Your company needs to restrict outgoing traffic from their server using a firewall. They want you to block users from visiting anything besides `https://www.microsoft.com` and they don’t want to allow port 53 outbound from the server. You will create a firewall and connect it to your virtual network as a solution.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a Firewall
- Log in to the Azure portal with the credentials provided.
- Create a new Azure firewall named fw-1.
- Use the existing virtual network provisioned with this lab.
- Create a new public IP for the firewall.
- Match the region of the firewall to the region of the deployed resources in your hands-on-lab.
- Create a Route Table
- Create a new route table name routetable1
- Create a route named route1 that routes all traffic (0.0.0.0/0) to a virtual appliance with a next hop address of your Azure firewall’s private IP.
- Configure Rule Collections for Firewall
- Add a NAT rule that will route traffic from the firewall public IP to the private IP of the server over 3389 (RDP).
- Add a network rule to allow
UDP port 53outbound to Google public DNS servers (8.8.8.8and8.8.4.4). - Configure an application rule collection to allow
www.microsoft.com. - Add the public DNS servers to the network interface of the virtual machine.
- Test Connectivity
- Log in to the server using the public IP address of the firewall. Success in this validates our NAT (Network Address Translation) rule for RDP
- Open Internet Explorer and go to
https://www.microsoft.com. Success in this validates our application rule for HTTP and HTTPS to this website. - Test DNS using
nslookup -type=TXT test.dns.google.com. dns.google.to find that we are successfully using the Google DNS servers. Success in this validates our network rule for DNS traffic on port 53/UDP.
