Microsoft Azure

Azure Resource Manager

Dashboard Widgets

General (General overview of the system)

Audit (The number of rules with expired access or will have access expire within the next month)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

Device Viewer (see Device Viewer)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Topology

Azure Virtual WAN

Dynamic Topology

Calculate impact of NSGs

Connectivity between VNets

ExpressRoute

VNet peering

Connectivity via VPN

Internal load balancer

The following devices are supported on Microsoft Azure:

Fortinet: FortiManager; FortiGate
Check Point: Management Devices (MDS) CloudGuard Network Security - Firewall & Threat Prevention; Checkpoint Gateway with dynamic routes
Palo Alto: Panorama

Azure Resource Manager is the supported device type.
PCI DSS compliance is not currently supported.
Azure Classic (Azure Service Management API): Support for this device has reached its "end of life" (EOL).
Regarding Application Security Groups (ASGs), to see the members of an ASG in the Rule Viewer, the Virtual Machines (VMs) that are associated with the ASGs must be connected to the same Virtual Network (VNET) as the Network Security Group (NSG) that contains the ASG.
VirtualWan: You can import secured virtual hubs to Tufin when the Routing Intent and Routing Policies setting points to the Azure firewall in the configuration.
Importing Virtual Networks requires that the vnet has at least one VNIC.
Rule and object usage collection and analysis: First, configure Azure to allow TOS Aurora to pull traffic information. After configuration, the Last Hit field is populated in the Rule Viewer. From Rule Viewer, search timeLastHit to identify unused rules, For NSGs, you can also search object.timeLastHitand object.notHit to identify unused objects within rules. For details, see TQL queries in the Rule Viewer.

Schedule and run reports on unused rules (and objects, for NSGs) using the Rule Analytics report in SecureTrack Reporting Essentials. The data is not supported in the Rule and Objects Usage report.

Dashboard Widgets

General (General overview of the system)

USP Compliance (The number of rules with violations, according to their severity level)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Topology

Path Analysis

Calculate impact of Azure Firewall policies

Browsers

Rule Viewer (see Rule Viewer)

USP Viewer (see USP Viewer)

USP Alert Manager Viewer (see USP Alerts Manager)

USP Exceptions Viewer (see USP Exceptions)

In some cases, this device creates new rules for requested changes rather than updating the existing rules. In these cases, rule history might not be available.
Classic rules - rules that have been configured on the firewall directly and not included in Azure firewall policies - are not supported.
When a new Azure Firewall is added to TOS, zones are mapped after the policy is received for the first time and therefore violations can be calculated only after receiving a subsequent revision. See Monitoring Microsoft Azure Cloud Platform.
Azure Firewalls: Azure firewall in a secured virtual hub is supported when Routing Intent and Routing Policies is set on the hub.
Rule usage collection and analysis: First, configure Azure to allow TOS Aurora to pull traffic information. After configuration, the Last Hit field is populated in the Rule Viewer. From Rule Viewer, search timeLastHit to identify unused rules. For details, see TQL queries in the Rule Viewer.

Schedule and run reports on unused rules using the Rule Analytics report in SecureTrack Reporting Essentials. The data is not supported in the Rule and Objects Usage report.