Exercise - create and configure Azure Firewall
- 15 minutes
Important
Try our Secure Outbound Internet Connectivity click-through demo. This demo shows how to use Azure vNET with Route Server, a network virtual appliance (NVA), and Azure Firewall to inspect and manage traffic originating from Azure VMware Solution and heading to the internet. Try now
Use the following instructions to create and configure Azure Firewall and Route Table.
Deploy Azure Firewall
Follow the instructions to create a new Azure Firewall.
az network vnet subnet create -n AzureFirewallSubnet -g <resource-group-name> --vnet-name <vnet-name> --address-prefix 10.0.1.0/24
az network public-ip create -n <name-for-firewall-pip> -g <resource-group-name> --version IPv4 --sku Standard
az network firewall create -n <name-of-firewall> -g <resource-group-name> --location <your-preferred-azure-region>
az network firewall ip-config create --firewall-name <name-of-firewall> --name <firewall-config-name> --public-ip-address <name-of-firewall-pip> --resource-group <resource-group-name> --vnet-name <vnet-name>
az network firewall update --name <name-of-firewall> --resource-group <resource-group-name>
Create route & route table
Follow the steps to create a new route table and route.
az network route-table create --name <firewall-route-table-name> --resource-group <resource-group-name> --location <your-preferred-azure-region> --disable-bgp-route-propagation true
The following route enables Azure Firewall to have direct internet connectivity:
az network route-table route create --resource-group <resource-group-name> --name <route-name> --route-table-name <firewall-route-table-name> --address-prefix 0.0.0.0/0 --next-hop-type Internet
Associate route table with the Azure Firewall's subnet
Use the following command to apply Route Table and Route on the subnet, which is used to deploy Azure Firewall:
az network vnet subnet update --name AzureFirewallSubnet --resource-group <resource-group-name> --vnet-name <vnet-name> --route-table <firewall-route-table-name>
After setting up Azure Firewall, you'll look at how to generate a default route, which enables internet connectivity through Azure Firewall, in the next unit.