Reading Time: < 1 minute

Two new key features are now available in Azure Firewall, forced tunneling and SQL FQDN filtering. Additionally, the limit for multiple public IP addresses is increasing from 100 to 250 for both DNAT and SNAT.

This feature will be available to Azure Firewall customers by default, so there’s no need to sign up.

Use these features to achieve these scenarios: 

  • Configure a default route ( on the AzureFirewallSubnet or publish a default route to the firewall over BGP, to send all traffic to on-premises or nearby NVA.  
  • Filter outbound SQL traffic using application rules. Support is for SQL proxy mode only. Redirect mode support is tentatively planned for later in 2020. 
  • Use up to 250 public IP addresses with Azure Firewall for both DNAT and SNAT.

These features are included in the Azure Firewall standard SKU, so there is no change in the price.