{"id":2410,"date":"2022-02-18T15:22:02","date_gmt":"2022-02-18T15:22:02","guid":{"rendered":"https:\/\/exceedthecloud.com\/?p=2410"},"modified":"2022-02-18T16:21:42","modified_gmt":"2022-02-18T16:21:42","slug":"deploy-and-configure-azure-firewall-using-the-azure-portal","status":"publish","type":"post","link":"https:\/\/exceedthecloud.com\/?p=2410","title":{"rendered":"Deploy and configure Azure Firewall using the Azure portal"},"content":{"rendered":"\n<p>Being part of the Network Security team at Exceedlabs, your next task is to create firewall rules to allow\/deny access to certain websites. The following steps walk you through creating a resource group, a virtual network and subnets, and a virtual machine as environment preparation tasks, and then deploying a firewall and firewall policy, configuring default routes and application, network and DNAT rules, and finally testing the firewall.<\/p>\n\n\n\n<p>In this lab, you will:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Task 1: Create a resource group<\/li><li>Task 2: Create a virtual network and subnets<\/li><li>Task 3: Create a virtual machine<\/li><li>Task 4: Deploy the firewall and firewall policy<\/li><li>Task 5: Create a default route<\/li><li>Task 6: Configure an application rule<\/li><li>Task 7: Configure a network rule<\/li><li>Task 8: Configure a Destination NAT (DNAT) rule<\/li><li>Task 9: Change the primary and secondary DNS address for the server\u2019s&nbsp;network interface<\/li><li>Task 10: Test the firewall<\/li><\/ul>\n\n\n\n<p>Prerequisites for this labs :&nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-us\/free\/\" target=\"_blank\" rel=\"noreferrer noopener\">Azure Account<\/a>&nbsp;\/&nbsp;<a href=\"https:\/\/github.com\/marcelin-ndjila\/Practical-Labs-Series\/blob\/master\/Azurelabs07.zip\" target=\"_blank\" rel=\"noreferrer noopener\">Download Labs Files here<\/a><\/p>\n\n\n\n<p><strong>Task 1: Create a resource group<\/strong><\/p>\n\n\n\n<p>In this task, you will create a new resource group.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Log in to your Azure account.<\/li><li>On the Azure portal home page, select <strong>Resource groups<\/strong>.<\/li><li>Click <strong>Create<\/strong>.<\/li><li>On the <strong>Basics<\/strong> tab, in <strong>Resource group<\/strong>, enter <strong>Test-FW-RG<\/strong>.<\/li><li>In <strong>Region<\/strong>, select your region from the list.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"587\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture1-7.png\" alt=\"\" class=\"wp-image-2411\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture1-7.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture1-7-300x282.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Click <strong>Review + create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"588\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture2-7.png\" alt=\"\" class=\"wp-image-2412\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture2-7.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture2-7-300x283.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Create<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Task 2: Create a virtual network and subnets<\/strong><\/p>\n\n\n\n<p>In this task, you will create a single virtual network with two subnets.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the Azure portal home page, in the search box, type <strong>virtual network<\/strong> and select <strong>Virtual Network<\/strong> when it appears.<\/li><li>Click <strong>Create<\/strong>.<\/li><li>Select the <strong>Test-FW-RG<\/strong> resource group you created previously.<\/li><li>In the <strong>Name<\/strong> box, enter <strong>Test-FW-VN<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"570\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture3-7.png\" alt=\"\" class=\"wp-image-2413\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture3-7.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture3-7-300x274.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Next: IP Addresses<\/strong>. Enter IPv4 address space 10.0.0.0\/16 if not already there by default.<\/li><li>Under <strong>Subnet name<\/strong>, click the word <strong>default<\/strong>.<\/li><li>In the <strong>Edit subnet<\/strong> dialog box, change the name to <strong>AzureFirewallSubnet<\/strong>.<\/li><li>Change the <strong>Subnet address range<\/strong> to <strong>10.0.1.0\/26<\/strong>.<\/li><li>Click <strong>Save<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"307\" height=\"826\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture4-7.png\" alt=\"\" class=\"wp-image-2414\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture4-7.png 307w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture4-7-112x300.png 112w\" sizes=\"auto, (max-width: 307px) 100vw, 307px\" \/><\/figure>\n\n\n\n<p>Click <strong>Add subnet<\/strong>, to create another subnet, which will host the workload server that you will create shortly.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the <strong>Edit subnet<\/strong> dialog box, change the name to <strong>Workload-SN<\/strong>.<\/li><li>Change the <strong>Subnet address range<\/strong> to <strong>10.0.2.0\/24<\/strong>.<\/li><li>Click <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"306\" height=\"822\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture6-6.png\" alt=\"\" class=\"wp-image-2416\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture6-6.png 306w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture6-6-112x300.png 112w\" sizes=\"auto, (max-width: 306px) 100vw, 306px\" \/><\/figure>\n\n\n\n<p>Click <strong>Review + create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"606\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture7-6.png\" alt=\"\" class=\"wp-image-2417\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture7-6.