Skip to content

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.
  • Labs icon Lab
  • A Cloud Guru
Azure icon

Configure Application-Level Rules within Azure Firewall

Azure Firewall is a cloud-native network security service that can be used to protect your Azure Virtual Network resources. Devices on a Virtual Network, such as Virtual Machines, by default, have access to the Internet (but usually not the other way around). Azure Firewall allows you to control access to the Internet from your Virtual Machines. In this lab, we will create an application-level rule in an Azure Firewall deployed in a Virtual Network to allow the Virtual Machine(s) to have access to a specific internet site. The preconfigured network will consist of three subnets, one with a jump box that you can remote into, another subnet with an application server, and the third subnet with the Azure Firewall. We will remote int the jump box, and from there remote into the application server. Once there, we will see that access to the Internet is disabled. We will then open a connection to in the firewall and then check that the application server can now access it.

Azure icon

Path Info

Clock icon Intermediate
Clock icon 45m
Clock icon Jul 23, 2020

Contact sales

By filling out this form and clicking submit, you acknowledge our privacy policy.

Table of Contents

  1. Challenge

    Log in to the Azure Portal

    Log in to the Azure Portal using the username and password supplied by the lab.

    1. Open a browser.
    2. Navigate to the provided Azure Portal URL.
    3. Use the supplied username and password to authenticate.
  2. Challenge

    Remote into the Jump VM

    When you sign in to the VM with RDP, use the credentials provided on the lab page.

  3. Challenge

    Remote into the Work VM from the Jump VM

    From the Srv-Jump, remote into Srv-Work using Remote Desktop. Use the credentials for the Srv-work server provided on the lab page.

  4. Challenge

    Attempt to Open from the Work VM

    1. Open Internet Explorer.
    2. When asked, select use default Internet Explorer security options.
    3. Enter in the address bar and press enter.

    The browser will display a message that access to the site is denied.

  5. Challenge

    Configure the Firewall Rule to Allow Access to from the Work VM

    In the Azure Portal, navigate to the firewall resource and configure a rule to allow access to the target FQDN of for http and https traffic from anywhere within the linked virtual network.

    • Add application rule collection
    • Application rule collection Name: appcollection
    • Priority: 100
    • Target FQDNs name: wwwgooglecom
  6. Challenge

    Retry Opening from the Work VM

    In the browser on the Work VM, refresh the page for We can now access the site, although we'll get a lot of questions from Internet Explorer about allowing access and content being blocked. That's ok. It's a response to finally being allowed through the firewall.

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Provided environment for hands-on practice

We will provide the credentials and environment necessary for you to practice right within your browser.

Guided walkthrough

Follow along with the author’s guided walkthrough and build something new in your provided environment!

Did you know?

On average, you retain 75% more of your learning if you get time for practice.

Start learning by doing today

View Plans