{"id":"ec77d359-af80-49c2-bbb9-97f0d236f076","shortId":"vPLVg5","kind":"skill","title":"azure-firewall","tagline":"Expert knowledge for Azure Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring DNAT/SNAT rules, TLS inspecti","description":"# Azure Firewall Skill\n\nThis skill provides expert guidance for Azure Firewall. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L37-L42 | Diagnosing Azure Firewall issues using known limitations, packet captures, and Sentinel log analysis for malware detection and traffic investigation. |\n| Best Practices | L43-L50 | Best practices for Azure Firewall DNS proxy/caching, performance tuning, rule optimization with Policy Analytics, and hardening/security configuration guidance. |\n| Decision Making | L51-L59 | Guidance on choosing Azure Firewall SKUs (Basic/Standard/Premium), comparing features and performance, and planning or changing deployments based on throughput and requirements. |\n| Architecture & Design Patterns | L60-L72 | Designing Azure Firewall network architectures: hub-and-spoke, forced tunneling, load balancer integration, hybrid/AVD/M365 protection, and DNAT for overlapping/private IP networks. |\n| Limits & Quotas | L73-L82 | Azure Firewall capacity, IP/port/session limits, SNAT scaling with NAT Gateway, prescaling options, and TCP idle timeout configuration and behaviors |\n| Security | L83-L96 | Azure Firewall security setup: compliance, RBAC/permissions, Azure Policy, TLS inspection and CA chains, threat intel, DNAT, AKS and hybrid network protection, and portal deployment. |\n| Configuration | L97-L119 | Configuring Azure Firewall policies and rules (DNAT, SNAT, app/SQL/FQDN), IP Groups, DNS/proxy/FTP/explicit proxy, maintenance windows, monitoring/logging, and Premium features via portal/PowerShell. |\n| Integrations & Coding Patterns | L120-L124 | Configuring Azure Firewall to securely access Azure Storage via SFTP, including required rules, network paths, and integration patterns for SFTP traffic. |\n| Deployment | L125-L132 | How to deploy Azure Firewall (including Premium) with IP Groups using Bicep/ARM/Terraform, and integrate with Azure DDoS Protection, including basic configuration steps |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Detect and investigate malware using Sentinel with Azure Firewall logs | https://learn.microsoft.com/en-us/azure/firewall/detect-malware-with-sentinel |\n| Troubleshoot Azure Firewall using packet capture | https://learn.microsoft.com/en-us/azure/firewall/packet-capture |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Understand Azure Firewall DNS proxy behavior and caching | https://learn.microsoft.com/en-us/azure/firewall/dns-details |\n| Optimize Azure Firewall performance with tuning guidelines | https://learn.microsoft.com/en-us/azure/firewall/firewall-best-practices |\n| Optimize Azure Firewall rules with Policy Analytics | https://learn.microsoft.com/en-us/azure/firewall/policy-analytics |\n| Apply security best practices to Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/secure-firewall |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Choose and change Azure Firewall Standard vs Premium SKU | https://learn.microsoft.com/en-us/azure/firewall/change-sku |\n| Select the appropriate Azure Firewall SKU | https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku |\n| Deploy Azure Firewall Basic with portal and policy | https://learn.microsoft.com/en-us/azure/firewall/deploy-firewall-basic-portal-policy |\n| Compare Azure Firewall features across SKUs | https://learn.microsoft.com/en-us/azure/firewall/features-by-sku |\n| Plan Azure Firewall performance and SKU throughput | https://learn.microsoft.com/en-us/azure/firewall/firewall-performance |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Architect multi-hub and spoke routing with Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke |\n| Design Azure Firewall forced tunneling architectures | https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling |\n| Integrate Azure Firewall with Standard Load Balancer | https://learn.microsoft.com/en-us/azure/firewall/integrate-lb |\n| Use Azure Firewall Management NIC for control traffic | https://learn.microsoft.com/en-us/azure/firewall/management-nic |\n| Architect Azure Firewall protection for Azure Virtual Desktop | https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop |\n| Design Azure Firewall protection for Microsoft 365 traffic | https://learn.microsoft.com/en-us/azure/firewall/protect-office-365 |\n| Secure hybrid networks with Azure Firewall and policy | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy |\n| Architect Azure Firewall in hybrid network topologies | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps |\n| Use private IP DNAT for overlapped Azure networks | https://learn.microsoft.com/en-us/azure/firewall/tutorial-private-ip-dnat |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Azure Firewall multi‑IP deployment limits and quotas | https://learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell |\n| Azure Firewall FAQ limits and behaviors | https://learn.microsoft.com/en-us/azure/firewall/firewall-faq |\n| Scale Azure Firewall SNAT ports with NAT Gateway | https://learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway |\n| Integrate Azure Firewall with NAT Gateway V2 for SNAT scaling | https://learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway-v2 |\n| Configure Azure Firewall prescaling capacity ranges | https://learn.microsoft.com/en-us/azure/firewall/prescaling |\n| Configure Azure Firewall TCP session idle timeouts | https://learn.microsoft.com/en-us/azure/firewall/tcp-session-behavior |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Understand Azure Firewall compliance certifications | https://learn.microsoft.com/en-us/azure/firewall/compliance-certifications |\n| Enforce Azure Firewall security using Azure Policy | https://learn.microsoft.com/en-us/azure/firewall/firewall-azure-policy |\n| Configure TLS inspection certificates for Firewall Premium | https://learn.microsoft.com/en-us/azure/firewall/premium-certificates |\n| Deploy Enterprise CA chain for Azure Firewall Premium | https://learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca |\n| Protect AKS clusters using Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service |\n| Azure Firewall roles, permissions, and required access | https://learn.microsoft.com/en-us/azure/firewall/roles-permissions |\n| Configure Azure Firewall threat intelligence filtering | https://learn.microsoft.com/en-us/azure/firewall/threat-intel |\n| Deploy and configure Azure Firewall in portal | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal |\n| Configure Azure Firewall DNAT for inbound filtering | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat |\n| Configure Azure Firewall for hybrid network security | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Create and manage Azure Firewall IP Groups | https://learn.microsoft.com/en-us/azure/firewall/create-ip-group |\n| Set customer-controlled maintenance windows for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/customer-controlled-maintenance |\n| Deploy and configure Azure Firewall policy via PowerShell | https://learn.microsoft.com/en-us/azure/firewall/deploy-ps-policy |\n| Bulk manage Azure Firewall rules with PowerShell | https://learn.microsoft.com/en-us/azure/firewall/deploy-rules-powershell |\n| Configure and monitor Azure Firewall DNAT rules | https://learn.microsoft.com/en-us/azure/firewall/destination-nat-rules |\n| Configure DNS servers and DNS proxy for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/dns-settings |\n| Use Azure Firewall Policy Draft and Deployment | https://learn.microsoft.com/en-us/azure/firewall/draft-deploy |\n| Configure Azure Firewall explicit proxy mode | https://learn.microsoft.com/en-us/azure/firewall/explicit-proxy |\n| Analyze Azure Firewall data using workbooks | https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook |\n| Use Azure Firewall FQDN tags in application rules | https://learn.microsoft.com/en-us/azure/firewall/fqdn-tags |\n| Configure FTP modes and security on Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/ftp-support |\n| Configure and