azure-firewall-manager
Expert knowledge for Azure Firewall Manager development including best practices, decision making, security, and configuration. Use when building, debugging, or optimizing Azure Firewall Manager applications. Not for Azure Firewall (use azure-firewall), Azure Virtual Network Manager (use azure-virtual-network-manager), Azure Network Watcher (use azure-network-watcher), Azure Networking (use azure-networking).
From azurenpx claudepluginhub atc-net/atc-agentic-toolkit --plugin azureThis skill uses the workspace's default tool permissions.
Azure Firewall Manager Skill
This skill provides expert guidance for Azure Firewall Manager. Covers best practices, decision making, security, and configuration. It combines local quick-reference content with remote documentation fetching capabilities.
How to Use This Skill
IMPORTANT for Agent: This file may be large. Use the Category Index below to locate relevant sections, then use
read_filewith specific line ranges (e.g.,L136-L144) to read the sections needed for the user's question This skill requires network access to fetch documentation content. Usemcp_microsoftdocs:microsoft_docs_fetchto retrieve full articles.
- Fallback: Use the built-in
WebFetchtool if the Microsoft Learn MCP server is not available.
Category Index
| Category | Lines | Description |
|---|---|---|
| Best Practices | L32-L36 | Details on how Azure Firewall evaluates and processes rules, rule collection groups, and policies, including priority, matching logic, and traffic filtering behavior |
| Decision Making | L37-L41 | Guidance on choosing between a secured virtual hub and a hub virtual network in Azure Firewall Manager, including architecture, security, routing, and management trade-offs. |
| Security | L42-L48 | Configuring Azure Firewall Manager for security: DDoS Protection plans, centralized WAF policy management, and threat intelligence-based traffic filtering. |
| Configuration | L49-L57 | Configuring Azure Firewall policies: DNS/DNS proxy, FQDN filtering, IP Groups, rule migration, rule hierarchy/inheritance, and securing private endpoint traffic in Virtual WAN. |
Best Practices
| Topic | URL |
|---|---|
| Understand Azure Firewall rule processing order and logic | https://learn.microsoft.com/en-us/azure/firewall-manager/rule-processing |
Decision Making
| Topic | URL |
|---|---|
| Choose between secured virtual hub and hub virtual network | https://learn.microsoft.com/en-us/azure/firewall-manager/vhubs-and-vnets |
Security
| Topic | URL |
|---|---|
| Configure Azure DDoS Protection plans via Firewall Manager | https://learn.microsoft.com/en-us/azure/firewall-manager/configure-ddos |
| Centrally manage WAF policies with Azure Firewall Manager | https://learn.microsoft.com/en-us/azure/firewall-manager/manage-web-application-firewall-policies |
| Configure threat intelligence-based filtering in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/threat-intelligence-settings |
Configuration
| Topic | URL |
|---|---|
| Configure DNS servers and DNS proxy in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/dns-settings |
| Use FQDN filtering in Azure Firewall network rules | https://learn.microsoft.com/en-us/azure/firewall-manager/fqdn-filtering-network-rules |
| Configure and reuse IP Groups in Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/ip-groups |
| Migrate Azure Firewall rules to Firewall policy with PowerShell | https://learn.microsoft.com/en-us/azure/firewall-manager/migrate-to-policy |
| Secure private endpoint traffic in Azure Virtual WAN with Firewall rules | https://learn.microsoft.com/en-us/azure/firewall-manager/private-link-inspection-secure-virtual-hub |
| Define rule hierarchy and inheritance with Azure Firewall policy | https://learn.microsoft.com/en-us/azure/firewall-manager/rule-hierarchy |