Shulou(Shulou.com)06/03 Report--

First of all, around our architecture diagram, what we want to achieve this time is to do SNAT and DNAT through FW. Suppose we have a web server connected to the VNET or peering where the FW is located, and we want to be able to control the flow through FW, so we need to do DNAT implementation. If our web server in VNET wants to access internet through FW, it needs SNAT, which can be implemented through configuration. Let's talk about how to play.

Let's not talk about the creation of VNET. Let's first take a look at how to build Firewall. Firewall creation is very simple and can be created manually in Portal. Note that FW needs a subnet named AzureFirewallSubnet in VNET, so you need to create subnet manually first.

Create a subnet

After you have a subnet, you can create a FW normally.

And then FW was created.

After FW is created, it will not take effect directly. We need to configure some rules to allow network traffic to pass through FW. First, let's see how inbound traffic passes through FW. If you want inbound traffic to pass through FW, we need to implement DNAT. You can configure NAT rules directly in FW.

Peering VNET with region has a web server, which can be accessed through the public network.

Our goal is to let the traffic accessing the web server first pass through FW, and then go to the web server. Let's take a look at how to implement this DNAT. First, add NAT rules directly to the rules.

We need to pay attention to the principles of configuration here.

Destination address: the public network IP of the firewall

Translated address: private network IP of web server

Translated port: Port of the web server

After the configuration is completed, you can directly access the address of the firewall and the web server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.