Merge pull request #106225 from vhorne/fw-dnat

shawnmariejones · web-flow · commit 9737f156556b · 2020-03-02T14:32:26.000-08:00
Update the peering steps
diff --git a/articles/firewall/tutorial-firewall-dnat.md b/articles/firewall/tutorial-firewall-dnat.md
@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: tutorial
-ms.date: 02/26/2020
+ms.date: 03/02/2020
 ms.author: victorh
 ms.custom: mvc
 #Customer intent: As an administrator, I want to deploy and configure Azure Firewall DNAT so that I can control inbound Internet access to resources located in a subnet.
@@ -34,21 +34,21 @@ For this tutorial, you create a two peered VNets:
 ## Create a resource group
 
 1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
-2. On the Azure portal home page, click **Resource groups**, then click **Add**.
+2. On the Azure portal home page, select **Resource groups**, then select **Add**.
 3. For **Resource group name**, type **RG-DNAT-Test**.
 4. For **Subscription**, select your subscription.
 5. For **Resource group location**, select a location. All subsequent resources that you create must be in the same location.
-6. Click **Create**.
+6. Select **Create**.
 
 ## Set up the network environment
 
 First, create the VNets and then peer them.
 
 ### Create the Hub VNet
 
-1. From the Azure portal home page, click **All services**.
-2. Under **Networking**, click **Virtual networks**.
-3. Click **Add**.
+1. From the Azure portal home page, select **All services**.
+2. Under **Networking**, select **Virtual networks**.
+3. Select **Add**.
 4. For **Name**, type **VN-Hub**.
 5. For **Address space**, type **10.0.0.0/16**.
 6. For **Subscription**, select your subscription.
@@ -61,13 +61,13 @@ First, create the VNets and then peer them.
      > The size of the AzureFirewallSubnet subnet is /26. For more information about the subnet size, see [Azure Firewall FAQ](firewall-faq.md#why-does-azure-firewall-need-a-26-subnet-size).
 
 10. For **Address range**, type **10.0.1.0/26**.
-11. Use the other default settings, and then click **Create**.
+11. Use the other default settings, and then select **Create**.
 
 ### Create a spoke VNet
 
-1. From the Azure portal home page, click **All services**.
-2. Under **Networking**, click **Virtual networks**.
-3. Click **Add**.
+1. From the Azure portal home page, select **All services**.
+2. Under **Networking**, select **Virtual networks**.
+3. Select **Add**.
 4. For **Name**, type **VN-Spoke**.
 5. For **Address space**, type **192.168.0.0/16**.
 6. For **Subscription**, select your subscription.
@@ -77,72 +77,64 @@ First, create the VNets and then peer them.
 
     The server will be in this subnet.
 10. For **Address range**, type **192.168.1.0/24**.
-11. Use the other default settings, and then click **Create**.
+11. Use the other default settings, and then select **Create**.
 
 ### Peer the VNets
 
 Now peer the two VNets.
 
-#### Hub to spoke
-
-1. Click the **VN-Hub** virtual network.
-2. Under **Settings**, click **Peerings**.
-3. Click **Add**.
-4. Type **Peer-HubSpoke** for the name.
+1. Select the **VN-Hub** virtual network.
+2. Under **Settings**, select **Peerings**.
+3. Select **Add**.
+4. Type **Peer-HubSpoke** for the **Name of the peering from VN-Hub to VN-Spoke**.
 5. Select **VN-Spoke** for the virtual network.
-6. Click **OK**.
-
-#### Spoke to hub
-
-1. Click the **VN-Spoke** virtual network.
-2. Under **Settings**, click **Peerings**.
-3. Click **Add**.
-4. Type **Peer-SpokeHub** for the name.
-5. Select **VN-Hub** for the virtual network.
-6. Click **Allow forwarded traffic**.
-7. Click **OK**.
+6. Type **Peer-SpokeHub** for **Name of peering from VN-Spoke to VN-Hub**.
+7. For **Allow forwarded traffic from VN-Spoke to VN-Hub** select **Enabled**.
+8. Select **OK**.
 
 ## Create a virtual machine
 
 Create a workload virtual machine, and place it in the **SN-Workload** subnet.
 
-1. From the Azure portal home page, click **All services**.
-2. Under **Compute**, click **Virtual machines**.
-3. Click **Add**, and click **Windows Server**,  click **Windows Server 2016 Datacenter**, and then click **Create**.
+1. From the Azure portal menu, select **Create a resource**.
+2. Under **Popular**, select **Windows Server 2016 Datacenter**.
 
 **Basics**
 
-1. For **Name**, type **Srv-Workload**.
-5. Type a username and password.
-6. For **Subscription**, select your subscription.
-7. For **Resource group**, click **Use existing**, and then select **RG-DNAT-Test**.
-8. For **Location**, select the same location that you used previously.
-9. Click **OK**.
-
-**Size**
+1. For **Subscription**, select your subscription.
+1. For **Resource group**, select **Use existing**, and then select **RG-DNAT-Test**.
+1. For **Virtual machine name**, type **Srv-Workload**.
+1. For **Region**, select the same location that you used previously.
+1. Type a username and password.
+1. Select **Next: Disks**.
 
-1. Choose an appropriate size for a test virtual machine running Windows Server. For example, **B2ms** (8 GB RAM, 16 GB storage).
-2. Click **Select**.
+**Disks**
+1. Select **Next: Networking**.
 
