Multi-tier architecture is common practice for cloud applications. Virtual firewall appliance is a pre-installed software solution which runs on top of virtual machine. All incoming and outgoing traffic passes via firewall. It offers full visibility and better control. Customers can use these firewalls for the purpose of firewall controlled traffic and VPNs.
A typical deployment may look like the following diagram. These products can be chosen from the marketplace under BYOL. The major vendors are Cisco vASA, Barracuda, Palo Alto, and Check Point:
Let's take a look at Network Security Group, which is an Azure inbuilt feature. You can find this option in the virtual machine networking section:
You can also add/delete inbound or outbound traffic rules as per your requirement by mentioning different parameters, like source, destination, port range, protocol, action, and rule priority:
