can't go over it without saying thank you!

Hi John, why Application FQDN filtering rules don't require TLS inspection? FQDN filtering limit both outbound HTTP and HTTPS traffic. Which features run on top of TLS inspection?

Super insightful and so clearly explained, thank you!

You mentioned that the DNS Proxy can also be used to allow external clients to resolve internal Names? How is this done? Do the clients have to use the firewalls PIP then and what is the use-case for this?

I've been waiting

Great video!

Thank you John.!

Thank you for the great video. As far as I understood I must check TLS inspection if I want to use https URL filtering in an application rule. What does it happen if I don't check TLS inspection? Thank you in advance.

Fantastic content, super useful extremely well structured and presented. Awesome!

Awesome video!!

Awesome man, keep it up

Great Video!!!! Thanks!!

nice video John

hey John, any plan to do deep dive on Firewall Manager ?

Hi John one question, why would you use UDRs and not peer the two spoke networks?

Good stuff!

awesome john!

Awesome ❤🎉

Thank you!

Is the PKI infra mandatory for TLS inspection? What if the organization doesn’t have PKI?

you rock, simple as dat

what is 13389 and 13390?? and what are the public ips in homebase? your vm's public ip or your actual router's pulibc ip?

The only con using Azure firewall is there is no static NAT available for Outbound traffic , it randomly SNATs to any one of the Public IPs associated with the FW for outgoing traffic.

Amazing!!!

Awesome!