-**Settings**
+**Networking**
 
-1. Under **Network**, for **Virtual network**, select **VN-Spoke**.
+1. For **Virtual network**, select **VN-Spoke**.
 2. For **Subnet**, select **SN-Workload**.
-3. Click **Public IP address** and then click **None**.
-4. For **Select public inbound ports**, select **No public inbound ports**. 
-2. Leave the other default settings and click **OK**.
+3. For **Public IP address** select **None**.
+4. For **Public inbound ports**, select **None**. 
+2. Leave the other default settings and select **Next : Management**.
+
+**Management**
+
+1. For **Boot diagnostics**, select **Off**.
+1. Select **Review + Create**.
 
-**Summary**
+**Review + Create**
 
-Review the summary, and then click **Create**. This will take a few minutes to complete.
+Review the summary, and then select **Create**. This will take a few minutes to complete.
 
-After deployment finishes, note the private IP address for the virtual machine. It will be used later when you configure the firewall. Click the virtual machine name, and under **Settings**, click **Networking** to find the private IP address.
+After deployment finishes, note the private IP address for the virtual machine. It will be used later when you configure the firewall. Select the virtual machine name, and under **Settings**, select **Networking** to find the private IP address.
 
 ## Deploy the firewall
 
-1. From the portal home page, click **Create a resource**.
-2. Click **Networking**, and after **Featured**, click **See all**.
-3. Click **Firewall**, and then click **Create**. 
+1. From the portal home page, select **Create a resource**.
+2. Select **Networking**, and after **Featured**, select **See all**.
+3. Select **Firewall**, and then select **Create**. 
 4. On the **Create a Firewall** page, use the following table to configure the firewall:
 
    |Setting  |Value  |
@@ -154,44 +146,44 @@ After deployment finishes, note the private IP address for the virtual machine.
    |Choose a virtual network     |**Use existing**: VN-Hub|
    |Public IP address     |**Create new**. The Public IP address must be the Standard SKU type.|
 
-5. Click **Review + create**.
-6. Review the summary, and then click **Create** to create the firewall.
+5. Select **Review + create**.
+6. Review the summary, and then select **Create** to create the firewall.
 
    This will take a few minutes to deploy.
-7. After deployment completes, go to the **RG-DNAT-Test** resource group, and click the **FW-DNAT-test** firewall.
+7. After deployment completes, go to the **RG-DNAT-Test** resource group, and select the **FW-DNAT-test** firewall.
 8. Note the private IP address. You'll use it later when you create the default route.
 
 ## Create a default route
 
 For the **SN-Workload** subnet, you configure the outbound default route to go through the firewall.
 
-1. From the Azure portal home page, click **All services**.
-2. Under **Networking**, click **Route tables**.
-3. Click **Add**.
+1. From the Azure portal home page, select **All services**.
+2. Under **Networking**, select **Route tables**.
+3. Select **Add**.
 4. For **Name**, type **RT-FWroute**.
 5. For **Subscription**, select your subscription.
 6. For **Resource group**, select **Use existing**, and select **RG-DNAT-Test**.
 7. For **Location**, select the same location that you used previously.
-8. Click **Create**.
-9. Click **Refresh**, and then click the **RT-FWroute** route table.
-10. Click **Subnets**, and then click **Associate**.
-11. Click **Virtual network**, and then select **VN-Spoke**.
-12. For **Subnet**, click **SN-Workload**.
-13. Click **OK**.
-14. Click **Routes**, and then click **Add**.
+8. Select **Create**.
+9. Select **Refresh**, and then select the **RT-FWroute** route table.
+10. Select **Subnets**, and then select **Associate**.
+11. Select **Virtual network**, and then select **VN-Spoke**.
+12. For **Subnet**, select **SN-Workload**.
+13. Select **OK**.
+14. Select **Routes**, and then select **Add**.
 15. For **Route name**, type **FW-DG**.
 16. For **Address prefix**, type **0.0.0.0/0**.
 17. For **Next hop type**, select **Virtual appliance**.
 
     Azure Firewall is actually a managed service, but virtual appliance works in this situation.
 18. For **Next hop address**, type the private IP address for the firewall that you noted previously.
-19. Click **OK**.
+19. Select **OK**.
 
 ## Configure a NAT rule
 
-1. Open the **RG-DNAT-Test**, and click the **FW-DNAT-test** firewall. 
-2. On the **FW-DNAT-test** page, under **Settings**, click **Rules**. 
-3. Click **Add NAT rule collection**. 
+1. Open the **RG-DNAT-Test**, and select the **FW-DNAT-test** firewall. 
+2. On the **FW-DNAT-test** page, under **Settings**, select **Rules**. 
+3. Select **Add NAT rule collection**. 
 4. For **Name**, type **RC-DNAT-01**. 
 5. For **Priority**, type **200**. 
 6. Under **Rules**, for **Name**, type **RL-01**.
@@ -201,7 +193,7 @@ For the **SN-Workload** subnet, you configure the outbound default route to go t
 10. For **Destination ports**, type **3389**. 
 11. For **Translated Address** type the private IP address for the Srv-Workload virtual machine. 
 12. For **Translated port**, type **3389**. 
-13. Click **Add**. 
+13. Select **Add**. 
 
 ## Test the firewall
 
