Attach a Firewall to a Virtual Network in Azure

Note: Please use the Policy-based rules; otherwise, the lab will not grade correctly. Note: The firewall resource can take around 45 minutes to deploy

1. Log in to the Azure portal with the credentials provided.
2. Create a new Azure firewall named fw-1.
3. Use the existing virtual network provisioned with this lab.
4. Create a new public IP for the firewall.
5. Match the region of the firewall to the same region as the lab-provided resource group.

1. Create a new route table named routetable1.
2. Create a route named route1 that routes all traffic (0.0.0.0/0) to a virtual appliance with a next hop address of your Azure firewall's private IP.
3. Associate routetable1 with the lab-VM-VNET virtual network and the default subnet.

1. Add a DNAT rule that will route traffic from the firewall public IP to the private IP of the server over 3389 (RDP).
   • Name the collection natcollection.
   • Name the rule rdp.
2. Add a network rule to allow UDP port 53 outbound to Google public DNS servers (8.8.8.8 and 8.8.4.4).
   • Name the collection netcollection.
   • Name the rule dns.
3. Configure an application rule collection to allow www.microsoft.com from the default subnet CIDR over the http and https protocols under Target FQDNs.
   • Name the collection appcollection.
   • Name the rule wwwmicrosoftcom.
4. Add the public DNS servers to the network interface of the virtual machine (8.8.8.8 and 8.8.4.4).

1. Log in to the server using the public IP address of the firewall. Success in this validates your NAT (Network Address Translation) rule for RDP.
2. Open Internet Explorer and go to https://www.microsoft.com. Success in this validates your application rule for HTTP and HTTPS to this website.
3. Test DNS using nslookup -type=TXT test.dns.google.com. dns.google. to find that you are successfully using the Google DNS servers. Success in this validates the network rule for DNS traffic on port 53 (UDP).