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture7-6-300x291.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Click <strong>Create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"556\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture8-5.png\" alt=\"\" class=\"wp-image-2418\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture8-5.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture8-5-300x267.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Task 3: Create a virtual machine<\/strong><\/p>\n\n\n\n<p>In this task, you will create the workload virtual machine and place it in the Workload-SN subnet created previously.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In the Azure portal, open the <strong>PowerShell<\/strong> session within the <strong>Cloud Shell<\/strong> pane.<\/li><li>In the toolbar of the Cloud Shell pane, select the Upload\/Download files icon, in the drop-down menu, select Upload and upload the following files <strong>firewall.json<\/strong> and <strong>firewall.parameters.json<\/strong> into the Cloud Shell home directory from the source folder <strong>F:\\Allfiles\\Exercises\\M06<\/strong>.<\/li><li>Deploy the following ARM templates to create the VM needed for this exercise:<\/li><\/ul>\n\n\n\n<p>code<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$RGName = \"Test-FW-RG\"\n   \nNew-AzResourceGroupDeployment -ResourceGroupName $RGName -TemplateFile firewall.json -TemplateParameterFile firewall.parameters.json\n<\/code><\/pre>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"144\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture9-5.png\" alt=\"\" class=\"wp-image-2419\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture9-5.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture9-5-300x69.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"3\"><li>When the deployment is complete, go to the Azure portal home page, and then select <strong>Virtual Machines<\/strong>.<\/li><li>Verify that the virtual machine has been created.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"146\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture10-3.png\" alt=\"\" class=\"wp-image-2420\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture10-3.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture10-3-300x70.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"3\"><li>When deployment of the VM completes, select <strong>Go to resource<\/strong>.<\/li><li>On the <strong>Overview<\/strong> page of <strong>Srv-Work<\/strong>, on the right of the page under <strong>Networking<\/strong>, take a note of the <strong>Private IP address<\/strong> for this VM (e.g., <strong>10.0.2.4<\/strong>).<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"410\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture11-3.png\" alt=\"\" class=\"wp-image-2421\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture11-3.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture11-3-300x197.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Task 4: Deploy the firewall and firewall policy<\/strong><\/p>\n\n\n\n<p>In this task, you will deploy the firewall into the virtual network with a firewall policy configured.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the Azure portal home page, select <strong>Create a resource<\/strong>, then in the search box, type <strong>firewall<\/strong> and select <strong>Firewall<\/strong> when it appears.<\/li><li>On the <strong>Firewall<\/strong> page, click <strong>Create<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"432\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture12-2.png\" alt=\"\" class=\"wp-image-2422\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture12-2.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture12-2-300x208.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>On the <strong>Basics<\/strong> tab, create a firewall using the information in the table below.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription<\/td><\/tr><tr><td>Resource group<\/td><td><strong>Test-FW-RG<\/strong><\/td><\/tr><tr><td>Firewall name<\/td><td><strong>Test-FW01<\/strong><\/td><\/tr><tr><td>Region<\/td><td>Your region<\/td><\/tr><tr><td>Firewall tier<\/td><td><strong>Standard<\/strong><\/td><\/tr><tr><td>Firewall management<\/td><td><strong>Use a Firewall Policy to manage this firewall<\/strong><\/td><\/tr><tr><td>Firewall policy<\/td><td>Select <strong>Add new<\/strong><br>Name: <strong>fw-test-pol<\/strong><br>Region: <strong>your region<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"390\" height=\"302\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture13.png\" alt=\"\" class=\"wp-image-2423\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture13.png 390w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture13-300x232.png 300w\" sizes=\"auto, (max-width: 390px) 100vw, 390px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Choose a virtual network<\/strong><\/td><td><strong>Use existing<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Virtual network<\/td><td><strong>Test-FW-VN<\/strong><\/td><\/tr><tr><td>Public IP address<\/td><td>Select <strong>Add new<\/strong><br>Name: <strong>fw-pip<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"308\" height=\"222\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture14.png\" alt=\"\" class=\"wp-image-2424\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture14.png 308w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture14-300x216.png 300w\" sizes=\"auto, (max-width: 308px) 100vw, 308px\" \/><\/figure>\n\n\n\n<p>Review all the settings to ensure they match the screenshot below.