Skip to content

Commit 431dcd3

Browse files
committed
add qs template deployment
1 parent da6d337 commit 431dcd3

File tree

2 files changed

+106
-1
lines changed

2 files changed

+106
-1
lines changed
Lines changed: 100 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,100 @@
1+
---
2+
title: 'Quickstart: Secure virtual hub using Azure Firewall Manager Preview - Resource Manager template'
3+
description: Learn how to secure your virtual hub using Azure Firewall Manager Preview.
4+
services: firewall-manager
5+
author: vhorne
6+
ms.service: firewall
7+
ms.topic: quickstart
8+
ms.date: 05/19/2020
9+
ms.author: victorh
10+
---
11+
12+
# Quickstart: Secure your virtual hub using Azure Firewall Manager - Resource Manager template
13+
14+
In this quickstart, you use a Resource Manager template to secure your virtual hub using Azure Firewall Manager.
15+
16+
The deployed firewall has a application rule that allow connections to `www.microsoft.com` . Two Windows Server 2019 virtual machines are deployed to test the firewall. One jump server is used to connect to the workload server. From the workload server, you can only connect to `www.microsoft.com`.
17+
18+
[!INCLUDE [About Azure Resource Manager](../../includes/resource-manager-quickstart-introduction.md)]
19+
20+
For more information about Azure Firewall Manager Preview, see [What is Azure Firewall Manager Preview?](overview.md).
21+
22+
## Prerequisites
23+
24+
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F).
25+
26+
## Create an secured virtual hub
27+
28+
This template creates an secured virtual hub using Azure Firewall Manager Preview, along with the necessary resources to support the scenario.
29+
30+
### Review the template
31+
32+
The template used in this quickstart is from [Azure Quickstart templates](https://github.com/Azure/azure-quickstart-templates/blob/master/fwm-docs-qs/azuredeploy.json).
33+
34+
:::code language="json" source="~/quickstart-templates/fwm-docs-qs/azuredeploy.json" range="001-477" highlight="47-76":::
35+
36+
Multiple Azure resources are defined in the template:
37+
38+
- [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses)
39+
- [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups)
40+
- [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks)
41+
- [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines)
42+
- [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces)
43+
- [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts)
44+
- [**Microsoft.Network/azureFirewalls**](/azure/templates/microsoft.network/azureFirewalls)
45+
- [**Microsoft.Network/firewallPolicies**](/azure/templates/microsoft.network/firewallPolicies)
46+
- [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables)
47+
- [**Microsoft.Network/virtualWans**](/azure/templates/microsoft.network/virtualWans)
48+
- [**Microsoft.Network/virtualHubs**](/azure/templates/microsoft.network/virtualHubs)
49+
50+
### Deploy the template
51+
52+
Deploy Resource Manager template to Azure:
53+
54+
1. Select **Deploy to Azure** to sign in to Azure and open the template. The template creates an Azure Firewall, a virtual WAN and virtual hub, the network infrastructure, and two virtual machines.
55+
56+
[![Deploy to Azure](../media/template-deployments/deploy-to-azure.svg)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure%2Fazure-quickstart-templates%2Fmaster%2Ffwm-docs-qs%2Fazuredeploy.json)
57+
58+
2. In the portal, on the **Secured virtual hubs** page, type or select the following values:
59+
- Subscription: Select from existing subscriptions
60+
- Resource group: Select from existing resource groups or select **Create new**, and select **OK**.
61+
- Location: Select a location
62+
- Admin Username: Type username for the administrator user account
63+
- Admin Password: Type an administrator password or key
64+
65+
3. Select **I agree to the terms and conditions stated above** and then select **Purchase**. The deployment can take 10 minutes or longer to complete.
66+
67+
## Validate the deployment
68+
69+
Now, test the firewall rules to confirm that it works as expected.
70+
71+
1. From the Azure portal, review the network settings for the **Workload-Srv** virtual machine and note the private IP address.
72+
2. Connect a remote desktop to **Jump-Srv** virtual machine, and sign in. From there, open a remote desktop connection to the **Workload-Srv** private IP address.
73+
74+
3. Open Internet Explorer and browse to https://www.microsoft.com.
75+
4. Select **OK** > **Close** on the Internet Explorer security alerts.
76+
77+
You should see the Microsoft home page.
78+
79+
5. Browse to https://www.google.com.
80+
81+
You should be blocked by the firewall.
82+
83+
So now you've verified that the firewall rules are working:
84+
85+
* You can browse to the one allowed FQDN, but not to any others.
86+
87+
## Clean up resources
88+
89+
When you no longer need the resources that you created with the firewall, delete the resource group. This removes the firewall and all the related resources.
90+
91+
To delete the resource group, call the `Remove-AzResourceGroup` cmdlet:
92+
93+
```azurepowershell-interactive
94+
Remove-AzResourceGroup -Name "<your resource group name>"
95+
```
96+
97+
## Next steps
98+
99+
> [!div class="nextstepaction"]
100+
> [Learn about trusted security partners](trusted-security-partners.md)

articles/firewall-manager/toc.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,13 @@
44
items:
55
- name: What is Azure Firewall Manager?
66
href: overview.md
7-
- name: Tutorials
7+
- name: Quickstarts
88
expanded: true
9+
items:
10+
- name: Secure virtual hub
11+
displayName: Resource Manager
12+
href: quick-secure-virtual-hub.md
13+
- name: Tutorials
914
items:
1015
- name: Secure your virtual WAN - portal
1116
href: secure-cloud-network.md

0 commit comments

Comments
 (0)