{"id":"ec77d359-af80-49c2-bbb9-97f0d236f076","shortId":"vPLVg5","kind":"skill","title":"azure-firewall","tagline":"Expert knowledge for Azure Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Azure Firewall SKUs, policies","description":"# Azure Firewall Skill\n\nThis skill provides expert guidance for Azure Firewall. Covers troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. It combines local quick-reference content with remote documentation fetching capabilities.\n\n## How to Use This Skill\n\n> **IMPORTANT for Agent**: Use the **Category Index** below to locate relevant sections. For categories with line ranges (e.g., `L35-L120`), use `read_file` with the specified lines. For categories with file links (e.g., `[security.md](security.md)`), use `read_file` on the linked reference file\n\n> **IMPORTANT for Agent**: If `metadata.generated_at` is more than 3 months old, suggest the user pull the latest version from the repository. If `mcp_microsoftdocs` tools are not available, suggest the user install it: [Installation Guide](https://github.com/MicrosoftDocs/mcp/blob/main/README.md)\n\nThis skill requires **network access** to fetch documentation content:\n- **Preferred**: Use `mcp_microsoftdocs:microsoft_docs_fetch` with query string `from=learn-agent-skill`. Returns Markdown.\n- **Fallback**: Use `fetch_webpage` with query string `from=learn-agent-skill&accept=text/markdown`. Returns Markdown.\n\n## Category Index\n\n| Category | Lines | Description |\n|----------|-------|-------------|\n| Troubleshooting | L37-L42 | Diagnosing Azure Firewall issues using known limitations, packet captures, and Sentinel log analysis for malware detection and traffic investigation. |\n| Best Practices | L43-L50 | Best practices for Azure Firewall DNS proxy/caching, performance tuning, rule optimization with Policy Analytics, and hardening/security configuration guidance. |\n| Decision Making | L51-L59 | Guidance on choosing Azure Firewall SKUs (Basic/Standard/Premium), comparing features and performance, and planning or changing deployments based on throughput and requirements. |\n| Architecture & Design Patterns | L60-L72 | Designing Azure Firewall network architectures: hub-and-spoke, forced tunneling, load balancer integration, hybrid/AVD/M365 protection, and DNAT for overlapping/private IP networks. |\n| Limits & Quotas | L73-L82 | Azure Firewall capacity, IP/port/session limits, SNAT scaling with NAT Gateway, prescaling ranges, and TCP idle timeout behaviors and configuration. |\n| Security | L83-L96 | Azure Firewall security setup: compliance, RBAC/permissions, Azure Policy, TLS inspection and CA chains, threat intel, DNAT, AKS and hybrid network protection, and portal deployment. |\n| Configuration | L97-L118 | Configuring Azure Firewall policies, rules (DNAT/SNAT/app), IP Groups, DNS/proxy/FTP, maintenance windows, monitoring/logging, and advanced Premium/PowerShell management. |\n| Integrations & Coding Patterns | L119-L123 | Configuring Azure Firewall to securely access Azure Storage via SFTP, including required rules, network paths, and integration patterns for SFTP traffic. |\n| Deployment | L124-L131 | How to deploy Azure Firewall (including Premium) with IP Groups using Bicep/ARM/Terraform, and integrate with Azure DDoS Protection, including basic configuration steps |\n\n### Troubleshooting\n| Topic | URL |\n|-------|-----|\n| Detect and investigate malware using Sentinel with Azure Firewall logs | https://learn.microsoft.com/en-us/azure/firewall/detect-malware-with-sentinel |\n| Troubleshoot Azure Firewall using packet capture | https://learn.microsoft.com/en-us/azure/firewall/packet-capture |\n\n### Best Practices\n| Topic | URL |\n|-------|-----|\n| Understand Azure Firewall DNS proxy behavior and caching | https://learn.microsoft.com/en-us/azure/firewall/dns-details |\n| Optimize Azure Firewall performance with tuning guidelines | https://learn.microsoft.com/en-us/azure/firewall/firewall-best-practices |\n| Optimize