Introduction:
In the previous part, we configured basic firewall rules for your Azure web application. Now, we'll establish routes to ensure all outbound traffic from your application subnets is directed through the Azure Firewall for enhanced security.
Recording Firewall IP Addresses
- In the Azure portal search bar, type Firewall and select Firewall.
- Choose your application firewall.
-
On the firewall's overview page, locate the Private IP address. Copy and paste this address into a secure notepad for later use.
Creating a Route Table
-
Search for Route Tables in the portal and click + Create.
Configure a name for your route table (e.g., App-Vnet-Route-Table).
-
Click Review + create and then Create to deploy the route table.
Associating Subnets with the Route Table
- Navigate to the newly created route table and click on Go to resource.
-
Under Settings, select Subnets and then click Associate.
-
In the association window, choose your application virtual network and select both the frontend subnet and backend subnet. Click OK to associate them.
Creating a Route for Firewall Traffic
-
Within the route table settings, navigate to Routes and click Add.
-
Configure the route details as follows:
- Name: Choose a descriptive name (e.g., Route-to-Firewall)
- Destination type: Select IP addresses
- Destination prefix: Enter 0.0.0.0/0 (this captures all outbound traffic)
- Next hop type: Choose Virtual appliance
- Next hop IP address: Paste the private IP address of your Azure Firewall copied earlier.
-
Click Add to create the route.
Conclusion
By associating the route table with your application virtual network subnets and creating a route with the firewall's private IP as the next hop, we've ensured that all outbound traffic from your application will be directed through the Azure Firewall for inspection and filtering. This strengthens the overall security posture of your web application.
For the last post of this series we'll look at using Internal DNS resolution for the virtual network.
Top comments (0)