Merge pull request #278912 from vhorne/fw-dns-fresh

add tabs

Author: prmerger-automator[bot]

articles/ai-services/translator/firewalls.md

@@ -13,7 +13,7 @@ ms.author: lajanuar
 
 # Use Translator behind firewalls
 
-Translator can translate behind firewalls using either [Domain-name](../../firewall/dns-settings.md#configure-dns-proxy---azure-portal) or [IP filtering](#configure-firewall). Domain-name filtering is the preferred method.
+Translator can translate behind firewalls using either [Domain-name](../../firewall/dns-settings.md#dns-proxy-configuration) or [IP filtering](#configure-firewall). Domain-name filtering is the preferred method.
 
 If you still require IP filtering, you can get the [IP addresses details using service tag](../../virtual-network/service-tags-overview.md#discover-service-tags-by-using-downloadable-json-files). Translator is under the **CognitiveServicesManagement** service tag.
 

articles/firewall-manager/private-link-inspection-secure-virtual-hub.md

@@ -41,7 +41,7 @@ The following steps enable Azure Firewall to filter traffic using either network
 1. Deploy a [DNS forwarder](../private-link/private-endpoint-dns-integration.md#virtual-network-and-on-premises-workloads-using-a-dns-forwarder) virtual machine in a virtual network connected to the secured virtual hub and linked to the Private DNS Zones hosting the A record types for the private endpoints.
 
 2. Configure [custom DNS servers](../virtual-network/manage-virtual-network.yml#change-dns-servers) for the virtual networks connected to the secured virtual hub:
-   - **FQDN-based network rules** - configure [custom DNS settings](../firewall/dns-settings.md#configure-custom-dns-servers---azure-portal) to point to the DNS forwarder virtual machine IP address and enable DNS proxy in the firewall policy associated with the Azure Firewall. Enabling DNS proxy is required if you want to do FQDN filtering in network rules.
+   - **FQDN-based network rules** - configure [custom DNS settings](../firewall/dns-settings.md#configure-custom-dns-servers) to point to the DNS forwarder virtual machine IP address and enable DNS proxy in the firewall policy associated with the Azure Firewall. Enabling DNS proxy is required if you want to do FQDN filtering in network rules.
    - **IP address-based network rules** - the custom DNS settings described in the previous point are **optional**. You can configure the custom DNS servers to point to the private IP of the DNS forwarder virtual machine.
 
 3. Depending on the configuration chosen in step **2.**, configure on-premises DNS servers to forward DNS queries for the private endpoints **public DNS zones** to either the private IP address of the Azure Firewall, or of the DNS forwarder virtual machine.

articles/firewall/dns-settings.md

@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: how-to
-ms.date: 05/14/2024
+ms.date: 06/21/2024
 ms.author: victorh 
 ms.custom: devx-track-azurepowershell
 ---
@@ -21,17 +21,19 @@ A DNS server maintains and resolves domain names to IP addresses. By default, Az
 > [!NOTE]
 > For instances of Azure Firewall that are managed by using Azure Firewall Manager, the DNS settings are configured in the associated Azure Firewall policy.
 
-### Configure custom DNS servers - Azure portal
+### Configure custom DNS servers
+
+#### [Portal](#tab/browser)
 
 1. Under Azure Firewall **Settings**, select **DNS Settings**.
 2. Under **DNS servers**, you can type or add existing DNS servers that were previously specified in your virtual network.
 3. Select **Apply**.
 
 The firewall now directs DNS traffic to the specified DNS servers for name resolution.
 
-:::image type="content" source="media/dns-settings/dns-servers.png" alt-text="Screenshot showing settings for D N S servers.":::
+:::image type="content" source="../firewall/media/dns-settings/dns-servers.png" alt-text="Screenshot showing settings for DNS servers.":::
 
-### Configure custom DNS servers - Azure CLI
+#### [CLI](#tab/azure-devops-cli)
 
 The following example updates Azure Firewall with custom DNS servers by using the Azure CLI.
 
@@ -45,7 +47,7 @@ az network firewall update \
 > [!IMPORTANT]
 > The command `az network firewall` requires the Azure CLI extension `azure-firewall` to be installed. You can install it by using the command `az extension add --name azure-firewall`. 
 
-### Configure custom DNS servers - Azure PowerShell
+#### [PowerShell](#tab/powershell)
 
 The following example updates Azure Firewall with custom DNS servers by using Azure PowerShell.
 
@@ -56,14 +58,15 @@ $azFw.DNSServer = $dnsServers
 
 $azFw | Set-AzFirewall
 ```
+---
 
 ## DNS proxy
 
 You can configure Azure Firewall to act as a DNS proxy. A DNS proxy is an intermediary for DNS requests from client virtual machines to a DNS server.
 
 If you want to enable FQDN (fully qualified domain name) filtering in network rules, enable DNS proxy and update the virtual machine configuration to use the firewall as a DNS proxy.
 
-:::image type="content" source="media/dns-settings/dns-proxy-2.png" alt-text="D N S proxy configuration using a custom D N S server.":::
+:::image type="content" source="media/dns-settings/dns-proxy-2.png" alt-text="D N S proxy configuration using a custom DNS server.":::
 
 If you enable FQDN filtering in network rules, and you don't configure client virtual machines to use the firewall as a DNS proxy, then DNS requests from these clients might travel to a DNS server at a different time or return a different response compared to that of the firewall. It’s recommended to configure client virtual machines to use the Azure Firewall as their DNS proxy. This puts Azure Firewall in the path of the client requests to avoid inconsistency.
 
@@ -88,7 +91,7 @@ DNS proxy configuration requires three steps:
 2. Optionally, configure your custom DNS server or use the provided default.
 3. Configure the Azure Firewall private IP address as a custom DNS address in your virtual network DNS server settings. This setting ensures DNS traffic is directed to Azure Firewall.
 
-#### Configure DNS proxy - Azure portal
+#### [Portal](#tab/browser)
 
 To configure DNS proxy, you must configure your virtual network DNS servers setting to use the firewall private IP address. Then enable the DNS proxy in the Azure Firewall **DNS settings**.
 
@@ -109,9 +112,9 @@ To configure DNS proxy, you must configure your virtual network DNS servers sett
 4. Review the **DNS servers** configuration to make sure that the settings are appropriate for your environment.
 5. Select **Save**.
 
-:::image type="content" source="media/dns-settings/dns-proxy.png" alt-text="Screenshot showing settings for the D N S proxy.":::
+:::image type="content" source="../firewall/media/dns-settings/dns-proxy.png" alt-text="Screenshot showing settings for the DNS proxy.":::
 
-#### Configure DNS proxy - Azure CLI
+#### [CLI](#tab/azure-devops-cli)
 
 You can use the Azure CLI to configure DNS proxy settings in Azure Firewall. You can also use it to update virtual networks to use Azure Firewall as the DNS server.
 
@@ -137,7 +140,7 @@ az network firewall update \
     --enable-dns-proxy true
 ```
 
-#### Configure DNS proxy - Azure PowerShell
+#### [PowerShell](#tab/powershell)
 
 You can use Azure PowerShell to configure DNS proxy settings in Azure Firewall. You can also use it to update virtual networks to use Azure Firewall as the DNS server.
 
@@ -163,6 +166,8 @@ $azFw.DNSEnableProxy = $true
 
 $azFw | Set-AzFirewall
 ```
+---
+
 ### High availability failover
 
 DNS proxy has a failover mechanism that stops using a detected unhealthy server and uses another DNS server that is available.