Azure Firewall rules with Policy Analytics | https://learn.microsoft.com/en-us/azure/firewall/policy-analytics |\n| Apply security best practices to Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/secure-firewall |\n\n### Decision Making\n| Topic | URL |\n|-------|-----|\n| Choose and change Azure Firewall Standard vs Premium SKU | https://learn.microsoft.com/en-us/azure/firewall/change-sku |\n| Select the appropriate Azure Firewall SKU | https://learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku |\n| Deploy Azure Firewall Basic with portal and policy | https://learn.microsoft.com/en-us/azure/firewall/deploy-firewall-basic-portal-policy |\n| Compare Azure Firewall features across SKUs | https://learn.microsoft.com/en-us/azure/firewall/features-by-sku |\n| Plan Azure Firewall performance and SKU throughput | https://learn.microsoft.com/en-us/azure/firewall/firewall-performance |\n\n### Architecture & Design Patterns\n| Topic | URL |\n|-------|-----|\n| Architect multi-hub and spoke routing with Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke |\n| Design Azure Firewall forced tunneling architectures | https://learn.microsoft.com/en-us/azure/firewall/forced-tunneling |\n| Integrate Azure Firewall with Standard Load Balancer | https://learn.microsoft.com/en-us/azure/firewall/integrate-lb |\n| Use Azure Firewall Management NIC for control traffic | https://learn.microsoft.com/en-us/azure/firewall/management-nic |\n| Architect Azure Firewall protection for Azure Virtual Desktop | https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop |\n| Design Azure Firewall protection for Microsoft 365 traffic | https://learn.microsoft.com/en-us/azure/firewall/protect-office-365 |\n| Secure hybrid networks with Azure Firewall and policy | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy |\n| Architect Azure Firewall in hybrid network topologies | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps |\n| Use private IP DNAT for overlapped Azure networks | https://learn.microsoft.com/en-us/azure/firewall/tutorial-private-ip-dnat |\n\n### Limits & Quotas\n| Topic | URL |\n|-------|-----|\n| Azure Firewall multi‑IP deployment limits and quotas | https://learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell |\n| Azure Firewall FAQ limits and behaviors | https://learn.microsoft.com/en-us/azure/firewall/firewall-faq |\n| Scale Azure Firewall SNAT ports with NAT Gateway | https://learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway |\n| Integrate Azure Firewall with NAT Gateway V2 for SNAT scaling | https://learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway-v2 |\n| Configure Azure Firewall prescaling capacity ranges | https://learn.microsoft.com/en-us/azure/firewall/prescaling |\n| Manage Azure Firewall TCP session idle timeouts | https://learn.microsoft.com/en-us/azure/firewall/tcp-session-behavior |\n\n### Security\n| Topic | URL |\n|-------|-----|\n| Understand Azure Firewall compliance certifications | https://learn.microsoft.com/en-us/azure/firewall/compliance-certifications |\n| Enforce Azure Firewall security using Azure Policy | https://learn.microsoft.com/en-us/azure/firewall/firewall-azure-policy |\n| Configure TLS inspection certificates for Firewall Premium | https://learn.microsoft.com/en-us/azure/firewall/premium-certificates |\n| Deploy Enterprise CA chain for Azure Firewall Premium | https://learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca |\n| Protect AKS clusters using Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service |\n| Azure Firewall roles, permissions, and required access | https://learn.microsoft.com/en-us/azure/firewall/roles-permissions |\n| Configure Azure Firewall threat intelligence filtering | https://learn.microsoft.com/en-us/azure/firewall/threat-intel |\n| Deploy and configure Azure Firewall in portal | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal |\n| Configure Azure Firewall DNAT for inbound filtering | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat |\n| Configure Azure Firewall for hybrid network security | https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal |\n\n### Configuration\n| Topic | URL |\n|-------|-----|\n| Create and manage Azure Firewall IP Groups | https://learn.microsoft.com/en-us/azure/firewall/create-ip-group |\n| Set customer-controlled maintenance windows for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/customer-controlled-maintenance |\n| Deploy and configure Azure Firewall policy via PowerShell | https://learn.microsoft.com/en-us/azure/firewall/deploy-ps-policy |\n| Bulk manage Azure Firewall rules with PowerShell | https://learn.microsoft.com/en-us/azure/firewall/deploy-rules-powershell |\n| Configure and monitor Azure Firewall DNAT rules | https://learn.microsoft.com/en-us/azure/firewall/destination-nat-rules |\n| Configure DNS servers and DNS proxy for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/dns-settings |\n| Use Azure Firewall Policy Draft and Deployment | https://learn.microsoft.com/en-us/azure/firewall/draft-deploy |\n| Configure Azure Firewall explicit proxy mode | https://learn.microsoft.com/en-us/azure/firewall/explicit-proxy |\n| Analyze Azure Firewall data using workbooks | https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook |\n| Configure FTP modes and security on Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/ftp-support |\n| Configure and use IP Groups in Azure Firewall rules | https://learn.microsoft.com/en-us/azure/firewall/ip-groups |\n| Configure monitoring and logging for Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall |\n| Use Azure Firewall monitoring data and logs with Azure Monitor | https://learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference |\n| Implement Azure Firewall Premium advanced features | https://learn.microsoft.com/en-us/azure/firewall/premium-features |\n| Track Azure Firewall rule changes with Resource Graph | https://learn.microsoft.com/en-us/azure/firewall/rule-set-change-tracking |\n| Configure SNAT private IP ranges in Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/snat-private-range |\n| Configure Azure Firewall application rules with SQL FQDNs | https://learn.microsoft.com/en-us/azure/firewall/sql-fqdn-filtering |\n| Configure Azure Firewall DNAT policy for inbound traffic | https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy |\n\n### Integrations & Coding Patterns\n| Topic | URL |\n|-------|-----|\n| Access Azure Storage via SFTP through Azure Firewall | https://learn.microsoft.com/en-us/azure/firewall/firewall-sftp |\n\n### Deployment\n| Topic | URL |\n|-------|-----|\n| Deploy and configure Azure Firewall Premium environments | https://learn.microsoft.com/en-us/azure/firewall/premium-deploy |\n| Deploy Azure Firewall and IP Groups using Bicep | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-bicep |\n| Deploy Azure Firewall and IP Groups via ARM template | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-template |\n| Deploy Azure Firewall and IP Groups using Terraform | https://learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-terraform |\n| Deploy Azure Firewall with Azure DDoS Protection | https://learn.microsoft.com/en-us/azure/firewall/tutorial-protect-firewall-ddos |","tags":["azure","firewall","agent","skills","microsoftdocs","agent-skills","agentic-skills","agentskill","ai-agents","ai-coding","azure-functions","azure-kubernetes-service"],"capabilities":["skill","source-microsoftdocs","skill-azure-firewall","topic-agent","topic-agent-skills","topic-agentic-skills","topic-agentskill","topic-ai-agents","topic-ai-coding","topic-azure","topic-azure-functions","topic-azure-kubernetes-service","topic-azure-openai","topic-azure-sql-database","topic-azure-storage"],"categories":["Agent-Skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add MicrosoftDocs/Agent-Skills","source_repo":"https://github.com/MicrosoftDocs/Agent-Skills","install_from":"skills.sh"}},"qualityScore":"0.698","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 