You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/tutorial-hybrid-portal.md
+17-30Lines changed: 17 additions & 30 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: vhorne
6
6
ms.service: firewall
7
7
ms.custom: ignite-2022
8
8
ms.topic: how-to
9
-
ms.date: 04/29/2021
9
+
ms.date: 08/31/2023
10
10
ms.author: victorh
11
11
#Customer intent: As an administrator, I want to control network access from an on-premises network to an Azure virtual network.
12
12
---
@@ -25,19 +25,6 @@ For this article, you create three virtual networks:
25
25
26
26
27
27
28
-
In this article, you learn how to:
29
-
30
-
> [!div class="checklist"]
31
-
> * Create the firewall hub virtual network
32
-
> * Create the spoke virtual network
33
-
> * Create the on-premises virtual network
34
-
> * Configure and deploy the firewall
35
-
> * Create and connect the VPN gateways
36
-
> * Peer the hub and spoke virtual networks
37
-
> * Create the routes
38
-
> * Create the virtual machines
39
-
> * Test the firewall
40
-
41
28
If you want to use Azure PowerShell instead to complete this procedure, see [Deploy and configure Azure Firewall in a hybrid network using Azure PowerShell](tutorial-hybrid-ps.md).
42
29
43
30
> [!NOTE]
@@ -72,9 +59,9 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
72
59
First, create the resource group to contain the resources:
73
60
74
61
1. Sign in to the [Azure portal](https://portal.azure.com).
75
-
2. On the Azure portal home page, select **Resource groups** > **Add**.
62
+
2. On the Azure portal home page, select **Resource groups** > **Create**.
76
63
3. For **Subscription**, select your subscription.
77
-
1. For **Resource group name**, type **FW-Hybrid-Test**.
64
+
1. For **Resource group**, type **RG-fw-hybrid-test**.
78
65
2. For **Region**, select **(US) East US**. All resources that you create later must be in the same location.
79
66
3. Select **Review + Create**.
80
67
4. Select **Create**.
@@ -87,7 +74,7 @@ Now, create the VNet:
87
74
1. From the Azure portal home page, select **Create a resource**.
88
75
2. Under **Networking**, select **Virtual network**.
89
76
1. Select **Create**.
90
-
1. For **Resource group**, select **FW-Hybrid-Test**.
77
+
1. For **Resource group**, select **RG-fw-hybrid-test**.
91
78
1. For **Name**, type **VNet-hub**.
92
79
1. Select **Next: IP Addresses**.
93
80
1. For **IPv4 Address space**, delete the default address and type **10.5.0.0/16**.
@@ -102,7 +89,7 @@ Now, create the VNet:
102
89
103
90
1. From the Azure portal home page, select **Create a resource**.
104
91
2. In **Networking**, select **Virtual network**.
105
-
7. For **Resource group**, select **FW-Hybrid-Test**.
92
+
7. For **Resource group**, select **RG-fw-hybrid-test**.
106
93
1. For **Name**, type **VNet-Spoke**.
107
94
2. For **Region**, select **(US) East US**.
108
95
3. Select **Next: IP Addresses**.
@@ -118,7 +105,7 @@ Now, create the VNet:
118
105
119
106
1. From the Azure portal home page, select **Create a resource**.
120
107
2. In **Networking**, select **Virtual network**.
121
-
7. For **Resource group**, select **FW-Hybrid-Test**.
108
+
7. For **Resource group**, select **RG-fw-hybrid-test**.
122
109
1. For **Name**, type **VNet-OnPrem**.
123
110
2. For **Region**, select **(US) East US**.
124
111
3. Select **Next : IP Addresses**
@@ -149,7 +136,7 @@ Now deploy the firewall into the firewall hub virtual network.
149
136
|Setting |Value |
150
137
|---------|---------|
151
138
|Subscription |\<your subscription\>|
152
-
|Resource group |**FW-Hybrid-Test**|
139
+
|Resource group |**RG-fw-hybrid-test**|
153
140
|Name |**AzFW01**|
154
141
|Region |**East US**|
155
142
|Firewall management|**Use Firewall rules (classic) to manage this firewall**|
@@ -160,7 +147,7 @@ Now deploy the firewall into the firewall hub virtual network.
160
147
6. Review the summary, and then select **Create** to create the firewall.
161
148
162
149
This takes a few minutes to deploy.
163
-
7. After deployment completes, go to the **FW-Hybrid-Test** resource group, and select the **AzFW01** firewall.
150
+
7. After deployment completes, go to the **RG-fw-hybrid-test** resource group, and select the **AzFW01** firewall.
164
151
8. Note the private IP address. You'll use it later when you create the default route.
165
152
166
153
### Configure network rules
@@ -238,7 +225,7 @@ Now you can create the VPN connections between the hub and on-premises gateways.
