One-Pager · 17 Services

Azure Networking at a Glance

Every Azure networking service on one page — connectivity, load balancing, security, and DNS. A quick reference for architects building network architectures.

Connectivity

Virtual Network

Foundation of Azure networking. Isolated address space, subnets, NSGs, route tables. Every workload starts here.

FoundationFreeRFC 1918

VPN Gateway

Encrypted tunnels over public internet. Site-to-site, point-to-site, and VNet-to-VNet. Up to 10 Gbps with VpnGw5.

HybridS2S / P2SIPsec/IKE

ExpressRoute

Private dedicated connection to Azure. Bypasses public internet. 50 Mbps to 100 Gbps. Requires connectivity provider.

Enterprise hybridLow latencyPrivate peering

Virtual WAN

Hub-and-spoke at global scale. Unified connectivity for VPN, ExpressRoute, and branch offices. Microsoft-managed routing.

Global WANBranch officesManaged hubs

Load Balancing & Delivery

Load Balancer

Layer 4 (TCP/UDP) load balancing. Ultra-low latency, millions of flows. Internal and public SKUs.

L4 trafficHA portsRegional

Application Gateway

Layer 7 load balancer with WAF. URL-based routing, SSL termination, session affinity, autoscaling.

Web appsWAF v2Regional

Front Door

Global Layer 7 load balancer + CDN + WAF. Anycast routing, SSL offload, caching, URL rewrite.

Global appsCDN + WAFEdge PoPs

Traffic Manager

DNS-based global traffic routing. Priority, weighted, geographic, performance, and subnet methods.

DNS failoverMulti-regionDNS-level

Network Security

Azure Firewall

Managed stateful firewall. FQDN filtering, threat intelligence, network/application rules. Standard and Premium SKUs.

Centralized FWFQDN filteringManaged

DDoS Protection

Volumetric attack mitigation at the Azure edge. Always-on detection, adaptive tuning, cost protection guarantee.

DDoS mitigationAlways-onCost protect

Private Link

Access Azure PaaS services over a private endpoint in your VNet. Traffic stays on Microsoft backbone, no public exposure.

Private PaaSZero trustNo public IP

Bastion

Fully managed jump host. RDP/SSH to VMs without public IPs. Browser-based, no client needed, audit logging.

Secure accessNo public IPBrowser RDP

DNS & Monitoring

Azure DNS

Host DNS zones on Azure infrastructure. Public and private zones, alias records, DNSSEC support.

DNS hosting100% SLAAlias records

Private DNS Zones

Name resolution inside VNets without custom DNS servers. Auto-registration for VMs, cross-VNet linking.

Internal DNSAuto-registerVNet-linked

Network Watcher

Monitor, diagnose, and gain insights into your network. NSG flow logs, packet capture, connection troubleshoot.

DiagnosticsFlow logsTopology

NAT Gateway

Managed outbound internet connectivity for VNets. Static public IPs, SNAT port exhaustion prevention.

Outbound NATStatic IPNo SNAT issues

Quick Comparison — Load Balancing

Service	Layer	Scope	WAF	Best For
Load Balancer	L4	Regional	—	TCP/UDP, HA ports, internal traffic
Application Gateway	L7	Regional	✓ v2	Web apps, URL routing, SSL offload
Front Door	L7	Global	✓	Global apps, CDN, multi-region failover
Traffic Manager	DNS	Global	—	DNS-based failover, geo-routing