497 github stars · SKILL.md body (11,422 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T06:53:32.596Z","embedding":null,"createdAt":"2026-04-18T21:59:05.344Z","updatedAt":"2026-04-22T06:53:32.596Z","lastSeenAt":"2026-04-22T06:53:32.596Z","tsv":"'/en-us/azure/firewall/change-sku':521 '/en-us/azure/firewall/choose-firewall-sku':530 '/en-us/azure/firewall/compliance-certifications':740 '/en-us/azure/firewall/create-ip-group':842 '/en-us/azure/firewall/customer-controlled-maintenance':854 '/en-us/azure/firewall/deploy-firewall-basic-portal-policy':541 '/en-us/azure/firewall/deploy-multi-public-ip-powershell':677 '/en-us/azure/firewall/deploy-ps-policy':865 '/en-us/azure/firewall/deploy-rules-powershell':875 '/en-us/azure/firewall/destination-nat-rules':885 '/en-us/azure/firewall/detect-malware-with-sentinel':451 '/en-us/azure/firewall/dns-details':475 '/en-us/azure/firewall/dns-settings':897 '/en-us/azure/firewall/draft-deploy':907 '/en-us/azure/firewall/explicit-proxy':916 '/en-us/azure/firewall/features-by-sku':550 '/en-us/azure/firewall/firewall-azure-policy':750 '/en-us/azure/firewall/firewall-best-practices':485 '/en-us/azure/firewall/firewall-faq':686 '/en-us/azure/firewall/firewall-multi-hub-spoke':578 '/en-us/azure/firewall/firewall-performance':560 '/en-us/azure/firewall/firewall-sftp':1040 '/en-us/azure/firewall/firewall-workbook':925 '/en-us/azure/firewall/forced-tunneling':587 '/en-us/azure/firewall/ftp-support':936 '/en-us/azure/firewall/integrate-lb':597 '/en-us/azure/firewall/integrate-with-nat-gateway':697 '/en-us/azure/firewall/integrate-with-nat-gateway-v2':710 '/en-us/azure/firewall/ip-groups':948 '/en-us/azure/firewall/management-nic':608 '/en-us/azure/firewall/monitor-firewall':958 '/en-us/azure/firewall/monitor-firewall-reference':971 '/en-us/azure/firewall/packet-capture':460 '/en-us/azure/firewall/policy-analytics':495 '/en-us/azure/firewall/premium-certificates':760 '/en-us/azure/firewall/premium-deploy':1053 '/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca':771 '/en-us/azure/firewall/premium-features':980 '/en-us/azure/firewall/prescaling':719 '/en-us/azure/firewall/protect-azure-kubernetes-service':780 '/en-us/azure/firewall/protect-azure-virtual-desktop':619 '/en-us/azure/firewall/protect-office-365':630 '/en-us/azure/firewall/quick-create-ipgroup-bicep':1064 '/en-us/azure/firewall/quick-create-ipgroup-template':1076 '/en-us/azure/firewall/quick-create-ipgroup-terraform':1087 '/en-us/azure/firewall/roles-permissions':790 '/en-us/azure/firewall/rule-set-change-tracking':991 '/en-us/azure/firewall/secure-firewall':505 '/en-us/azure/firewall/snat-private-range':1002 '/en-us/azure/firewall/sql-fqdn-filtering':1013 '/en-us/azure/firewall/tcp-session-behavior':729 '/en-us/azure/firewall/threat-intel':799 '/en-us/azure/firewall/tutorial-firewall-deploy-portal':809 '/en-us/azure/firewall/tutorial-firewall-dnat':819 '/en-us/azure/firewall/tutorial-firewall-dnat-policy':1024 '/en-us/azure/firewall/tutorial-hybrid-portal':829 '/en-us/azure/firewall/tutorial-hybrid-portal-policy':641 '/en-us/azure/firewall/tutorial-hybrid-ps':651 '/en-us/azure/firewall/tutorial-private-ip-dnat':662 '/en-us/azure/firewall/tutorial-protect-firewall-ddos':1097 '/microsoftdocs/mcp/blob/main/readme.md)':163 '3':134 '365':626 'accept':202 'access':168,394,787,1030 'across':546 'advanc':380,976 'agent':83,127,186,200 'ak':355,773 'analysi':227 'analyt':252,492 'analyz':917 'appli':496 'applic':1006 'appropri':524 'architect':566,609,642 'architectur':16,52,283,293,561,584 'arm':1072 'avail':153 'azur':2,7,31,35,44,216,242,265,290,316,339,345,368,390,395,417,429,446,453,466,477,487,501,513,525,532,543,552,574,580,589,599,610,614,621,635,643,658,667,678,688,699,712,721,734,742,746,766,776,781,792,803,811,821,836,850,858,868,879,893,899,909,918,932,943,954,960,967,973,982,998,1004,1015,1031,1036,1047,1055,1066,1078,1089,1092 'azure-firewal':1 'balanc':301,594 