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"569\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture15.png\" alt=\"\" class=\"wp-image-2425\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture15.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture15-300x274.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Click <strong>Review + create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"465\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture16.png\" alt=\"\" class=\"wp-image-2426\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture16.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture16-300x224.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Create<\/strong> and wait for the firewall deployment to complete.<\/li><li>When deployment of the firewall is completed, click <strong>Go to resource<\/strong>.<\/li><li>On the <strong>Overview<\/strong> page of <strong>Test-FW01<\/strong>, on the right of the page, take a note of the <strong>Firewall private IP<\/strong> for this firewall (e.g., <strong>10.0.1.4<\/strong>).<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"330\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture17.png\" alt=\"\" class=\"wp-image-2427\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture17.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture17-300x159.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>In the menu on the left, under <strong>Settings<\/strong>, click <strong>Public IP configuration<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"297\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture18.png\" alt=\"\" class=\"wp-image-2428\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture18.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture18-300x143.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Take a note of the address under <strong>IP Address<\/strong> for the <strong>fw-pip<\/strong> public IP configuration (e.g., <strong>40.117.45.243<\/strong>).<\/li><\/ul>\n\n\n\n<p><strong>Task 5: Create a default route<\/strong><\/p>\n\n\n\n<p>In this task, on the Workload-SN subnet, you will configure the outbound default route to go through the firewall.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the Azure portal home page, select <strong>Create a resource<\/strong>, then in the search box, type <strong>route<\/strong> and select <strong>Route table<\/strong> when it appears.<\/li><li>On the <strong>Route table<\/strong> page, click <strong>Create<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"307\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture19.png\" alt=\"\" class=\"wp-image-2429\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture19.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture19-300x148.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Basics<\/strong> tab, create a new route table using the information in the table below.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Subscription<\/td><td>Select your subscription<\/td><\/tr><tr><td>Resource group<\/td><td><strong>Test-FW-RG<\/strong><\/td><\/tr><tr><td>Region<\/td><td>Your region<\/td><\/tr><tr><td>Name<\/td><td><strong>Firewall-route<\/strong><\/td><\/tr><tr><td>Propagate gateway routes<\/td><td><strong>Yes<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\" start=\"2\"><li>Click <strong>Review + create<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"667\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture20.png\" alt=\"\" class=\"wp-image-2430\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture20.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture20-281x300.png 281w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Click <strong>Create<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"629\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture21.png\" alt=\"\" class=\"wp-image-2431\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture21.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture21-298x300.png 298w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture21-150x150.png 150w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>After deployment completes, select <strong>Go to resource<\/strong>.<\/li><li>On the <strong>Firewall-route<\/strong> page, under <strong>Settings<\/strong>, click <strong>Subnets<\/strong> and then click <strong>Associate<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"266\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture22.png\" alt=\"\" class=\"wp-image-2432\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture22.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture22-300x128.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"111\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture23.png\" alt=\"\" class=\"wp-image-2433\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture23.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture23-300x53.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In <strong>Virtual network<\/strong>, select <strong>Test-FW-VN<\/strong>.