You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/deploy-cli.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -35,7 +35,7 @@ In this article, you learn how to:
35
35
* Set up a test network environment
36
36
* Deploy a firewall
37
37
* Create a default route
38
-
* Configure an application rule to allow access to www.google.com
38
+
* Configure an application rule to allow access to www.microsoft.com
39
39
* Configure a network rule to allow access to external DNS servers
40
40
* Test the firewall
41
41
@@ -116,7 +116,7 @@ az network nic create \
116
116
--vnet-name Test-FW-VN \
117
117
--subnet Workload-SN \
118
118
--public-ip-address "" \
119
-
--dns-servers 209.244.0.3 209.244.0.4
119
+
--dns-servers <replace with External DNS ip #1> <replace with External DNS ip #2>
120
120
```
121
121
122
122
Now create the workload virtual machine.
@@ -203,16 +203,16 @@ az network vnet subnet update \
203
203
204
204
## Configure an application rule
205
205
206
-
The application rule allows outbound access to www.google.com.
206
+
The application rule allows outbound access to www.microsoft.com.
207
207
208
208
```azurecli-interactive
209
209
az network firewall application-rule create \
210
210
--collection-name App-Coll01 \
211
211
--firewall-name Test-FW01 \
212
-
--name Allow-Google \
212
+
--name Allow-Microsoft \
213
213
--protocols Http=80 Https=443 \
214
214
--resource-group Test-FW-RG \
215
-
--target-fqdns www.google.com \
215
+
--target-fqdns www.microsoft.com \
216
216
--source-addresses 10.0.2.0/24 \
217
217
--priority 200 \
218
218
--action Allow
@@ -222,12 +222,12 @@ Azure Firewall includes a built-in rule collection for infrastructure FQDNs that
222
222
223
223
## Configure a network rule
224
224
225
-
The network rule allows outbound access to two IP addresses at port 53 (DNS).
225
+
The network rule allows outbound access to two public DNS IP addresses of your choosing at port 53 (DNS).
226
226
227
227
```azurecli-interactive
228
228
az network firewall network-rule create \
229
229
--collection-name Net-Coll01 \
230
-
--destination-addresses 209.244.0.3 209.244.0.4 \
230
+
--destination-addresses <replace with DNS ip #1> <replace with DNS ip #2> \
231
231
--destination-ports 53 \
232
232
--firewall-name Test-FW01 \
233
233
--name Allow-DNS \
@@ -264,14 +264,14 @@ Now, test the firewall to confirm that it works as expected.
264
264
1. Run the following commands:
265
265
266
266
```
267
-
Invoke-WebRequest -Uri https://www.google.com
268
-
Invoke-WebRequest -Uri https://www.google.com
269
-
270
267
Invoke-WebRequest -Uri https://www.microsoft.com
271
268
Invoke-WebRequest -Uri https://www.microsoft.com
269
+
270
+
Invoke-WebRequest -Uri <Replace with external website>
271
+
Invoke-WebRequest -Uri <Replace with external website>
272
272
```
273
273
274
-
The `www.google.com` requests should succeed, and the `www.microsoft.com` requests should fail. This demonstrates that your firewall rules are operating as expected.
274
+
The `www.microsoft.com` requests should succeed, and the other `External Website` requests should fail. This demonstrates that your firewall rules are operating as expected.
275
275
276
276
So now you've verified that the firewall rules are working:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments