Protect the web application from malicious traffic and block unauthorized access in Azure

To create an Azure Firewall subnet in the existing virtual network enter and select Virtual networks in the search bar.

Select app-vnet.

Select Subnets.

Select + Subnet.

Enter the required information and select Save.
Property Value
Name AzureFirewallSubnet
Address range 10.1.63.0/24

To Create an Azure Firewall enter and select Firewall in the Azure search portal.

Select + Create.

Create a firewall by using the values in the following table. Use the default for any property that is not specified.

Property Value:
Resource group -- RG1
Name -- app-vnet-firewall
Firewall SKU -- Standard
Firewall management -- Use a Firewall Policy to manage this firewall
Firewall policy -- select Add new
Policy name -- fw-policy
Region -- East US
Policy Tier -- Standard
Choose a virtual network -- Use existing
Virtual network -- app-vnet (RG1)
Public IP address -- Add new: fwpip

Select Review + create and then select Create.

To update the Firewall Policy enter and select Firewall Policies in the search bar.

Select fw-policy.

Select Application rules.

Click on ”+ Application rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-rule-collection
Rule collection type -- Application
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultApplicationRuleCollectionGroup

Under rules use the values with the following information:

Property Value:
Name -- AllowAzurePipelines
Source type -- IP address
Source -- 10.1.0.0/23
Protocol -- https
Destination type -- FQDN
Destination -- dev.azure.com, azure.microsoft.com
and press Add

To create a network rule collection that contains a single IP Address rule by using the values in the following table. Use the default for any property that is not specified.

Select Network rules.

Select on ”+ Network rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-nrc-dns
Rule collection type -- Network
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultNetworkRuleCollectionGroup

Under rules use the values with the following information:

Property -- Value
Rule -- AllowDns
Source -- 10.1.0.0/23
Protocol -- UDP
Destination ports -- 53
Destination addresses -- 1.1.1.1, 1.0.0.1
And select Add.

To verify that the Azure Firewall and Firewall Policy provisioning state show Succeeded enter and select app-vnet-firewall and fw-policy respectively then validate that the provisioning state is succeeded.