Azure Introduction
Azure Pricing
Azure Threats
Monitor Next Generation Firewall (NGFW) setting is not enabled
More Info:
Enable Next Generation Firewall (NGFW) recommendations for virtual machines.
Risk Level
Low
Address
Security, Operational Maturity
Compliance Standards
SOC2, ISO27001, HIPAA
Triage and Remediation
Remediation
To remediate the misconfiguration “Monitor Next Generation Firewall (NGFW) setting is not enabled” for Azure using Azure console, follow the below steps:
- Login to the Azure portal (https://portal.azure.com/)
- Go to the “Security Center” service
- In the left-hand menu, select “Security policy”
- Scroll down to “Firewall” and click on “Edit settings”
- Under “Next Generation Firewall (NGFW)”, toggle the switch to “On”
- Click on “Save” to apply the changes.
After enabling the Monitor Next Generation Firewall (NGFW) setting, Azure Security Center will start monitoring your NGFW logs and alert you if any suspicious activity is detected. This will help you to identify and remediate any potential security threats in your Azure environment.
To remediate the misconfiguration “Monitor Next Generation Firewall (NGFW) setting is not enabled” for Azure using Azure CLI, you can follow the below steps:
Step 1: Open Azure CLI and login to your Azure account using the command az login.
Step 2: Once you are logged in, run the command az network firewall show --name <NGFW-Name> --resource-group <Resource-Group-Name> --query "enableDnsProxy". This command will check if the DNS proxy is enabled on the NGFW or not.
Step 3: If the output of the above command is “false”, then run the command az network firewall update --name <NGFW-Name> --resource-group <Resource-Group-Name> --enable-dns-proxy true. This command will enable the DNS proxy on the NGFW.
Step 4: Once the DNS proxy is enabled on the NGFW, you can verify it by running the command az network firewall show --name <NGFW-Name> --resource-group <Resource-Group-Name> --query "enableDnsProxy". The output of this command should be “true”.
Step 5: Finally, you can check if the misconfiguration is remediated or not by checking the Monitor NGFW setting. If it is enabled, then the misconfiguration is remediated successfully.
Note: Replace <NGFW-Name> with the name of your NGFW and <Resource-Group-Name> with the name of your resource group.
To remediate the “Monitor Next Generation Firewall (NGFW) setting is not enabled” misconfiguration for Azure using Python, follow these steps:
- Install the Azure SDK for Python by running the following command in your terminal or command prompt:
pip install azure-mgmt-monitor
- Import the necessary modules in your Python script:
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.monitor import MonitorManagementClient
-
Set up the credentials for your Azure account by creating a Service Principal. You can follow the instructions in this Microsoft documentation to create a Service Principal: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
-
Create a MonitorManagementClient object using the credentials you just set up:
subscription_id = 'your-subscription-id'
credentials = ServicePrincipalCredentials(
client_id='your-client-id',
secret='your-client-secret',
tenant='your-tenant-id'
)
monitor_client = MonitorManagementClient(
credentials=credentials,
subscription_id=subscription_id
)
- Use the MonitorManagementClient object to enable the NGFW setting for Azure Firewall:
resource_group_name = 'your-resource-group-name'
firewall_name = 'your-firewall-name'
firewall = monitor_client.firewall_policies.get(resource_group_name, firewall_name)
firewall.enable_ngfw(True)
monitor_client.firewall_policies.create_or_update(resource_group_name, firewall_name, firewall)
- Verify that the NGFW setting has been enabled by checking the Firewall Policy in the Azure portal.
By following these steps, you should be able to remediate the “Monitor Next Generation Firewall (NGFW) setting is not enabled” misconfiguration for Azure using Python.