freshness changes to peering, etc.

Author: vhorne

articles/firewall-manager/media/secure-hybrid-network/firewall-peering.png

@@ -5,7 +5,7 @@ services: firewall-manager
 author: vhorne
 ms.service: firewall-manager
 ms.topic: tutorial
-ms.date: 09/26/2023
+ms.date: 07/24/2024
 ms.author: victorh
 ---
 
@@ -66,7 +66,7 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. In the Azure portal search bar, type **Firewall Manager** and press **Enter**.
-3. On the Azure Firewall Manager page, under **Security**, select **Azure firewall policies**.
+3. On the Azure Firewall Manager page, under **Security**, select **Azure Firewall Policies**.
 
    :::image type="content" source="media/secure-hybrid-network/firewall-manager-policy.png" alt-text="Screenshot showing Firewall Manager main page."lightbox="media/secure-hybrid-network/firewall-manager-policy.png":::
 
@@ -118,13 +118,13 @@ If you don't have an Azure subscription, create a [free account](https://azure.m
 
 1. For **IPv4 address space**, type **10.5.0.0/16**.
 1. Under **Subnets**, select **default**.
-1. For Subnet template, select **Azure Firewall**.
+1. For **Subnet purpose**, select **Azure Firewall**.
 1. For **Starting address**, type **10.5.0.0/26**.
 1. Accept the other default settings, and then select **Save**.
 1. Select **Review + create**.
 1. Select **Create**.
 
-Add another subnet named **GatewaySubnet** with an address space of 10.5.1.0/27. This subnet is used for the VPN gateway. 
+Add another subnet with a subnet purpose set to **Virtual Network Gateway** with an starting address of **10.5.1.0/27**. This subnet is used for the VPN gateway. 
 
 ## Create the spoke virtual network
 
@@ -165,7 +165,7 @@ Add another subnet named **GatewaySubnet** with an address space of 10.5.1.0/27.
 1. For **Starting address**, type **192.168.1.0/24**.
 1. Accept the other default settings, and then select **Save**.
 2. Select **Add a subnet**.
-1. For **Subnet template**, select **Virtual Network Gateway**.
+1. For **Subnet purpose**, select **Virtual Network Gateway**.
 1. For **Starting address** type **192.168.2.0/27**.
 1. Select **Add**.
 1. Select **Review + create**.
@@ -192,7 +192,7 @@ Convert the **VNet-Hub** virtual network into a *hub virtual network* and secure
 
    This takes a few minutes to deploy.
 7. After deployment completes, go to the **FW-Hybrid-Test** resource group, and select the firewall.
-9. Note the **Firewall private IP** address on the **Overview** page. You use it later when you create the default route.
+9. Note the firewall **Private IP** address on the **Overview** page. You use it later when you create the default route.
 
 ## Create and connect the VPN gateways
 
@@ -208,7 +208,6 @@ Now create the VPN gateway for the hub virtual network. Network-to-network confi
 4. For **Name**, type **GW-hub**.
 5. For **Region**, select **(US) East US**.
 6. For **Gateway type**, select **VPN**.
-7. For **VPN type**, select **Route-based**.
 8. For **SKU**, select **VpnGw2**.
 1. For **Generation**, select **Generation2**.
 1. For **Virtual network**, select **VNet-hub**.
@@ -227,7 +226,6 @@ Now create the VPN gateway for the on-premises virtual network. Network-to-netwo
 4. For **Name**, type **GW-Onprem**.
 5. For **Region**, select **(US) East US**.
 6. For **Gateway type**, select **VPN**.
-7. For **VPN type**, select **Route-based**.
 8. For **SKU**, select **VpnGw2**.
 1. For **Generation**, select **Generation2**.
 1. For **Virtual network**, select **VNet-Onprem**.
@@ -243,7 +241,7 @@ Now you can create the VPN connections between the hub and on-premises gateways.
 In this step, you create the connection from the hub virtual network to the on-premises virtual network. A shared key is referenced in the examples. You can use your own values for the shared key. The important thing is that the shared key must match for both connections. It takes some time to create the connection.
 
