|
| 1 | +--- |
| 2 | +title: 'Quickstart: Create an Azure Firewall and IP Groups - Resource Manager template' |
| 3 | +description: Learn how to use a Resource Manager template to create an Azure Firewall and IP Groups. |
| 4 | +services: firewall |
| 5 | +author: vhorne |
| 6 | +ms.service: firewall |
| 7 | +ms.topic: quickstart |
| 8 | +ms.date: 04/06/2020 |
| 9 | +ms.author: victorh |
| 10 | +--- |
| 11 | + |
| 12 | +# Quickstart: Create an Azure Firewall and IP Groups - Resource Manager template |
| 13 | + |
| 14 | +In this quickstart, you use a Resource Manager template to deploy an Azure Firewall with sample IP Groups used in a network rule and application rule. |
| 15 | + |
| 16 | +An IP Group is a top-level resource that allows you to define and group IP addresses, ranges, and subnets into a single object. This is useful for managing IP addresses in Azure Firewall rules. You can either manually enter IP addresses or import them from a file. |
| 17 | + |
| 18 | +[!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)] |
| 19 | + |
| 20 | +## Prerequisites |
| 21 | + |
| 22 | +- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). |
| 23 | + |
| 24 | +## Create an Azure Firewall and IP Groups |
| 25 | + |
| 26 | +This template creates an Azure Firewall and IP Groups, along with the necessary resources to support the Azure Firewall. |
| 27 | + |
| 28 | +### Review the template |
| 29 | + |
| 30 | +The template used in this quickstart is from [Azure Quickstart templates](https://github.com/Azure/azure-quickstart-templates/blob/master/101-azurefirewall-create-with-ipgroups-and-linux-jumpbox/azuredeploy.json) |
| 31 | + |
| 32 | +:::code language="json" source="~/quickstart-templates/101-azurefirewall-create-with-ipgroups-and-linux-jumpbox/azuredeploy.json" range="001-512" highlight="118-141"::: |
| 33 | + |
| 34 | +Multiple Azure resources are defined in the template: |
| 35 | + |
| 36 | +- [**Microsoft.Network/ipGroups**](/azure/templates/microsoft.network/ipGroups) |
| 37 | +- [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses) |
| 38 | +- [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups) |
| 39 | +- [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks) |
| 40 | +- [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines) |
| 41 | +- [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces) |
| 42 | +- [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts) |
| 43 | +- [**Microsoft.Network/azureFirewalls**](/azure/templates/microsoft.network/azureFirewalls) |
| 44 | +- [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables) |
| 45 | + |
| 46 | + |
| 47 | +### Deploy the template |
| 48 | + |
| 49 | +Deploy Resource Manager template to Azure: |
| 50 | + |
| 51 | +1. Select **Deploy to Azure** to sign in to Azure and open the template. The template creates an Azure Firewall, the network infrastructure, and two virtual machines. |
| 52 | + |
| 53 | + <a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2F101-azurefirewall-create-with-ipgroups-and-linux-jumpbox%2Fazuredeploy.json"><img src="./media/quick-create-ipgroup-template/deploy-to-azure.png" alt="deploy to azure"/></a> |
| 54 | + |
| 55 | +2. In the portal, on the **Create an Azure Firewall with IpGroups** page, type or select the following values: |
| 56 | + - Subscription: Select from existing subscriptions |
| 57 | + - Resource group: Select from existing resource groups or select **Create new**, and select **OK**. |
| 58 | + - Location: Select a location |
| 59 | + - Virtual Network Name: Type a name for the new virtual network (VNet) |
| 60 | + - IP Group Name 1: Type name for IP Group 1 |
| 61 | + - IP Group Name 2: Type name for IP Group 2 |
| 62 | + - Admin Username: Type username for the administrator user account |
| 63 | + - Authentication: Select sshPublicKey or password |
| 64 | + - Admin Password: Type an administrator password or key |
| 65 | + |
| 66 | +3. Select **I agree to the terms and conditions stated above** and then select **Purchase**. The deployment can take 10 minutes or longer to complete. |
| 67 | + |
| 68 | +## Review deployed resources |
| 69 | + |
| 70 | +In the Azure portal, review the deployed resources, especially the firewall rules that use IP Groups. |
| 71 | + |
| 72 | +:::image type="content" source="media/quick-create-ipgroup-template/ipgroups.png" alt-text="IP Groups."::: |
| 73 | + |
| 74 | +:::image type="content" source="media/quick-create-ipgroup-template/network-rule.png" alt-text="Network rules."::: |
| 75 | + |
| 76 | +To learn about the JSON syntax and properties for a firewall in a template, see [Microsoft.Network azureFirewalls template reference](https://docs.microsoft.com/azure/templates/Microsoft.Network/2019-11-01/azureFirewalls). |
| 77 | + |
| 78 | +## Clean up resources |
| 79 | + |
| 80 | +When you no longer need the resources that you created with the firewall, delete the resource group. This removes the firewall and all the related resources. |
| 81 | + |
| 82 | +To delete the resource group, call the `Remove-AzResourceGroup` cmdlet: |
| 83 | + |
| 84 | +```azurepowershell-interactive |
| 85 | +Remove-AzResourceGroup -Name "<your resource group name>" |
| 86 | +``` |
| 87 | + |
| 88 | +## Next steps |
| 89 | + |
| 90 | +> [!div class="nextstepaction"] |
| 91 | +> [Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal](tutorial-hybrid-portal.md) |
0 commit comments