'base':278 'basic':433,534 'basic/standard/premium':268 'behavior':332,470,683 'best':12,48,234,239,461,498 'bicep':1061 'bicep/arm/terraform':425 'bulk':866 'ca':350,763 'cach':472 'capabl':75 'capac':318,715 'captur':223,457 'categori':86,94,110,206,208 'certif':737,754 'chain':351,764 'chang':276,512,985 'choos':264,510 'cluster':774 'code':24,60,384,1026 'combin':65 'compar':269,542 'complianc':343,736 'configur':22,30,58,255,334,363,367,389,434,711,751,791,802,810,820,830,857,876,886,908,926,937,949,992,1003,1014,1046 'content':70,172 'control':604,846 'cover':46 'creat':833 'custom':845 'customer-control':844 'data':920,963 'ddos':430,1093 'decis':14,50,257,506 'deploy':27,63,277,362,410,416,531,671,761,800,855,904,1041,1044,1054,1065,1077,1088 'descript':210 'design':17,53,284,289,562,579,620 'desktop':616 'detect':230,439 'develop':9 'diagnos':215 'dnat':306,354,655,813,881,1017 'dnat/snat/app':372 'dns':244,468,887,890 'dns/proxy/ftp':375 'doc':178 'document':73,171 'draft':902 'e.g':98,114 'enforc':741 'enterpris':762 'environ':1050 'expert':4,41 'explicit':911 'fallback':190 'faq':680 'featur':270,545,977 'fetch':74,170,179,192 'file':104,112,119,124 'filter':796,816 'firewal':3,8,32,36,45,217,243,266,291,317,340,369,391,418,447,454,467,478,488,502,514,526,533,544,553,575,581,590,600,611,622,636,644,668,679,689,700,713,722,735,743,756,767,777,782,793,804,812,822,837,851,859,869,880,894,900,910,919,933,944,955,961,974,983,999,1005,1016,1037,1048,1056,1067,1079,1090 'forc':298,582 'fqdns':1010 'ftp':927 'gateway':325,694,703 'github.com':162 'github.com/microsoftdocs/mcp/blob/main/readme.md)':161 'graph':988 'group':374,423,839,941,1059,1070,1082 'guid':160 'guidanc':42,256,262 'guidelin':482 'hardening/security':254 'hub':295,569 'hub-and-spok':294 'hybrid':357,632,646,824 'hybrid/avd/m365':303 'idl':330,725 'implement':972 'import':81,125 'inbound':815,1020 'includ':10,399,419,432 'index':87,207 'inspect':348,753 'instal':157,159 'integr':23,59,302,383,405,427,588,698,1025 'intel':353 'intellig':795 'investig':233,441 'ip':309,373,422,654,670,838,940,995,1058,1069,1081 'ip/port/session':319 'issu':218 'knowledg':5 'known':220 'l118':366 'l119':387 'l119-l123':386 'l120':101 'l123':388 'l124':412 'l124-l131':411 'l131':413 'l35':100 'l35-l120':99 'l37':213 'l37-l42':212 'l42':214 'l43':237 'l43-l50':236 'l50':238 'l51':260 'l51-l59':259 'l59':261 'l60':287 'l60-l72':286 'l72':288 'l73':314 'l73-l82':313 'l82':315 'l83':337 'l83-l96':336 'l96':338 'l97':365 'l97-l118':364 'latest':142 'learn':185,199 'learn-agent-skil':184,198 'learn.microsoft.com':450,459,474,484,494,504,520,529,540,549,559,577,586,596,607,618,629,640,650,661,676,685,696,709,718,728,739,749,759,770,779,789,798,808,818,828,841,853,864,874,884,896,906,915,924,935,947,957,970,979,990,1001,1012,1023,1039,1052,1063,1075,1086,1096 'learn.microsoft.com/en-us/azure/firewall/change-sku':519 'learn.microsoft.com/en-us/azure/firewall/choose-firewall-sku':528 'learn.microsoft.com/en-us/azure/firewall/compliance-certifications':738 'learn.microsoft.com/en-us/azure/firewall/create-ip-group':840 'learn.microsoft.com/en-us/azure/firewall/customer-controlled-maintenance':852 'learn.microsoft.com/en-us/azure/firewall/deploy-firewall-basic-portal-policy':539 'learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell':675 'learn.microsoft.com/en-us/azure/firewall/deploy-ps-policy':863 'learn.microsoft.com/en-us/azure/firewall/deploy-rules-powershell':873 'learn.microsoft.com/en-us/azure/firewall/destination-nat-rules':883 'learn.microsoft.com/en-us/azure/firewall/detect-malware-with-sentinel':449 'learn.microsoft.com/en-us/azure/firewall/dns-details':473 'learn.microsoft.com/en-us/azure/firewall/dns-settings':895 'learn.microsoft.com/en-us/azure/firewall/draft-deploy':905 'learn.microsoft.com/en-us/azure/firewall/explicit-proxy':914 'learn.microsoft.com/en-us/azure/firewall/features-by-sku':548 'learn.microsoft.com/en-us/azure/firewall/firewall-azure-policy':748 