 1. Open the **FW-Hybrid-Test** resource group and select the **GW-hub** gateway.
-2. Select **Connections** in the left column.
+2. In the left column, under **Settings**, select **Connections**.
 3. Select **Add**.
 4. For the connection name, type **Hub-to-Onprem**.
 5. Select **VNet-to-VNet** for **Connection type**.
@@ -261,16 +259,18 @@ Create the on-premises to hub virtual network connection. This step is similar t
 3. Select **Add**.
 4. For the connection name, type **Onprem-to-Hub**.
 5. Select **VNet-to-VNet** for **Connection type**.
-6. For the **Second virtual network gateway**, select **GW-hub**.
-7. For **Shared key (PSK)**, type **AzureA1b2C3**.
-8. Select **OK**.
+1. Select **Next : Settings**.
+1. For the **First virtual network gateway**, select **GW-Onprem**.
+1. For the **Second virtual network gateway**, select **GW-hub**.
+1. For **Shared key (PSK)**, type **AzureA1b2C3**.
+1. Select **OK**.
 
 
 #### Verify the connection
 
-After about five minutes or so, the status of both connections should be **Connected**.
+After about five minutes or so after the second network connection is deployed, the status of both connections should be **Connected**.
 
-:::image type="content" source="media/secure-hybrid-network/gateway-connections.png" alt-text="Screenshot showing the vpn gateway connections.":::
+:::image type="content" source="media/secure-hybrid-network/gateway-connections.png" lightbox="media/secure-hybrid-network/gateway-connections.png" alt-text="Screenshot showing the vpn gateway connections.":::
 
 ## Peer the hub and spoke virtual networks
 
@@ -279,31 +279,34 @@ Now peer the hub and spoke virtual networks.
 1. Open the **FW-Hybrid-Test** resource group and select the **VNet-hub** virtual network.
 2. In the left column, select **Peerings**.
 3. Select **Add**.
-4. Under **This virtual network**:
-
+1. Under **Remote virtual network summary**:
 
    |Setting name  |Value  |
    |---------|---------|
-   |Peering link name| HubtoSpoke|
-   |Allow traffic to remote virtual network|  selected      |
-   |Allow traffic forwarded from the remote virtual network (allow gateway transit)    |   selected      |
-   |Use remote Virtual network gateway or route server    |  not selected       |
+   |Peering link name | SpoketoHub|
+   |Virtual network deployment model| Resource Manager|
+   |Subscription|\<your subscription\>|
+   |Virtual network| VNet-Spoke|
+   |Allow 'VNet-Spoke' to access 'VNet-hub'|selected|
+   |Allow 'VNet-Spoke' to receive forwarded traffic from 'VNet-Hub'|selected|
+   |Allow gateway or route server in 'VNet-Spoke' to forward traffic to 'VNet-Hub'| not selected|
+   |Enable 'VNet-Spoke' to use 'VNet-hub's' remote gateway or route server|selected|
+
+1. Under **Local virtual network summary**:
 
-5. Under **Remote virtual network**:
 
    |Setting name  |Value  |
    |---------|---------|
-   |Peering link name | SpoketoHub|
-   |Virtual network deployment model| Resource Manager|
-   |Subscription|\<your subscription\>|
-   |Virtual network| VNet-Spoke
-   |Allow traffic to current virtual network     |   selected     |
-   |Allow traffic forwarded from current virtual network (allow gateway transit)    |   selected      |
-   |Use current virtual network gateway or route server    |  selected       |
+   |Peering link name| HubtoSpoke|
+   |Allow 'VNet-hub' to access 'VNet-Spoke'|selected|
+   |Allow 'VNet-hub' to receive forwarded traffic from 'VNet-Spoke'|selected|
+   |Allow gateway or route server in 'VNet-Hub' to forward traffic to 'VNet-Spoke'|selected|
+   |Enable 'VNet-hub' to use 'VNet-Spoke's' remote gateway or route server| not selected|
+
 
 5. Select **Add**.
 
-   :::image type="content" source="media/secure-hybrid-network/firewall-peering.png" alt-text="Screenshot showing Vnet peering.":::
+   :::image type="content" source="media/secure-hybrid-network/firewall-peering.png" lightbox="media/secure-hybrid-network/firewall-peering.png" alt-text="Screenshot showing Vnet peering.":::
 
 ## Create the routes