As organizations continue to expand their workloads in Azure, outbound connectivity has become a key part of maintaining both performance and security. Many applications rely on large volumes of outbound connections—whether reaching external APIs, SaaS platforms, update services, or partner systems. As these environments grow, managing those outbound flows reliably becomes increasingly important.
To help customers meet these demands, Cloud NGFW for Azure now integrates seamlessly with Zone Redundant Azure NAT Gateway. This combination provides a much more scalable and efficient way to handle egress traffic while maintaining strong security controls.
Every outbound connection requires an SNAT port. In highly distributed applications, thousands of simultaneous outbound flows are common. If the platform doesn’t have enough SNAT ports available, you may run into issues like:
These issues often stem from SNAT port exhaustion rather than the application itself.
Azure NAT Gateway is explicitly designed to handle large-scale outbound connectivity. It offers:
This makes NAT Gateway a strong fit for any environment where outbound scale and reliability matter.
Cloud NGFW for Azure provides security inspection, and Azure NAT Gateway handles outbound NAT scaling. Together, they create a streamlined path for secure and high-capacity egress.
Outbound traffic from spoke VNets is routed to Cloud NGFW for inspection. Once Cloud NGFW allows the connection, the NAT Gateway automatically handles SNAT and sends the traffic out to the internet. No manual NAT rule creation or port management is required.
Integration is a simple process, as shown below and demonstrated in this video walkthrough.
Any outbound traffic inspected by Cloud NGFW will automatically exit through the NAT Gateway without additional configuration or routing changes.
Note: This integration is currently supported only with the VNet deployment model.
No need to tune NAT settings or manage large numbers of public IPs.
Cloud NGFW inspects every outbound connection before it leaves your environment.
Customers can now choose between Cloud NGFW’s built-in SNAT or Azure NAT Gateway, depending on scale and architecture needs.
Azure manages the SNAT pool and scaling; Cloud NGFW manages the security. You focus on your applications.
This integration gives customers a clean, scalable, and secure outbound model for Azure deployments. Cloud NGFW provides security intelligence and policy enforcement. At the same time, Azure NAT Gateway ensures your applications can make as many outbound connections as they need—without running into SNAT port limits or throughput constraints.
