Merge pull request #277856 from AbdullahBell/firewall-diagram-lightbox-update

Firewall: Update: Add lightbox to all diagrams

Author: Jill Grant

articles/firewall/deploy-ps-policy.md

@@ -33,7 +33,7 @@ For more information about Azure Bastion, see [What is Azure Bastion?](../bastio
 > [!IMPORTANT]
 > [!INCLUDE [Pricing](~/reusable-content/ce-skilling/azure/includes/bastion-pricing.md)]
 
-![Tutorial network infrastructure](media/deploy-ps/tutorial-network.png)
+:::image type="content" source="media/deploy-ps/tutorial-network.png" alt-text="Diagram that shows a firewall network infrastructure." lightbox="media/deploy-ps/tutorial-network.png":::
 
 In this article, you learn how to:
 

articles/firewall/deploy-ps.md

@@ -33,7 +33,7 @@ For more information about Azure Bastion, see [What is Azure Bastion?](../bastio
 > [!IMPORTANT]
 > [!INCLUDE [Pricing](~/reusable-content/ce-skilling/azure/includes/bastion-pricing.md)]
 
-![Tutorial network infrastructure](media/deploy-ps/tutorial-network.png)
+:::image type="content" source="media/deploy-ps/tutorial-network.png" alt-text="Diagram that shows a firewall network infrastructure." lightbox="media/deploy-ps/tutorial-network.png":::
 
 In this article, you learn how to:
 

articles/firewall/firewall-sftp.md

@@ -14,7 +14,7 @@ ms.custom: devx-track-azurepowershell
 
 You can use Azure Firewall to access a storage account container via SFTP. Azure PowerShell is used to deploy a firewall in a virtual network and configured with DNAT rules to translate the SFTP traffic to the storage account container. The storage account container is configured with a private endpoint to allow access from the firewall. To connect to the container, you use the firewall public IP address and the storage account container name.
 
-:::image type="content" source="media/firewall-sftp/accessing-storage-using-sftp.png" alt-text="Diagram showing SFTP to firewall to access a storage account container.":::
+:::image type="content" source="media/firewall-sftp/accessing-storage-using-sftp.png" alt-text="Diagram showing SFTP to firewall to access a storage account container." lightbox="media/firewall-sftp/accessing-storage-using-sftp.png":::
 
 In this article, you:
 

articles/firewall/premium-deploy.md

@@ -31,7 +31,7 @@ You'll use a template to deploy a test environment that has a central VNet (10.0
 
 A single central VNet is used in this test environment for simplicity. For production purposes, a [hub and spoke topology](/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) with peered VNets is more common.
 
-:::image type="content" source="media/premium-deploy/premium-topology.png" alt-text="Central VNet topology":::
+:::image type="content" source="media/premium-deploy/premium-topology.png" alt-text="Diagram of Central VNet topology." lightbox="media/premium-deploy/premium-topology.png":::
 
 The worker virtual machine is a client that sends HTTP/S requests through the firewall.
 
@@ -139,8 +139,8 @@ Use the following steps to test TLS Inspection with URL filtering.
 
 Some HTML pages may look incomplete because they refer to other URLs that are denied. To solve this issue, the following approach can be taken:
 
-- If the HTML page contain links to other domains, you can add these domains to a new application rule with allow access to these FQDNs.
-- If the HTML page contain links to sub URLs then you can modify the rule and add an asterisk to the URL. For example: `targetURLs=www.nytimes.com/section/world*`
+- If the HTML page contains links to other domains, you can add these domains to a new application rule with allow access to these FQDNs.
+- If the HTML page contains links to sub URLs then you can modify the rule and add an asterisk to the URL. For example: `targetURLs=www.nytimes.com/section/world*`
 
    Alternatively, you can add a new URL to the rule. For example: 
 
@@ -163,4 +163,4 @@ Let's create an application rule to allow access to sports web sites.
 ## Next steps
 
 - [Building a POC for TLS inspection in Azure Firewall](https://techcommunity.microsoft.com/t5/azure-network-security-blog/building-a-poc-for-tls-inspection-in-azure-firewall/ba-p/3676723)
-- [Azure Firewall Premium in the Azure portal](premium-portal.md)
+- [Azure Firewall Premium in the Azure portal](premium-portal.md)

articles/firewall/quick-create-multiple-ip-bicep.md

@@ -14,7 +14,7 @@ ms.date: 10/19/2023
 
 In this quickstart, you use a Bicep file to deploy an Azure Firewall with multiple public IP addresses from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines.
 