<\/li><li>In <strong>Subnet<\/strong>, select <strong>Workload-SN<\/strong>. Make sure that you select only the Workload-SN subnet for this route, otherwise your firewall won\u2019t work correctly.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"560\" height=\"828\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture24.png\" alt=\"\" class=\"wp-image-2434\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture24.png 560w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture24-203x300.png 203w\" sizes=\"auto, (max-width: 560px) 100vw, 560px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>OK<\/strong>.<\/li><li>Under <strong>Settings<\/strong>, select <strong>Routes<\/strong> and then click <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"357\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture25.png\" alt=\"\" class=\"wp-image-2435\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture25.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture25-300x172.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"114\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture26.png\" alt=\"\" class=\"wp-image-2436\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture26.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture26-300x55.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>In <strong>Route name<\/strong>, enter <strong>fw-dg<\/strong>.<\/li><li>In <strong>Address prefix<\/strong>, enter <strong>0.0.0.0\/0<\/strong>.<\/li><li>In <strong>Next hop type<\/strong>, select <strong>Virtual appliance<\/strong>.<\/li><li>In <strong>Next hop address<\/strong>, type the private IP address for the firewall that you noted previously (e.g., <strong>10.0.1.4<\/strong>)<\/li><li>Click <strong>OK<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"793\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture27.png\" alt=\"\" class=\"wp-image-2437\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture27.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture27-236x300.png 236w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><strong>Task 6: Configure an application rule<\/strong><\/p>\n\n\n\n<p>In this task, you will add an application rule that allows outbound access to www.google.com.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the Azure portal home page, select <strong>All resources<\/strong>.<\/li><li>In the list of resources, click your firewall policy, <strong>fw-test-pol<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"381\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture28.png\" alt=\"\" class=\"wp-image-2438\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture28.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture28-300x183.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture28-80x50.png 80w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Under <strong>Settings<\/strong>, click <strong>Application Rules<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"272\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture29.png\" alt=\"\" class=\"wp-image-2439\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture29.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture29-300x131.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p>Click <strong>Add a rule collection<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"163\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture30.png\" alt=\"\" class=\"wp-image-2440\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture30.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture30-300x78.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>On the <strong>Add a rule collection<\/strong> page, create a new application rule using the information in the table below.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Name<\/td><td><strong>App-Coll01<\/strong><\/td><\/tr><tr><td>Rule collection type<\/td><td><strong>Application<\/strong><\/td><\/tr><tr><td>Priority<\/td><td><strong>200<\/strong><\/td><\/tr><tr><td>Rule collection action<\/td><td><strong>Allow<\/strong><\/td><\/tr><tr><td>Rule collection group<\/td><td><strong>DefaultApplicationRuleCollectionGroup<\/strong><\/td><\/tr><tr><td><strong>Rules Section<\/strong><\/td><td>&nbsp;<\/td><\/tr><tr><td>Name<\/td><td><strong>Allow-Google<\/strong><\/td><\/tr><tr><td>Source type<\/td><td><strong>IP Address<\/strong><\/td><\/tr><tr><td>Source<\/td><td><strong>10.0.2.0\/24<\/strong><\/td><\/tr><tr><td>Protocol<\/td><td><strong>http,https<\/strong><\/td><\/tr><tr><td>Destination type<\/td><td><strong>FQDN<\/strong><\/td><\/tr><tr><td>Destination<\/td><td><strong>www.google.com<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"465\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture31.png\" alt=\"\" class=\"wp-image-2441\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture31.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture31-300x224.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Task 7: Configure a network rule<\/strong><\/p>\n\n\n\n<p>In this task, you will add a network rule that allows outbound access to two IP addresses at port 53 (DNS).<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>fw-test-pol<\/strong> page, under <strong>Settings<\/strong>, click <strong>Network Rules<\/strong>.<\/li><li>Click <strong>Add a rule collection<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"258\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture32.png\" alt=\"\" class=\"wp-image-2442\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture32.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture32-300x124.