use IP Groups in Azure Firewall rules | https://learn.microsoft.com/en-us/azure/firewall/ip-groups |\n| Configure monitoring and logging for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall |\n| Use Azure Firewall monitoring data and logs with Azure Monitor | https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference |\n| Implement Azure Firewall Premium advanced features | https://learn.microsoft.com/en-us/azure/firewall/premium-features |\n| Track Azure Firewall rule changes with Resource Graph | https://learn.microsoft.com/en-us/azure/firewall/rule-set-change-tracking |\n| Configure SNAT private IP ranges in Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/snat-private-range |\n| Configure Azure Firewall application rules with SQL FQDNs | https://learn.microsoft.com/en-us/azure/firewall/sql-fqdn-filtering |\n| Configure Azure Firewall DNAT policy for inbound traffic | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Access Azure Storage via SFTP through Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/firewall-sftp |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Deploy and configure Azure Firewall Premium environments | https://learn.microsoft.com/en-us/azure/firewall/premium-deploy |\n| Deploy Azure Firewall and IP Groups using Bicep | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-bicep |\n| Deploy Azure Firewall and IP Groups via ARM template | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-template |\n| Deploy Azure Firewall and IP Groups using Terraform | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-terraform |\n| Deploy Azure Firewall with Azure DDoS Protection | https://learn.microsoft.com/en-us/azure/firewall/tutorial-protect-firewall-ddos |","tags":["azure","firewall","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-firewall","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 549 github stars · SKILL.md body (11,569 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:53:53.542Z","embedding":null,"createdAt":"2026-04-18T21:59:05.344Z","updatedAt":"2026-05-18T18:53:53.542Z","lastSeenAt":"2026-05-18T18:53:53.542Z","tsv":"'/en-us/azure/firewall/change-sku':526 '/en-us/azure/firewall/choose-firewall-sku':535 '/en-us/azure/firewall/compliance-certifications':745 '/en-us/azure/firewall/create-ip-group':847 '/en-us/azure/firewall/customer-controlled-maintenance':859 '/en-us/azure/firewall/deploy-firewall-basic-portal-policy':546 '/en-us/azure/firewall/deploy-multi-public-ip-powershell':682 '/en-us/azure/firewall/deploy-ps-policy':870 '/en-us/azure/firewall/deploy-rules-powershell':880 '/en-us/azure/firewall/destination-nat-rules':890 '/en-us/azure/firewall/detect-malware-with-sentinel':456 '/en-us/azure/firewall/dns-details':480 '/en-us/azure/firewall/dns-settings':902 '/en-us/azure/firewall/draft-deploy':912 '/en-us/azure/firewall/explicit-proxy':921 '/en-us/azure/firewall/features-by-sku':555 '/en-us/azure/firewall/firewall-azure-policy':755 '/en-us/azure/firewall/firewall-best-practices':490 '/en-us/azure/firewall/firewall-faq':691 '/en-us/azure/firewall/firewall-multi-hub-spoke':583 '/en-us/azure/firewall/firewall-performance':565 '/en-us/azure/firewall/firewall-sftp':1056 '/en-us/azure/firewall/firewall-workbook':930 '/en-us/azure/firewall/forced-tunneling':592 '/en-us/azure/firewall/fqdn-tags':941 '/en-us/azure/firewall/ftp-support':952 '/en-us/azure/firewall/integrate-lb':602 '/en-us/azure/firewall/integrate-with-nat-gateway':702 '/en-us/azure/firewall/integrate-with-nat-gateway-v2':715 '/en-us/azure/firewall/ip-groups':964 '/en-us/azure/firewall/management-nic':613 '/en-us/azure/firewall/monitor-firewall':974 '/en-us/azure/firewall/monitor-firewall-reference':987 '/en-us/azure/firewall/packet-capture':465 '/en-us/azure/firewall/policy-analytics':500 '/en-us/azure/firewall/premium-certificates':765 '/en-us/azure/firewall/premium-deploy':1069 '/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca':776 '/en-us/azure/firewall/premium-features':996 '/en-us/azure/firewall/prescaling':724 '/en-us/azure/firewall/protect-azure-kubernetes-service':785 '/en-us/azure/firewall/protect-azure-virtual-desktop':624 '/en-us/azure/firewall/protect-office-365':635 '/en-us/azure/firewall/quick-create-ipgroup-bicep':1080 '/en-us/azure/firewall/quick-create-ipgroup-template':1092 '/en-us/azure/firewall/quick-create-ipgroup-terraform':1103 '/en-us/azure/firewall/roles-permissions':795 '/en-us/azure/firewall/rule-set-change-tracking':1007 '/en-us/azure/firewall/secure-firewall':510 '/en-us/azure/firewall/snat-private-range':1018 '/en-us/azure/firewall/sql-fqdn-filtering':1029 '/en-us/azure/firewall/tcp-session-behavior':734 '/en-us/azure/firewall/threat-intel':804 '/en-us/azure/firewall/tutorial-firewall-deploy-portal':814 '/en-us/azure/firewall/tutorial-firewall-dnat':824 '/en-us/azure/firewall/tutorial-firewall-dnat-policy':1040 '/en-us/azure/firewall/tutorial-hybrid-portal':834 '/en-us/azure/firewall/tutorial-hybrid-portal-policy':646 '/en-us/azure/firewall/tutorial-hybrid-ps':656 '/en-us/azure/firewall/tutorial-private-ip-dnat':667 '/en-us/azure/firewall/tutorial-protect-firewall-ddos':1113 '/microsoftdocs/mcp/blob/main/readme.md)':163 '3':134 '365':631 'accept':202 'access':168,399,792,1046 'across':551 'advanc':992 'agent':83,127,186,200 'ak':355,778 'analysi':227 'analyt':252,497 'analyz':922 'app/sql/fqdn':375 'appli':501 'applic':937,1022 'appropri':529 'architect':571,614,647 'architectur':16,52,283,293,566,589 'arm':1088 'avail':153 'azur':2,7,35,44,216,242,265,290,316,339,345,368,395,400,422,434,451,458,471,482,492,506,518,530,537,548,557,579,585,594,604,615,619,626,640,648,663,672,683,693,704,717,726,739,747,751,771,781,786,797,808,816,826,841,855,863,873,884,898,904,914,923,932,948,959,970,976,983,989,998,1014,1020,1031,1047,1052,1063,1071,1082,1094,1105,1108 'azure-firewal':1 'balanc':301,599 'base':278 'basic':438,539 'basic/standard/premium':268 'behavior':334,475,688 'best':12,48,234,239,466,503 'bicep':1077 'bicep/arm/terraform':430 'bulk':871 'ca':350,768 'cach':477 'capabl':75 'capac':318,720 'captur':223,462 'categori':86,94,110,206,208 'certif':742,759 'chain':351,769 'chang':276,517,1001 'choos':264,515 'cluster':779 'code':24,60,389,1042 'combin':65 'compar':269,547 'complianc':343,741 'configur':22,30,58,255,332,363,367,394,439,716,725,756,796,807,815,825,835,862,881,891,913,942,953,965,1008,1019,1030,1062 'content':70,172 'control':609,851 'cover':46 'creat':838 'custom':850 'customer-control':849 'data':925,979 'ddos':435,1109 'decis':14,50,257,511 'deploy':27,63,277,362,415,421,536,676,766,805,860,909,1057,1060,1070,1081,1093,1104 'descript':210 'design':17,53,284,289,567,584,625 'desktop':621 'detect':230,444 'develop':9 'diagnos':215 'dnat':306,354,373,660,818,886,1033 'dnat/snat':31 'dns':244,473,892,895 'dns/proxy/ftp/explicit':378 'doc':178 'document':73,171 'draft':907 'e.g':98,114 'enforc':746 'enterpris':767 'environ':1066 'expert':4,41 'explicit':916 'fallback':190 'faq':685 'featur':270,385,550,993 'fetch':74,170,179,192 'file':104,112,119,124 'filter':801,821 'firewal':3,8,36,45,217,243,266,291,317,340,369,396,423,452,459,472,483,493,507,519,531,538,549,558,580,586,595,605,616,627,641,649,673,684,694,705,718,727,740,748,761,772,782,787,798,809,817,827,842,856,864,874,885,899,905,915,924,933,949,960,971,977,990,999,1015,1021,1032,1053,1064,1072,1083,1095,1106 'forc':298,587 'fqdn':934 'fqdns':1026 'ftp':943 'gateway':325,699,708 'github.com':162 'github.com/microsoftdocs/mcp/blob/main/readme.md)':161 'graph':1004 'group':377,428,844,957,1075,1086,1098 'guid':160 'guidanc':42,256,262 'guidelin':487 'hardening/security':254 'hub':295,574 'hub-and-spok':294 'hybrid':357,637,651,829 'hybrid/avd/m365':303 'idl':330,730 'implement':988 'import':81,125 'inbound':820,1036 'includ':10,404,424,437 'index':87,207 'inspect':348,758 'inspecti':34 'instal':157,159 'integr':23,59,302,388,410,432,593,703,1041 'intel':353 'intellig':800 'investig':233,446 'ip':309,376,427,659,675,843,956,1011,1074,1085,1097 'ip/port/session':319 'issu':218 'knowledg':5 'known':220 'l119':366 'l120':101,392 'l120-l124':391 'l124':393 'l125':417 'l125-l132':416 'l132':418 'l35':100 'l35-l120':99 'l37':213 'l37-l42':212 'l42':214 'l43':237 'l43-l50':236 'l50':238 