freshness changes

Author: vhorne

articles/firewall/tutorial-firewall-deploy-portal.md

@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: how-to
-ms.date: 05/25/2022
+ms.date: 08/01/2022
 ms.author: victorh
 ms.custom: mvc
 #Customer intent: As an administrator new to this service, I want to control outbound network access from resources located in an Azure subnet.
@@ -60,32 +60,31 @@ First, create a resource group to contain the resources needed to deploy the fir
 The resource group contains all the resources used in this procedure.
 
 1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
-2. On the Azure portal menu, select **Resource groups** or search for and select *Resource groups* from any page. Then select **Add**.
+2. On the Azure portal menu, select **Resource groups** or search for and select *Resource groups* from any page. Then select **Create**.
 4. For **Subscription**, select your subscription.
-1. For **Resource group name**, enter *Test-FW-RG*.
+1. For **Resource group name**, type **Test-FW-RG**.
 1. For **Resource group location**, select a location. All other resources that you create must be in the same location.
 1. Select **Review + create**.
 1. Select **Create**.
 
 ### Create a VNet
 
-This VNet will have three subnets.
+This VNet will have two subnets.
 
 > [!NOTE]
 > The size of the AzureFirewallSubnet subnet is /26. For more information about the subnet size, see [Azure Firewall FAQ](firewall-faq.yml#why-does-azure-firewall-need-a--26-subnet-size).
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.
 1. Select **Networking** > **Virtual network**.
-1. Select **Create**.
 1. For **Subscription**, select your subscription.
 1. For **Resource group**, select **Test-FW-RG**.
 1. For **Name**, type **Test-FW-VN**.
 1. For **Region**, select the same location that you used previously.
 1. Select **Next: IP addresses**.
-1. For **IPv4 Address space**, type **10.0.0.0/16**.
-1. Under **Subnet**, select **default**.
-1. For **Subnet name** type **AzureFirewallSubnet**. The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
-1. For **Address range**, type **10.0.1.0/26**.
+1. For **IPv4 Address space**, accept the default **10.0.0.0/16**.
+1. Under **Subnet name**, select **default**.
+1. For **Subnet name** change it to **AzureFirewallSubnet**. The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
+1. For **Address range**, change it to **10.0.1.0/26**.
 1. Select **Save**.
 
    Next, create a subnet for the workload server.
@@ -102,15 +101,15 @@ This VNet will have three subnets.
 Now create the workload virtual machine, and place it in the **Workload-SN** subnet.
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.
-2. Select **Windows Server 2016 Datacenter**.
+2. Select **Windows Server 2019 Datacenter**.
 4. Enter these values for the virtual machine:
 
    |Setting  |Value  |
    |---------|---------|
    |Resource group     |**Test-FW-RG**|
    |Virtual machine name     |**Srv-Work**|
    |Region     |Same as previous|
-   |Image|Windows Server 2016 Datacenter|
+   |Image|Windows Server 2019 Datacenter|
    |Administrator user name     |Type a user name|
    |Password     |Type a password|
 
@@ -120,11 +119,13 @@ Now create the workload virtual machine, and place it in the **Workload-SN** sub
 8. Make sure that **Test-FW-VN** is selected for the virtual network and the subnet is **Workload-SN**.
 9. For **Public IP**, select **None**.
 11. Accept the other defaults and select **Next: Management**.
-12. Select **Disable** to disable boot diagnostics. Accept the other defaults and select **Review + create**.
+12. For **Boot diagnostics**, select **Disable** to disable boot diagnostics. Accept the other defaults and select **Review + create**.
 13. Review the settings on the summary page, and then select **Create**.
+1. After the deployment is complete, select **Srv-Work** and note the private IP address that you'll need to use later.
 
