Use Azure Security Center Recommendations to Secure Your Workloads

Table of Contents

Create a Custom VM-Series Image for Azure

Use Panorama to Forward Logs to Azure Security Center

Use Azure Security Center Recommendations to Secure Your Workloads

You can either deploy a new instance of the VM-Series firewall or connect your existing VM-Series firewall to secure your workloads on Microsoft Azure.

Where Can I Use This?	What Do I Need?
Microsoft Azure Microsoft Azure Stack Azure® Marketplace Azure China Marketplace Azure Government Marketplace	VM-Series License (PAYG or BYOL) VM-Series plugin Panorama Panorama plugin for Azure Azure Sentinel

Microsoft has deprecated Azure Security Center support for partner security solutions and replaced it with Azure Sentinel.

When you deploy new workloads within your Azure subscription that is enabled for Azure Security Center, Azure Security Center enables you to secure these workloads in two ways. In one workflow, Azure Security Center recommends you to deploy a new instance of the VM-Series firewall to secure an internet-facing application workload. In the other workflow, Azure Security Center discovers VM-Series firewalls (partner security solutions) that you have deployed within the Azure subscription and you have to then perform additional configuration to connect the VM-Series firewall to Azure Security Center so that you can view alerts on the dashboard. See Azure Security Center Integration for details on the integration and the pros and cons of each workflow.

Deploy a VM-Series Firewall Based on an Azure Security Center Recommendation

Azure Security Center scans your Azure resources and provides recommendations to secure workloads that need a next-generation firewall. The recommendation displays on the dashboard and you can then either deploy a new instance of the VM-Series firewall from the Azure marketplace or you can use the Azure CLI, PowerShell, or an ARM template. The advantage of using a customized deployment using Azure CLI, PowerShell, or ARM template is that you can deploy the VM-Series firewall within the same resource group as the workload that you need to secure. When you deploy the VM-Series firewall using the Azure marketplace, Azure requires that you deploy the firewall into a new resource group or an empty resource group only. Therefore, the marketplace deployment requires you to then ensure that the traffic from the workload you want to secure is steered to the firewall that is in a different resource group.

Log in to your Azure portal and access the Security Center dashboard.
Select Recommendations.
Select Add a Next Generation Firewall, and select the workload you want to secure.
Choose whether you want to deploy a new instance of the VM-Series firewall or use an existing instance of the VM-Series firewall.

To use this workflow, stage a workload with a public IP address that is exposed to the internet and deploy an instance of the VM-Series firewall in a new resource group. Then, delete the workload you staged, and deploy your production workloads within the resource group in which you deployed the VM-Series firewall.
- To Create New, see Deploy the VM-Series Firewall from the Azure Marketplace (Solution Template).
- To Use existing solution, select the VM-Series firewall that you have previously deployed.

Connect an Existing VM-Series Firewall From Azure Security Center

When an Azure Security Center detects that you have deployed the VM-Series firewall within the Azure subscription, it displays the firewall as a security solution. You can then connect the VM-Series firewall to Security Center using the Common Event Format (CEF) over syslog, and view firewall logs as alerts on the Security Center dashboard.

Log in to your Azure portal and access the Security Center dashboard.
Select Security Solutions to view all available VM-Series firewalls within this Azure subscription.
Expand Discovered solutions, and select the VM-Series firewall instance that is in the same resource group as the workload you want to secure and click Connect.

To view firewall logs as alerts on the Security Center dashboard, you need to follow the four-step process that displays on the screen.
On successfully connecting the VM-Series firewall to Security Center, the VM-Series firewall displays in the Connected solutions list.

Click View to verify that the firewall is protecting the workload that you need to secure.