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Add a rule collection<\/strong> page, create a new network rule using the information in the table below.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Name<\/td><td><strong>Net-Coll01<\/strong><\/td><\/tr><tr><td>Rule collection type<\/td><td><strong>Network<\/strong><\/td><\/tr><tr><td>Priority<\/td><td><strong>200<\/strong><\/td><\/tr><tr><td>Rule collection action<\/td><td><strong>Allow<\/strong><\/td><\/tr><tr><td>Rule collection group<\/td><td><strong>DefaultNetworkRuleCollectionGroup<\/strong><\/td><\/tr><tr><td><strong>Rules Section<\/strong><\/td><td>&nbsp;<\/td><\/tr><tr><td>Name<\/td><td><strong>Allow-DNS<\/strong><\/td><\/tr><tr><td>Source type<\/td><td><strong>IP Address<\/strong><\/td><\/tr><tr><td>Source<\/td><td><strong>10.0.2.0\/24<\/strong><\/td><\/tr><tr><td>Protocol<\/td><td><strong>UDP<\/strong><\/td><\/tr><tr><td>Destination Ports<\/td><td><strong>53<\/strong><\/td><\/tr><tr><td>Destination Type<\/td><td><strong>IP Address<\/strong><\/td><\/tr><tr><td>Destination<\/td><td><strong>209.244.0.3, 209.244.0.4<\/strong><br>These are public DNS servers operated by Century Link<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"468\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture33.png\" alt=\"\" class=\"wp-image-2443\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture33.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture33-300x225.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Task 8: Configure a Destination NAT (DNAT) rule<\/strong><\/p>\n\n\n\n<p>In this task, you will add a DNAT rule that allows you to connect a remote desktop to the Srv-Work virtual machine through the firewall.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>fw-test-pol<\/strong> page, under <strong>Settings<\/strong>, click <strong>DNAT Rules<\/strong>.<\/li><li>Click <strong>Add a rule collection<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"241\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture34.png\" alt=\"\" class=\"wp-image-2444\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture34.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture34-300x116.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the <strong>Add a rule collection<\/strong> page, create a new DNAT rule using the information in the table below.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>Setting<\/strong><\/td><td><strong>Value<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Name<\/td><td><strong>rdp<\/strong><\/td><\/tr><tr><td>Rule collection type<\/td><td><strong>DNAT<\/strong><\/td><\/tr><tr><td>Priority<\/td><td><strong>200<\/strong><\/td><\/tr><tr><td>Rule collection group<\/td><td><strong>DefaultDnatRuleCollectionGroup<\/strong><\/td><\/tr><tr><td><strong>Rules Section<\/strong><\/td><td>&nbsp;<\/td><\/tr><tr><td>Name<\/td><td><strong>rdp-nat<\/strong><\/td><\/tr><tr><td>Source type<\/td><td><strong>IP Address<\/strong><\/td><\/tr><tr><td>Source<\/td><td>*<\/td><\/tr><tr><td>Protocol<\/td><td><strong>TCP<\/strong><\/td><\/tr><tr><td>Destination Ports<\/td><td><strong>3389<\/strong><\/td><\/tr><tr><td>Destination Type<\/td><td><strong>IP Address<\/strong><\/td><\/tr><tr><td>Destination<\/td><td>Enter the firewall public IP address from <strong>fw-pip<\/strong> that you noted earlier.<br><strong>e.g. \u2013 40.117.45.243<\/strong><\/td><\/tr><tr><td>Translated address<\/td><td>Enter the private IP address from <strong>Srv-Work<\/strong> that you noted earlier.<br><strong>e.g. &#8211; 10.0.2.4<\/strong><\/td><\/tr><tr><td>Translated port<\/td><td><strong>3389<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"468\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture35.png\" alt=\"\" class=\"wp-image-2445\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture35.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture35-300x225.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>Add<\/strong>.<\/li><\/ul>\n\n\n\n<p><strong>Task 9: Change the primary and secondary DNS address for the server\u2019s&nbsp;network interface<\/strong><\/p>\n\n\n\n<p>For testing purposes in this exercise, in this task, you will configure the Srv-Work server\u2019s primary and secondary DNS addresses. However, this is not a general Azure Firewall requirement.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>On the Azure portal home page, select <strong>Resource groups<\/strong>.<\/li><li>In the list of resource groups, click your resource group, <strong>Test-FW-RG<\/strong>.<\/li><li>In the list of resources in this resource group, select the network interface for the <strong>Srv-Work<\/strong> virtual machine (e.g., <strong>srv-work<\/strong>).<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"374\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture36.png\" alt=\"\" class=\"wp-image-2446\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture36.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture36-300x180.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Under <strong>Settings<\/strong>, select <strong>DNS servers<\/strong>.<\/li><li>Under <strong>DNS servers<\/strong>, select <strong>Custom<\/strong>.<\/li><li>Type <strong>209.244.0.3<\/strong> in the <strong>Add DNS server<\/strong> text box, and <strong>209.244.0.4<\/strong> in the next text box.<\/li><li>Select <strong>Save<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"456\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture37.png\" alt=\"\" class=\"wp-image-2447\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture37.