'l51':260 'l51-l59':259 'l59':261 'l60':287 'l60-l72':286 'l72':288 'l73':314 'l73-l82':313 'l82':315 'l83':337 'l83-l96':336 'l96':338 'l97':365 'l97-l119':364 'latest':142 'learn':185,199 'learn-agent-skil':184,198 'learn.microsoft.com':455,464,479,489,499,509,525,534,545,554,564,582,591,601,612,623,634,645,655,666,681,690,701,714,723,733,744,754,764,775,784,794,803,813,823,833,846,858,869,879,889,901,911,920,929,940,951,963,973,986,995,1006,1017,1028,1039,1055,1068,1079,1091,1102,1112 'learn.microsoft.com/en-us/azure/firewall/change-sku':524 'learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku':533 'learn.microsoft.com/en-us/azure/firewall/compliance-certifications':743 'learn.microsoft.com/en-us/azure/firewall/create-ip-group':845 'learn.microsoft.com/en-us/azure/firewall/customer-controlled-maintenance':857 'learn.microsoft.com/en-us/azure/firewall/deploy-firewall-basic-portal-policy':544 'learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell':680 'learn.microsoft.com/en-us/azure/firewall/deploy-ps-policy':868 'learn.microsoft.com/en-us/azure/firewall/deploy-rules-powershell':878 'learn.microsoft.com/en-us/azure/firewall/destination-nat-rules':888 'learn.microsoft.com/en-us/azure/firewall/detect-malware-with-sentinel':454 'learn.microsoft.com/en-us/azure/firewall/dns-details':478 'learn.microsoft.com/en-us/azure/firewall/dns-settings':900 'learn.microsoft.com/en-us/azure/firewall/draft-deploy':910 'learn.microsoft.com/en-us/azure/firewall/explicit-proxy':919 'learn.microsoft.com/en-us/azure/firewall/features-by-sku':553 'learn.microsoft.com/en-us/azure/firewall/firewall-azure-policy':753 'learn.microsoft.com/en-us/azure/firewall/firewall-best-practices':488 'learn.microsoft.com/en-us/azure/firewall/firewall-faq':689 'learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke':581 'learn.microsoft.com/en-us/azure/firewall/firewall-performance':563 'learn.microsoft.com/en-us/azure/firewall/firewall-sftp':1054 'learn.microsoft.com/en-us/azure/firewall/firewall-workbook':928 'learn.microsoft.com/en-us/azure/firewall/forced-tunneling':590 'learn.microsoft.com/en-us/azure/firewall/fqdn-tags':939 'learn.microsoft.com/en-us/azure/firewall/ftp-support':950 'learn.microsoft.com/en-us/azure/firewall/integrate-lb':600 'learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway':700 'learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway-v2':713 'learn.microsoft.com/en-us/azure/firewall/ip-groups':962 'learn.microsoft.com/en-us/azure/firewall/management-nic':611 'learn.microsoft.com/en-us/azure/firewall/monitor-firewall':972 'learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference':985 'learn.microsoft.com/en-us/azure/firewall/packet-capture':463 'learn.microsoft.com/en-us/azure/firewall/policy-analytics':498 'learn.microsoft.com/en-us/azure/firewall/premium-certificates':763 'learn.microsoft.com/en-us/azure/firewall/premium-deploy':1067 'learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca':774 'learn.microsoft.com/en-us/azure/firewall/premium-features':994 'learn.microsoft.com/en-us/azure/firewall/prescaling':722 'learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service':783 'learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop':622 'learn.microsoft.com/en-us/azure/firewall/protect-office-365':633 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-bicep':1078 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-template':1090 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-terraform':1101 'learn.microsoft.com/en-us/azure/firewall/roles-permissions':793 'learn.microsoft.com/en-us/azure/firewall/rule-set-change-tracking':1005 'learn.microsoft.com/en-us/azure/firewall/secure-firewall':508 'learn.microsoft.com/en-us/azure/firewall/snat-private-range':1016 'learn.microsoft.com/en-us/azure/firewall/sql-fqdn-filtering':1027 'learn.microsoft.com/en-us/azure/firewall/tcp-session-behavior':732 'learn.microsoft.com/en-us/azure/firewall/threat-intel':802 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal':812 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat':822 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy':1038 