-:::image type="content" source="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png" alt-text="Diagram showing the network configuration for this quickstart.":::
+:::image type="content" source="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png" alt-text="Diagram showing the network configuration for this quickstart." lightbox="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png":::
 
 
 [!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)]

articles/firewall/quick-create-multiple-ip-template.md

@@ -14,7 +14,7 @@ ms.author: victorh
 
 In this quickstart, you use an Azure Resource Manager template (ARM template) to deploy an Azure Firewall with multiple public IP addresses from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines.
 
-:::image type="content" source="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png" alt-text="Diagram showing the network configuration for this quickstart.":::
+:::image type="content" source="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png" alt-text="Diagram showing the network configuration for this quickstart." lightbox="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png":::
 
 [!INCLUDE [About Azure Resource Manager](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-introduction.md)]
 

articles/firewall/tutorial-firewall-deploy-portal-policy.md

@@ -27,7 +27,7 @@ For this tutorial, you create a simplified single VNet with two subnets for easy
 * **AzureFirewallSubnet** - the firewall is in this subnet.
 * **Workload-SN** - the workload server is in this subnet. This subnet's network traffic goes through the firewall.
 
-![Tutorial network infrastructure](media/tutorial-firewall-deploy-portal/tutorial-network.png)
+:::image type="content" source="media/tutorial-firewall-deploy-portal/tutorial-network.png" alt-text="Diagram of Firewall network infrastructure." lightbox="media/tutorial-firewall-deploy-portal/tutorial-network.png":::
 
 For production deployments, a [hub and spoke model](/azure/architecture/reference-architectures/hybrid-networking/hub-spoke) is recommended, where the firewall is in its own VNet. The workload servers are in peered VNets in the same region with one or more subnets.
 

articles/firewall/tutorial-firewall-deploy-portal.md

@@ -29,7 +29,7 @@ For production deployments, a [hub and spoke model](/azure/architecture/referenc
 * **AzureFirewallSubnet** - the firewall is in this subnet.
 * **Workload-SN** - the workload server is in this subnet. This subnet's network traffic goes through the firewall.
 
-![Network infrastructure](media/tutorial-firewall-deploy-portal/tutorial-network.png)
+:::image type="content" source="media/tutorial-firewall-deploy-portal/tutorial-network.png" alt-text="Diagram of Firewall network infrastructure." lightbox="media/tutorial-firewall-deploy-portal/tutorial-network.png":::
 
 In this article, you learn how to:
 

articles/firewall/tutorial-hybrid-portal-policy.md

@@ -22,7 +22,7 @@ For this tutorial, you create three virtual networks:
 - **VNet-Spoke** - the spoke virtual network represents the workload located on Azure.
 - **VNet-Onprem** - The on-premises virtual network represents an on-premises network. In an actual deployment, it can be connected by either a VPN or ExpressRoute connection. For simplicity, this tutorial uses a VPN gateway connection, and an Azure-located virtual network is used to represent an on-premises network.
 
-![Firewall in a hybrid network](media/tutorial-hybrid-ps/hybrid-network-firewall.png)
+:::image type="content" source="media/tutorial-hybrid-ps/hybrid-network-firewall.png" alt-text="Diagram of Firewall in a hybrid network." lightbox="media/tutorial-hybrid-ps/hybrid-network-firewall.png":::
 
 In this tutorial, you learn how to:
 
@@ -241,7 +241,7 @@ In this step, you create the connection from the hub virtual network to the on-p
 1. Open the **FW-Hybrid-Test** resource group and select the **GW-hub** gateway.
 2. Select **Connections** in the left column.
 3. Select **Add**.
-4. The the connection name, type **Hub-to-Onprem**.
+4. For the connection name, type **Hub-to-Onprem**.
 5. Select **VNet-to-VNet** for **Connection type**.
 6. For the **Second virtual network gateway**, select **GW-Onprem**.
 7. For **Shared key (PSK)**, type **AzureA1b2C3**.

articles/firewall/tutorial-hybrid-portal.md

@@ -22,7 +22,7 @@ For this article, you create three virtual networks:
 - **VNet-Spoke**: The spoke virtual network represents the workload located on Azure.
 - **VNet-Onprem**: The on-premises virtual network represents an on-premises network. In an actual deployment, you can connect to it by using either a virtual private network (VPN) connection or an Azure ExpressRoute connection. For simplicity, this article uses a VPN gateway connection, and an Azure-located virtual network represents an on-premises network.
 
-![Diagram that shows a firewall in a hybrid network.](media/tutorial-hybrid-ps/hybrid-network-firewall.png)
+:::image type="content" source="media/tutorial-hybrid-ps/hybrid-network-firewall.png" alt-text="Diagram that shows a firewall in a hybrid network." lightbox="media/tutorial-hybrid-ps/hybrid-network-firewall.png":::
 
 If you want to use Azure PowerShell instead to complete the procedures in this article, see [Deploy and configure Azure Firewall in a hybrid network by using Azure PowerShell](tutorial-hybrid-ps.md).