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture37-300x219.png 300w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Restart the <strong>Srv-Work<\/strong> virtual machine.<\/li><\/ul>\n\n\n\n<p><strong>Task 10: Test the firewall<\/strong><\/p>\n\n\n\n<p>In this final task, you will test the firewall to verify that the rules are configured correctly and working as expected. This configuration will enable you to connect a remote desktop connection to the Srv-Work virtual machine through the firewall, via the firewall\u2019s public IP address.<\/p>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Open <strong>Remote Desktop Connection<\/strong> on your PC.<\/li><li>In the <strong>Computer<\/strong> box, enter the firewall\u2019s public IP address (e.g., <strong>40.117.45.243<\/strong>) followed by <strong>:3389<\/strong> (e.g., <strong>40.117.45.243:3389<\/strong>).<\/li><li>In the <strong>Username<\/strong> box, enter <strong>TestUser<\/strong>.<\/li><li>Click <strong>Connect<\/strong>.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"401\" height=\"470\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture38.png\" alt=\"\" class=\"wp-image-2448\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture38.png 401w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture38-256x300.png 256w\" sizes=\"auto, (max-width: 401px) 100vw, 401px\" \/><\/figure>\n\n\n\n<p>In the <strong>Enter your credentials<\/strong> dialog box, log into the <strong>Srv-Work<\/strong> server virtual machine, by using the password, <strong>TestPa$$w0rd!<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"454\" height=\"336\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture39.png\" alt=\"\" class=\"wp-image-2449\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture39.png 454w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture39-300x222.png 300w\" sizes=\"auto, (max-width: 454px) 100vw, 454px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Click <strong>OK<\/strong>.<\/li><li>Click <strong>Yes<\/strong> on the certificate message.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"387\" height=\"397\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture40.png\" alt=\"\" class=\"wp-image-2450\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture40.png 387w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture40-292x300.png 292w\" sizes=\"auto, (max-width: 387px) 100vw, 387px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Open Internet Explorer and browse to <strong>https:\/\/www.google.com<\/strong>.<\/li><li>In the <strong>Security Alert<\/strong> dialog box, click <strong>OK<\/strong>.<\/li><li>Click <strong>Close<\/strong> on the Internet Explorer security alerts that may pop-up.<\/li><li>You should see the Google home page.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"385\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture41.png\" alt=\"\" class=\"wp-image-2451\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture41.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture41-300x185.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture41-80x50.png 80w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\" type=\"1\"><li>Browse to <strong>https:\/\/www.microsoft.com<\/strong>.<\/li><li>You should be blocked by the firewall.<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"624\" height=\"381\" src=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture42.png\" alt=\"\" class=\"wp-image-2452\" srcset=\"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture42.png 624w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture42-300x183.png 300w, https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/Picture42-80x50.png 80w\" sizes=\"auto, (max-width: 624px) 100vw, 624px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Congratulations! You have configured and tested an Azure Firewall.<\/p>\n\n\n\n<p><mark class=\"kt-highlight\"><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-virtue-primary-color\">Reminder: Don&#8217;t forget to delete or shutdown all unused Azure resources after your labs for cost saving<\/mark><\/mark><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Being part of the Network Security team at Exceedlabs, your next task is to create firewall rules to allow\/deny access to certain websites. The following steps walk you through creating a resource group, a virtual network and subnets, and a &hellip; <a href=\"https:\/\/exceedthecloud.com\/?p=2410\">Continued<\/a><\/p>\n","protected":false},"author":1,"featured_media":2454,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"kt_blocks_editor_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[17,4,18,19],"tags":[33,95,96,35,31],"class_list":["post-2410","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networking","category-practical-labs-series","category-security","category-virtual-machines","tag-dns","tag-firewall","tag-nat","tag-virtual-machines","tag-virtual-network"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/exceedthecloud.com\/wp-content\/uploads\/2022\/02\/istockphoto-1289956604-170667a.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2410"}],"version-history":[{"count":5,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2410\/revisions"}],"predecessor-version":[{"id":2472,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/posts\/2410\/revisions\/2472"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=\/wp\/v2\/media\/2454"}],"wp:attachment":[{"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/exceedthecloud.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}