Merge pull request #207883 from mumian/0811-firewall-multi-addresses

Court72 · web-flow · commit 07d06e7dbe3a · 2022-08-24T11:38:15.000-06:00
[Azure Firewall multiple IPS] - Bicep quickstart
diff --git a/articles/firewall/quick-create-multiple-ip-bicep.md b/articles/firewall/quick-create-multiple-ip-bicep.md
@@ -0,0 +1,92 @@
+---
+title: 'Quickstart: Create an Azure Firewall with multiple public IP addresses - Bicep'
+description: In this quickstart, you learn how to use a Bicep file to create an Azure Firewall with multiple public IP addresses.
+services: firewall
+author: mumian
+ms.service: firewall
+ms.topic: quickstart
+ms.custom: subject-armqs, devx-track-azurepowershell, mode-arm
+ms.author: jgao
+ms.date: 08/11/2022
+---
+
+# Quickstart: Create an Azure Firewall with multiple public IP addresses - Bicep
+
+In this quickstart, you use a Bicep file to deploy an Azure Firewall with multiple public IP addresses from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines.
+
+[!INCLUDE [About Bicep](../../includes/resource-manager-quickstart-bicep-introduction.md)]
+
+For more information about Azure Firewall with multiple public IP addresses, see [Deploy an Azure Firewall with multiple public IP addresses using Azure PowerShell](deploy-multi-public-ip-powershell.md).
+
+## Prerequisites
+
+- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
+
+## Review the Bicep file
+
+This Bicep file creates an Azure Firewall with two public IP addresses, along with the necessary resources to support the Azure Firewall.
+
+The Bicep file used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/fw-docs-qs).
+
+:::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/fw-docs-qs/main.bicep":::
+
+Multiple Azure resources are defined in the template:
+
+- [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups)
+- [**Microsoft.Network/publicIPPrefix**](/azure/templates/microsoft.network/publicipprefixes)
+- [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses)
+- [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks)
+- [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines)
+- [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts)
+- [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces)
+- [**Microsoft.Network/azureFirewalls**](/azure/templates/microsoft.network/azureFirewalls)
+- [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables)
+
+## Deploy the Bicep file
+
+1. Save the Bicep file as **main.bicep** to your local computer.
+1. Deploy the Bicep file using either Azure CLI or Azure PowerShell.
+
+    # [CLI](#tab/CLI)
+
+    ```azurecli
+    az group create --name exampleRG --location eastus
+    az deployment group create --resource-group exampleRG --template-file main.bicep --parameters adminUsername=<admin-username>
+    ```
+
+    # [PowerShell](#tab/PowerShell)
+
+    ```azurepowershell
+    New-AzResourceGroup -Name exampleRG -Location eastus
+    New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -adminUsername "<admin-username>"
+    ```
+
+    ---
+
+    > [!NOTE]
+    > Replace **\<admin-username\>** with the admin username for the backend server.
+
+    You will be prompt to enter the admin password.
+
+    When the deployment finishes, you should see a message indicating the deployment succeeded.
+
+## Validate the deployment
+
+In the Azure portal, review the deployed resources. Note the firewall public IP addresses.
+
+Use Remote Desktop Connection to connect to the firewall public IP addresses. Successful connection demonstrates firewall NAT rules that allow the connection to the backend servers.
+
+## Clean up resources
+
+When you no longer need the resources that you created with the firewall, delete the resource group. This removes the firewall and all the related resources.
+
+To delete the resource group, call the `Remove-AzResourceGroup` cmdlet:
+
+```azurepowershell-interactive
+Remove-AzResourceGroup -Name "exampleRG"
+```
+
+## Next steps
+
+> [!div class="nextstepaction"]
+> [Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal](tutorial-hybrid-portal.md)
diff --git a/articles/firewall/toc.yml b/articles/firewall/toc.yml
@@ -13,6 +13,9 @@ items:
   - name: Deploy with IP Groups - ARM template
     displayName: Resource Manager
     href: quick-create-ipgroup-template.md
+  - name: Deploy with multiple addresses - Bicep
+    displayName: Resource Manager,ARM,template
+    href: quick-create-multiple-ip-bicep.md
   - name: Deploy with multiple addresses - ARM template
     displayName: Resource Manager
     href: quick-create-multiple-ip-template.md
