Shulou(Shulou.com)06/03 Report--

What this article shares with you is the detailed deployment tutorial of Azure Firewall. I believe most people do not know how to deploy it. In order to let you learn, I have summarized the following contents. Without saying much, let's read on.

The following is an overview of the architecture:

Create a resource group

First, we need to create a resource group that is used to host all the resources for this lab. Open Azure Portal and click "Resource Group"-"New Resource Group"

Subscription: select the Azure subscription we use

Resource group name: enter the name of the resource group you want to use

Areas: select the location where the asset is created

Then click create:

Create a virtual network

We need to create a virtual network with three subnets, as follows:

Name: type the friendly namespace address space for this virtual network: enter the desired address space subscription: select your Azure subscription resource group: select the RG location we created earlier: select the location subnet where the resource is located: this step is very important because you must use a fixed name named "AzureFirewallSubnet".

After creating the virtual network, we also need to create a second subnet (SRV-VNet 10.1.2.0Uniple 24) and a third subnet (Jump 10.1.3.0Uniple 24), as shown in the following figure:

Create a virtual machine

In the previous steps, we created a resource group and a virtual network with three subnets. Now we need to create two virtual machines. The first is the Jump server that will be used to connect to the second virtual machine. The Jump machine is called "JUMP01"

Use the Azure wizard to create a virtual machine:

In the Network area, select Jump-VNet and create a new Public IP address to access the Jump server from Internet. In addition, we need to allow the RDP protocol:

Create a virtual machine 16SRV01 using the same steps as above:

This virtual machine must be in the "SRV-VNet" subnet and we do not need to open any public inbound ports.

Deploy Azure Firewall

Next we need to start deploying Azure Firewall. Click "all Services" in Azure Portal and search for "Firewalls":

Click "add" to create the Aazure Firewall we need and enter the following information: select your Azure subscription Select the previously created resource group enter the friendly name of the firewall select the previously created virtual network and don't forget to create a public IP address

After the creation is completed, as shown in the following figure, we need to record the private IP of this firewall for subsequent configuration:

Create routing tabl

Search for "routing table" in Azure Portal:

Create a new routing table called "Go-To-Firewall". This routing table will contain the default route that the server will choose to route traffic

After you create the routing table, you must associate the server subnet to this routing table. Go to the Subnet section and click Associate

Select Virtual Network and Subnet:

After the configuration is completed, it is shown in the following figure:

Now we must add a default route to the virtual appliance. Go to the alignments section and click add:

Enter the following information:

Route name: it is a friendly name address prefix for the default route: to indicate the default route, you must enter 0.0.0.0ram 0 next hop type: select "virtual device" next hop address: enter the previously copied private IP address

After the configuration is completed, it is shown in the following figure:

Create an application rule collection

The firewall is deployed, so we can add application rules to filter outbound Web traffic. Go to the rules section and click add Application Rule Collection:

Enter a friendly name for this rule, then set the priority and select an action (allow or deny). Next, you must specify the source address, protocol, and destination FQDN.

In my case, I want to allow network traffic from the 16SRV01 virtual machine to www.mspcloud.club.

To parse FQDN, the computer must be able to contact the DNS server. In this article, I created a network rule that allows DNS requests from the server subnet to the OpenDNS server.

Test the firewall

First, we need to connect to the Jump server from the public IP address, and then I can launch a new MSTSC window to connect to the SRV01 machine using a private IP address.

The final step is to examine the application rules that were previously created in the Azure firewall. I just need to open a Web browser and enter the website URL.

In my case, I can confirm that my blog is replying, but if I try to browse Google, an error message will be displayed. I should create an application rule that allows www.google.com.

With Azure Firewall, you can protect Azure resources very easily and quickly. You can also automate tasks using Azure PowerShell.

Azure Firewall allows you to create application rules and network rules to control inbound and outbound network traffic. These are the detailed tutorials for deploying and configuring Azure Firewall. Have you learned anything after reading them? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.