Skip to main content

When to use Azure Firewall vs. Network Security Groups and App Security Groups

by Jeff Christman
Senior Consultant, Cloud Security

There is often some confusion about when you should use an Azure Firewall versus Network Security Groups (NSG) or App Security Groups (ASG). A typical use for Azure Firewall is for protecting your enterprise network from incoming traffic with it positioned between your cloud network and the internet. ASGs are used to protect groups of servers with a common function, such as web servers or database servers.

An NSG works much like a firewall. While an Azure Firewall monitors traffic at more of a global level, an NSG is more defined and is applied to specific subnets and/or network interfaces. Both firewall and NSG allow you to apply rules based on IP addresses, port numbers, networks, and subnets.

FREE Membership Required to View Full Content:

Joining gives you free, unlimited access to news, analysis, white papers, case studies, product brochures, and more. You can also receive periodic email newsletters with the latest relevant articles and content updates.
Learn more about us here

About Jeff Christman

Jeff Christman is a distinguished Navy Veteran boasting more than two decades of expertise in the Information Technology sector. He possesses a specialized focus on cloud migration projects, having contributed his skills to prestigious organizations including Raytheon, AT&T, and NASA. Presently, he holds the position of Senior Cloud Security Consultant at a prominent consulting firm. Beyond his professional endeavors, Jeff is an accomplished author and educator, developing and publishing content and courses for renowned platforms such as,, and

Outside of his professional pursuits, Jeff enjoys engaging in fantasy football, exploring advancements in technology, and playfully teasing his teenage daughters.

More about Jeff Christman