- A Cloud Guru
Configure Application-Level Rules within Azure Firewall
Azure Firewall is a cloud-native network security service that can be used to protect your Azure Virtual Network resources. Devices on a Virtual Network, such as Virtual Machines, by default, have access to the Internet (but usually not the other way around). Azure Firewall allows you to control access to the Internet from your Virtual Machines. In this lab, we will create an application-level rule in an Azure Firewall deployed in a Virtual Network to allow the Virtual Machine(s) to have access to a specific internet site. The preconfigured network will consist of three subnets, one with a jump box that you can remote into, another subnet with an application server, and the third subnet with the Azure Firewall. We will remote int the jump box, and from there remote into the application server. Once there, we will see that access to the Internet is disabled. We will then open a connection to www.google.com in the firewall and then check that the application server can now access it.
Table of Contents
Log in to the Azure Portal
Log in to the Azure Portal using the username and password supplied by the lab.
- Open a browser.
- Navigate to the provided Azure Portal URL.
- Use the supplied username and password to authenticate.
Remote into the Jump VM
When you sign in to the VM with RDP, use the credentials provided on the lab page.
Remote into the Work VM from the Jump VM
Srv-Jump, remote into
Srv-Workusing Remote Desktop. Use the credentials for the
Srv-workserver provided on the lab page.
Attempt to Open www.google.com from the Work VM
- Open Internet Explorer.
- When asked, select use default Internet Explorer security options.
- Enter www.google.com in the address bar and press enter.
The browser will display a message that access to the site is denied.
Configure the Firewall Rule to Allow Access to www.google.com from the Work VM
In the Azure Portal, navigate to the firewall resource and configure a rule to allow access to the target FQDN of www.google.com for http and https traffic from anywhere within the linked virtual network.
- Add application rule collection
- Application rule collection Name: appcollection
- Priority: 100
- Target FQDNs name: wwwgooglecom
Retry Opening www.google.com from the Work VM
In the browser on the Work VM, refresh the page for www.google.com. We can now access the site, although we'll get a lot of questions from Internet Explorer about allowing access and content being blocked. That's ok. It's a response to finally being allowed through the firewall.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.