 [!INCLUDE [ephemeral-ip-note.md](../../includes/ephemeral-ip-note.md)]
 
+
 ## Deploy the firewall
 
 Deploy the firewall into the VNet.
@@ -140,6 +141,7 @@ Deploy the firewall into the VNet.
    |Resource group     |**Test-FW-RG** |
    |Name     |**Test-FW01**|
    |Region     |Select the same location that you used previously|
+   |Firewall tier|**Standard**|
    |Firewall management|**Use Firewall rules (classic) to manage this firewall**|
    |Choose a virtual network     |**Use existing**: **Test-FW-VN**|
    |Public IP address     |**Add new**<br>**Name**:  **fw-pip**|
@@ -159,9 +161,8 @@ As a result, there is no need create an additional UDR to include the AzureFirew
 
 For the **Workload-SN** subnet, configure the outbound default route to go through the firewall.
 
-1. On the Azure portal menu, select **All services** or search for and select *All services* from any page.
-2. Under **Networking**, select **Route tables**.
-3. Select **Add**.
+1. On the Azure portal menu, select **Create a resource**.
+2. Under **Networking**, select **Route table**.
 5. For **Subscription**, select your subscription.
 6. For **Resource group**, select **Test-FW-RG**.
 7. For **Region**, select the same location that you used previously.
@@ -171,15 +172,16 @@ For the **Workload-SN** subnet, configure the outbound default route to go throu
 
 After deployment completes, select **Go to resource**.
 
-1. On the Firewall-route page, select **Subnets** and then select **Associate**.
+1. On the **Firewall-route** page, select **Subnets** and then select **Associate**.
 1. Select **Virtual network** > **Test-FW-VN**.
 1. For **Subnet**, select **Workload-SN**. Make sure that you select only the **Workload-SN** subnet for this route, otherwise your firewall won't work correctly.
 
 13. Select **OK**.
 14. Select **Routes** and then select **Add**.
 15. For **Route name**, type **fw-dg**.
-16. For **Address prefix**, type **0.0.0.0/0**.
-17. For **Next hop type**, select **Virtual appliance**.
+1. For **Address prefix destination**, select **IP Addresses**.
+1. For **Destination IP addresses/CIDR ranges**, type **0.0.0.0/0**.
+1. For **Next hop type**, select **Virtual appliance**.
 
     Azure Firewall is actually a managed service, but virtual appliance works in this situation.
 18. For **Next hop address**, type the private IP address for the firewall that you noted previously.
@@ -221,7 +223,7 @@ This is the network rule that allows outbound access to two IP addresses at port
 2. For **Destination type** select **IP address**.
 3. For **Destination address**, type **209.244.0.3,209.244.0.4**
 
-   These are public DNS servers operated by CenturyLink.
+   These are public DNS servers operated by Level3.
 1. For **Destination Ports**, type **53**.
 2. Select **Add**.
 
@@ -239,7 +241,7 @@ This rule allows you to connect a remote desktop to the Srv-Work virtual machine
 8. For **Source**, type **\***.
 9. For **Destination address**, type the firewall public IP address.
 10. For **Destination Ports**, type **3389**.
-11. For **Translated address**, type the **Srv-work** private IP address.
+11. For **Translated address**, type the Srv-work private IP address.
 12. For **Translated port**, type **3389**.
 13. Select **Add**.
 
@@ -260,8 +262,8 @@ For testing purposes, configure the server's primary and secondary DNS addresses
 
 Now, test the firewall to confirm that it works as expected.
 
-1. Connect a remote desktop to firewall public IP address and sign in to the **Srv-Work** virtual machine. 
-3. Open Internet Explorer and browse to `https://www.google.com`.
+1. Connect a remote desktop to the firewall public IP address and sign in to the Srv-Work virtual machine.
+1. Open Internet Explorer and browse to `https://www.google.com`.
 4. Select **OK** > **Close** on the Internet Explorer security alerts.
 
    You should see the Google home page.
@@ -272,6 +274,7 @@ Now, test the firewall to confirm that it works as expected.
 
 So now you've verified that the firewall rules are working:
 
+* You can connect to the virtual machine using RDP.
 * You can browse to the one allowed FQDN, but not to any others.
 * You can resolve DNS names using the configured external DNS server.