Exercise - Deploy Azure Firewall

  • 15 minutes

In this unit, you'll create the firewall in its own virtual network. Then, you'll peer that virtual network with the virtual network used by your Azure Virtual Desktop.

Create a virtual network and subnet for Azure Firewall

Create a virtual network that acts as the central connectivity point or hub for Azure Firewall.

  1. In the Azure portal, search for and select Virtual networks.

  2. Select + Create.

  3. Enter the following information:

    Field Value
    Subscription Your subscription
    Resource group learn-firewall-rg
    Name firewallVNet
    Region Same region as your resource group

    Screenshot showing the information to include when creating a virtual network.

  4. Select the IP Addresses tab at the top of the screen.

  5. Change the address from 10.0.0.0 to 10.1.0.0.

  6. Under Subnets, select the Default link.

  7. Select Azure Firewall in the Subnet purpose drop-down.

  8. Change the Starting address to 10.1.0.0.

  9. Leave the rest of the values as the defaults.

  10. Select Save.

  11. Select Review + create and wait for validation to pass.

  12. Select Create.

  13. After the deployment is complete, select Go to resource.

Peer virtual networks

Connect the hub virtual network with the virtual network used by the host pool by peering them.

  1. In firewallVNet, under Settings, select Peerings.

  2. Select + Add.

  3. Enter the following information:

    Field Value
    This virtual network: Peering link name firewallVNet-hostVNet
    Remote virtual network: Peering link name remote-firewallVNet-hostVNet
    Subscription Your subscription
    Virtual network hostVNet

  4. Select Allow 'hostVNet' to receive forwarded traffic from 'firewallVNet'.

    Screenshot showing the information to include when adding a peering.

    Use the default values for the rest of the fields.

  5. Select Add.

Deploy Azure Firewall

Now that you have the virtual networks created and peered, deploy Azure Firewall.

  1. In the Azure portal, search for and select Firewalls.

  2. Select + Create to create a firewall.

  3. Enter the following information to configure the firewall:

    Field Value
    Subscription Select your subscription
    Resource group learn-firewall-rg
    Name learn-fw
    Region Select the same location that you used previously
    Firewall SKU Standard
    Firewall management Use Firewall rules (classic) to manage this firewall
    Choose a virtual network Use existing: firewallVNet
    Public IP address Add new
    Name: fw-pip

    Use the default values for the rest of the fields.

    Screenshot showing the information to include when creating a firewall.

  4. Select Review + create.

  5. Select Create.

  6. Wait a few minutes for the firewall to deploy.

Check your work

At this point, you have a firewall deployed within its own virtual network, and you've peered that virtual network with the host pool virtual network. Let's take a look at the firewall to copy the private and public IP addresses. You need those IP addresses in the next exercise unit.

  1. After the deployment is complete, select Go to resource.
  2. In the center pane, you see Provisioning state: Succeeded. Screenshot that shows the status and IP addresses for the firewall.
  3. Copy the Firewall private IP address.
  4. Next to Firewall public IP, select fw-pip.
  5. Copy the IP address.