Your company needs to restrict outgoing traffic from their server using a firewall. They want you to block users from visiting anything besides `https://microsoft.com` and they don’t want to allow port 53 outbound from the server. You will create a firewall and connect it to your virtual network as a solution.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create a Firewall
- Log in to the Azure portal with the credentials provided.
- Create a new Azure firewall named AZ-FW.
- Use the existing virtual network provisioned with this lab.
- Create a new public IP for the firewall.
- Create a Route Table
- Create a new route table.
- Route all traffic (0.0.0.0/0) to a virtual appliance (your Azure firewall’s private IP).
- Configure Rule Collections for Firewall
- Configure an application rule collection to allow
www.microsoft.com
. - Add a network rule to allow
UDP port 53
outbound to Google public DNS servers (8.8.8.8
and8.8.4.4
). - Add a NAT rule that will route traffic from the firewall public IP to the private IP of the server over 3389 (RDP).
- Add the public DNS servers to the network interface of the server.
- Configure an application rule collection to allow
- Test Connectivity
- Log in to the server using the public IP address of the firewall.
- Open Internet Explorer and go to
https://www.microsoft.com
. - Test DNS.