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal':832 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy':644 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps':654 'learn.microsoft.com/en-us/azure/firewall/tutorial-private-ip-dnat':665 'learn.microsoft.com/en-us/azure/firewall/tutorial-protect-firewall-ddos':1111 'limit':19,55,221,311,320,668,677,686 'line':96,108,209 'link':113,122 'load':300,598 'local':66 'locat':90 'log':226,453,968,981 'mainten':380,852 'make':15,51,258,512 'malwar':229,447 'manag':606,840,872 'markdown':189,205 'mcp':148,175 'metadata.generated':129 'microsoft':177,630 'microsoftdoc':149,176 'mode':918,944 'monitor':883,966,978,984 'monitoring/logging':382 'month':135 'multi':573,674 'multi-hub':572 'nat':324,698,707 'network':167,292,310,358,407,638,652,664,830 'nic':607 'old':136 'optim':249,481,491 'option':327 'overlap':662 'overlapping/private':308 'packet':222,461 'path':408 'pattern':18,25,54,61,285,390,411,568,1043 'perform':246,272,484,559 'permiss':789 'plan':274,556 'polici':251,346,370,496,543,643,752,865,906,1034 'port':696 'portal':361,541,811 'portal/powershell':387 'powershel':867,877 'practic':13,49,235,240,467,504 'prefer':173 'premium':384,425,522,762,773,991,1065 'prescal':326,719 'privat':658,1010 'protect':304,359,436,617,628,777,1110 'provid':40 'proxi':379,474,896,917 'proxy/caching':245 'pull':140 'queri':181,195 'quick':68 'quick-refer':67 'quota':20,56,312,669,679 'rang':97,721,1012 'rbac/permissions':344 'read':103,118 'refer':69,123 'relev':91 'remot':72 'repositori':146 'requir':166,282,405,791 'resourc':1003 'return':188,204 'role':788 'rout':577 'rule':32,248,372,406,494,875,887,938,961,1000,1023 'scale':322,692,712 'section':92 'secur':21,57,335,341,398,502,636,735,749,831,946 'security.md':115,116 'select':527 'sentinel':225,449 'server':893 'session':729 'set':848 'setup':342 'sftp':403,413,1050 'skill':37,39,80,165,187,201 'skill-azure-firewall' 'sku':523,532,561 'skus':267,552 'snat':321,374,695,711,1009 'source-microsoftdocs' 'specifi':107 'spoke':297,576 'sql':1025 'standard':520,597 'step':440 'storag':401,1048 'string':182,196 'suggest':137,154 'tag':935 'tcp':329,728 'templat':1089 'terraform':1100 'text/markdown':203 'threat':352,799 'throughput':280,562 'timeout':331,731 'tls':33,347,757 'tool':150 'topic':442,468,513,569,670,736,836,1044,1058 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'topolog':653 'track':997 'traffic':232,414,610,632,1037 'troubleshoot':11,47,211,441,457 'tune':247,486 'tunnel':299,588 'understand':470,738 'url':443,469,514,570,671,737,837,1045,1059 'use':28,78,84,102,117,174,191,219,429,448,460,603,657,750,780,903,926,931,955,975,1076,1099 'user':139,156 'v2':709 'version':143 'via':386,402,866,1049,1087 'virtual':620 'vs':521 'webpag':193 'window':381,853 'workbook':927","prices":[{"id":"f096ec74-006d-4c77-aa00-658bd5defab0","listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:05.344Z"}],"sources":[{"listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-firewall","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:05.344Z","lastSeenAt":"2026-05-18T18:53:53.542Z"}],"details":{"listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-firewall","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":549,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-05-17T02:50:05Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"864930ac7f6eef798e8f9c669867077624783029","skill_md_path":"skills/azure-firewall/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-firewall","description":"Expert knowledge for Azure Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring DNAT/SNAT rules, TLS inspection, DNS proxy, hub-and-spoke routing, or SFTP to Azure Storage, and other Azure Firewall related development tasks. Not for Azure Virtual Network (use azure-virtual-network), Azure Networking (use azure-networking), Azure Web Application Firewall (use azure-web-application-firewall), Azure Firewall Manager (use azure-firewall-manager).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall"},"updatedAt":"2026-05-18T18:53:53.542Z"}}