---

@Jim-Shady wrote:

I’m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs don’t typically make use of Azure Firewalls (in my experience). From what I’ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?

Keen to hear from Databricks and other customers too 🙂

---

Hello,
Azure Firewalls offer advanced features like deep packet inspection and threat intelligence, but they can be more expensive than NSGs. NSGs are simpler and more cost-effective for basic traffic filtering within VNets. Your choice depends on your specific security needs and budget.

Best Regards,
Michael Gardner