238
225
239
226
In this step, you create the connection from the hub virtual network to the on-premises virtual network. You'll see a shared key referenced in the examples. You can use your own values for the shared key. The important thing is that the shared key must match for both connections. Creating a connection can take a short while to complete.
240
227
241
-
1. Open the **FW-Hybrid-Test** resource group and select the **GW-hub** gateway.
228
+
1. Open the **RG-fw-hybrid-test** resource group and select the **GW-hub** gateway.
242
229
2. Select **Connections** in the left column.
243
230
3. Select **Add**.
244
231
4. For the connection name, type **Hub-to-Onprem**.
@@ -249,7 +236,7 @@ In this step, you create the connection from the hub virtual network to the on-p
249
236
250
237
Create the on-premises to hub virtual network connection. This step is similar to the previous one, except you create the connection from VNet-Onprem to VNet-hub. Make sure the shared keys match. The connection will be established after a few minutes.
251
238
252
-
1. Open the **FW-Hybrid-Test** resource group and select the **GW-Onprem** gateway.
239
+
1. Open the **RG-fw-hybrid-test** resource group and select the **GW-Onprem** gateway.
253
240
2. Select **Connections** in the left column.
254
241
3. Select **Add**.
255
242
4. For the connection name, type **Onprem-to-Hub**.
@@ -269,7 +256,7 @@ After about five minutes or so, the status of both connections should be **Conne
269
256
270
257
Now peer the hub and spoke virtual networks.
271
258
272
-
1. Open the **FW-Hybrid-Test** resource group and select the **VNet-hub** virtual network.
259
+
1. Open the **RG-fw-hybrid-test** resource group and select the **VNet-hub** virtual network.
273
260
2. In the left column, select **Peerings**.
274
261
3. Select **Add**.
275
262
4. Under **This virtual network**:
@@ -309,7 +296,7 @@ Next, create a couple routes:
309
296
2. In the search text box, type **route table** and press **Enter**.
310
297
3. Select **Route table**.
311
298
4. Select **Create**.
312
-
6. Select the **FW-Hybrid-Test** for the resource group.
299
+
6. Select the **RG-fw-hybrid-test** for the resource group.
313
300
8. For **Region**, select the same location that you used previously.
314
301
1. For the name, type **UDR-Hub-Spoke**.
315
302
9. Select **Review + Create**.
@@ -337,7 +324,7 @@ Now create the default route from the spoke subnet.
337
324
2. In the search text box, type **route table** and press **Enter**.
338
325
3. Select **Route table**.
339
326
5. Select **Create**.
340
-
7. Select the **FW-Hybrid-Test** for the resource group.
327
+
7. Select the **RG-fw-hybrid-test** for the resource group.
341
328
8. For **Region**, select the same location that you used previously.
342
329
1. For the name, type **UDR-DG**.
343
330
4. For **Propagate gateway route**, select **No**.
@@ -371,7 +358,7 @@ Create a virtual machine in the spoke virtual network, running IIS, with no publ
371
358
1. From the Azure portal home page, select **Create a resource**.
372
359
2. Under **Popular**, select **Windows Server 2016 Datacenter**.
-**Region** - Same region that you're used previously.
377
364
-**User name**: \<type a user name\>.
@@ -392,7 +379,7 @@ Create a virtual machine in the spoke virtual network, running IIS, with no publ
392
379
393
380
```azurepowershell-interactive
394
381
Set-AzVMExtension `
395
-
-ResourceGroupName FW-Hybrid-Test `
382
+
-ResourceGroupName RG-fw-hybrid-test `
396
383
-ExtensionName IIS `
397
384
-VMName VM-Spoke-01 `
398
385
-Publisher Microsoft.Compute `
@@ -409,7 +396,7 @@ This is a virtual machine that you use to connect using Remote Desktop to the pu
409
396
1. From the Azure portal home page, select **Create a resource**.
410
397
2. Under **Popular**, select **Windows Server 2016 Datacenter**.
411
398
3. Enter these values for the virtual machine:
412
-
-**Resource group** - Select existing, and then select **FW-Hybrid-Test**.
399
+
-**Resource group** - Select existing, and then select **RG-fw-hybrid-test**.
413
400
-**Virtual machine name** - *VM-Onprem*.
414
401
-**Region** - Same region that you're used previously.
415
402
-**User name**: \<type a user name\>.
@@ -459,7 +446,7 @@ Close any existing remote desktops before testing the changed rules. Now run the
459
446
460
447
## Clean up resources
461
448
462
-
You can keep your firewall resources for further testing, or if no longer needed, delete the **FW-Hybrid-Test** resource group to delete all firewall-related resources.
449
+
You can keep your firewall resources for further testing, or if no longer needed, delete the **RG-fw-hybrid-test** resource group to delete all firewall-related resources.
0 commit comments