'learn.microsoft.com/en-us/azure/firewall/firewall-best-practices':483 'learn.microsoft.com/en-us/azure/firewall/firewall-faq':684 'learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke':576 'learn.microsoft.com/en-us/azure/firewall/firewall-performance':558 'learn.microsoft.com/en-us/azure/firewall/firewall-sftp':1038 'learn.microsoft.com/en-us/azure/firewall/firewall-workbook':923 'learn.microsoft.com/en-us/azure/firewall/forced-tunneling':585 'learn.microsoft.com/en-us/azure/firewall/ftp-support':934 'learn.microsoft.com/en-us/azure/firewall/integrate-lb':595 'learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway':695 'learn.microsoft.com/en-us/azure/firewall/integrate-with-nat-gateway-v2':708 'learn.microsoft.com/en-us/azure/firewall/ip-groups':946 'learn.microsoft.com/en-us/azure/firewall/management-nic':606 'learn.microsoft.com/en-us/azure/firewall/monitor-firewall':956 'learn.microsoft.com/en-us/azure/firewall/monitor-firewall-reference':969 'learn.microsoft.com/en-us/azure/firewall/packet-capture':458 'learn.microsoft.com/en-us/azure/firewall/policy-analytics':493 'learn.microsoft.com/en-us/azure/firewall/premium-certificates':758 'learn.microsoft.com/en-us/azure/firewall/premium-deploy':1051 'learn.microsoft.com/en-us/azure/firewall/premium-deploy-certificates-enterprise-ca':769 'learn.microsoft.com/en-us/azure/firewall/premium-features':978 'learn.microsoft.com/en-us/azure/firewall/prescaling':717 'learn.microsoft.com/en-us/azure/firewall/protect-azure-kubernetes-service':778 'learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop':617 'learn.microsoft.com/en-us/azure/firewall/protect-office-365':628 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-bicep':1062 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-template':1074 'learn.microsoft.com/en-us/azure/firewall/quick-create-ipgroup-terraform':1085 'learn.microsoft.com/en-us/azure/firewall/roles-permissions':788 'learn.microsoft.com/en-us/azure/firewall/rule-set-change-tracking':989 'learn.microsoft.com/en-us/azure/firewall/secure-firewall':503 'learn.microsoft.com/en-us/azure/firewall/snat-private-range':1000 'learn.microsoft.com/en-us/azure/firewall/sql-fqdn-filtering':1011 'learn.microsoft.com/en-us/azure/firewall/tcp-session-behavior':727 'learn.microsoft.com/en-us/azure/firewall/threat-intel':797 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal':807 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat':817 'learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat-policy':1022 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal':827 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal-policy':639 'learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-ps':649 'learn.microsoft.com/en-us/azure/firewall/tutorial-private-ip-dnat':660 'learn.microsoft.com/en-us/azure/firewall/tutorial-protect-firewall-ddos':1095 'limit':19,55,221,311,320,663,672,681 'line':96,108,209 'link':113,122 'load':300,593 'local':66 'locat':90 'log':226,448,952,965 'mainten':376,847 'make':15,51,258,507 'malwar':229,442 'manag':382,601,720,835,867 'markdown':189,205 'mcp':148,175 'metadata.generated':129 'microsoft':177,625 'microsoftdoc':149,176 'mode':913,928 'monitor':878,950,962,968 'monitoring/logging':378 'month':135 'multi':568,669 'multi-hub':567 'nat':324,693,702 'network':167,292,310,358,402,633,647,659,825 'nic':602 'old':136 'optim':249,476,486 'overlap':657 'overlapping/private':308 'packet':222,456 'path':403 'pattern':18,25,54,61,285,385,406,563,1027 'perform':246,272,479,554 'permiss':784 'plan':274,551 'polici':34,251,346,370,491,538,638,747,860,901,1018 'port':691 'portal':361,536,806 'powershel':862,872 'practic':13,49,235,240,462,499 'prefer':173 'premium':420,517,757,768,975,1049 'premium/powershell':381 'prescal':326,714 'privat':653,994 'protect':304,359,431,612,623,772,1094 'provid':40 'proxi':469,891,912 'proxy/caching':245 'pull':140 'queri':181,195 'quick':68 'quick-refer':67 'quota':20,56,312,664,674 'rang':97,327,716,996 