To create an Azure Firewall subnet in the existing virtual network enter and select Virtual networks in the search bar.
Select app-vnet.
Select Subnets.
Select + Subnet.
Enter the required information and select Save.
Property Value
Name AzureFirewallSubnet
Address range 10.1.63.0/24
To Create an Azure Firewall enter and select Firewall in the Azure search portal.
Select + Create.
Create a firewall by using the values in the following table. Use the default for any property that is not specified.
Property Value:
Resource group -- RG1
Name -- app-vnet-firewall
Firewall SKU -- Standard
Firewall management -- Use a Firewall Policy to manage this firewall
Firewall policy -- select Add new
Policy name -- fw-policy
Region -- East US
Policy Tier -- Standard
Choose a virtual network -- Use existing
Virtual network -- app-vnet (RG1)
Public IP address -- Add new: fwpip
Select Review + create and then select Create.
To update the Firewall Policy enter and select Firewall Policies in the search bar.
Select fw-policy.
Select Application rules.
Click on ”+ Application rule collection”.
Use the values in the following table. Use the default for any property that is not specified.
Property Value:
Name -- app-vnet-fw-rule-collection
Rule collection type -- Application
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultApplicationRuleCollectionGroup
Under rules use the values with the following information:
Property Value:
Name -- AllowAzurePipelines
Source type -- IP address
Source -- 10.1.0.0/23
Protocol -- https
Destination type -- FQDN
Destination -- dev.azure.com, azure.microsoft.com
and press Add
To create a network rule collection that contains a single IP Address rule by using the values in the following table. Use the default for any property that is not specified.
Select Network rules.
Select on ”+ Network rule collection”.
Use the values in the following table. Use the default for any property that is not specified.
Property Value:
Name -- app-vnet-fw-nrc-dns
Rule collection type -- Network
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultNetworkRuleCollectionGroup
Under rules use the values with the following information:
Property -- Value
Rule -- AllowDns
Source -- 10.1.0.0/23
Protocol -- UDP
Destination ports -- 53
Destination addresses -- 1.1.1.1, 1.0.0.1
And select Add.
To verify that the Azure Firewall and Firewall Policy provisioning state show Succeeded enter and select app-vnet-firewall and fw-policy respectively then validate that the provisioning state is succeeded.
Top comments (0)