'rbac/permissions':344 'read':103,118 'refer':69,123 'relev':91 'remot':72 'repositori':146 'requir':166,282,400,786 'resourc':987 'return':188,204 'role':783 'rout':572 'rule':248,371,401,489,870,882,945,984,1007 'scale':322,687,707 'section':92 'secur':21,57,335,341,393,497,631,730,744,826,930 'security.md':115,116 'select':522 'sentinel':225,444 'server':888 'session':724 'set':843 'setup':342 'sftp':398,408,1034 'skill':37,39,80,165,187,201 'skill-azure-firewall' 'sku':518,527,556 'skus':33,267,547 'snat':321,690,706,993 'source-microsoftdocs' 'specifi':107 'spoke':297,571 'sql':1009 'standard':515,592 'step':435 'storag':396,1032 'string':182,196 'suggest':137,154 'tcp':329,723 'templat':1073 'terraform':1084 'text/markdown':203 'threat':352,794 'throughput':280,557 'timeout':331,726 'tls':347,752 'tool':150 'topic':437,463,508,564,665,731,831,1028,1042 'topic-agent' 'topic-agent-skills' 'topic-agentic-skills' 'topic-agentskill' 'topic-ai-agents' 'topic-ai-coding' 'topic-azure' 'topic-azure-functions' 'topic-azure-kubernetes-service' 'topic-azure-openai' 'topic-azure-sql-database' 'topic-azure-storage' 'topolog':648 'track':981 'traffic':232,409,605,627,1021 'troubleshoot':11,47,211,436,452 'tune':247,481 'tunnel':299,583 'understand':465,733 'url':438,464,509,565,666,732,832,1029,1043 'use':28,78,84,102,117,174,191,219,424,443,455,598,652,745,775,898,921,939,959,1060,1083 'user':139,156 'v2':704 'version':143 'via':397,861,1033,1071 'virtual':615 'vs':516 'webpag':193 'window':377,848 'workbook':922","prices":[{"id":"f096ec74-006d-4c77-aa00-658bd5defab0","listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"MicrosoftDocs","category":"Agent-Skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:59:05.344Z"}],"sources":[{"listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","source":"github","sourceId":"MicrosoftDocs/Agent-Skills/azure-firewall","sourceUrl":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall","isPrimary":false,"firstSeenAt":"2026-04-18T21:59:05.344Z","lastSeenAt":"2026-04-22T06:53:32.596Z"}],"details":{"listingId":"ec77d359-af80-49c2-bbb9-97f0d236f076","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"MicrosoftDocs","slug":"azure-firewall","github":{"repo":"MicrosoftDocs/Agent-Skills","stars":497,"topics":["agent","agent-skills","agentic-skills","agentskill","ai","ai-agents","ai-coding","azure","azure-functions","azure-kubernetes-service","azure-openai","azure-sql-database","azure-storage","azure-virtual-machine","claude-code","github-copilot","microsoft-learn","openai-codex","skills"],"license":"cc-by-4.0","html_url":"https://github.com/MicrosoftDocs/Agent-Skills","pushed_at":"2026-04-22T01:37:27Z","description":"Curated Agent Skills for Microsoft & Azure – giving AI coding assistants structured, real-time expertise from Microsoft Learn docs.","skill_md_sha":"f731784feec698c7bd0c58fec52d04c81bfc1a25","skill_md_path":"skills/azure-firewall/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/MicrosoftDocs/Agent-Skills/tree/main/skills/azure-firewall"},"layout":"multi","source":"github","category":"Agent-Skills","frontmatter":{"name":"azure-firewall","description":"Expert knowledge for Azure Firewall development including troubleshooting, best practices, decision making, architecture & design patterns, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when configuring Azure Firewall SKUs, policies/rules, TLS inspection, hub-spoke DNAT, or SFTP to Storage, and other Azure Firewall related development tasks. Not for Azure Application Gateway (use azure-application-gateway), Azure Front Door (use azure-front-door), Azure Web Application Firewall (use azure-web-application-firewall), Azure DDos Protection (use azure-ddos-protection).","compatibility":"Requires network access. Uses mcp_microsoftdocs:microsoft_docs_fetch or fetch_webpage to retrieve documentation."},"skills_sh_url":"https://skills.sh/MicrosoftDocs/Agent-Skills/azure-firewall"},"updatedAt":"2026-04-22T06:53:32.596Z"}}