Merge pull request #134407 from vhorne/fw-hybrid

Court72 · web-flow · commit e23f3b9a4e4e · 2020-10-19T08:36:13.000-07:00
updates for portal changes
diff --git a/articles/firewall/tutorial-hybrid-portal.md b/articles/firewall/tutorial-hybrid-portal.md
@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: tutorial
-ms.date: 03/24/2020
+ms.date: 10/19/2020
 ms.author: victorh
 customer intent: As an administrator, I want to control network access from an on-premises network to an Azure virtual network.
 ---
@@ -70,11 +70,11 @@ First, create the resource group to contain the resources for this tutorial:
 
 1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
 2. On the Azure portal home page, select **Resource groups** > **Add**.
-3. For **Resource group name**, type **FW-Hybrid-Test**.
-4. For **Subscription**, select your subscription.
-5. For **Region**, select **East US**. All resources that you create later must be in the same location.
-6. Select **Review + Create**.
-7. Select **Create**.
+3. For **Subscription**, select your subscription.
+1. For **Resource group name**, type **FW-Hybrid-Test**.
+2. For **Region**, select **(US) East US**. All resources that you create later must be in the same location.
+3. Select **Review + Create**.
+4. Select **Create**.
 
 Now, create the VNet:
 
@@ -83,65 +83,73 @@ Now, create the VNet:
 
 1. From the Azure portal home page, select **Create a resource**.
 2. Under **Networking**, select **Virtual network**.
-4. For **Name**, type **VNet-hub**.
-5. For **Address space**, type **10.5.0.0/16**.
-6. For **Subscription**, select your subscription.
 7. For **Resource group**, select **FW-Hybrid-Test**.
-8. For **Location**, select **East US**.
-9. Under **Subnet**, for **Name** type **AzureFirewallSubnet**. The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
-10. For **Address range**, type **10.5.0.0/26**. 
-11. Accept the other default settings, and then select **Create**.
+1. For **Name**, type **VNet-hub**.
+2. Select **Next: IP Addresses**.
+3. For **IPv4 Address space**, type **10.5.0.0/16**.
+6. Under **Subnet name**, select **default**.
+7. for **Name** type **AzureFirewallSubnet**. The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
+8. For **Address range**, type **10.5.0.0/26**. 
+9. Select **Save**.
+10. Select **Review + create**.
+11. Select **Create**.
 
 ## Create the spoke virtual network
 
 1. From the Azure portal home page, select **Create a resource**.
-2. Under **Networking**, select **Virtual network**.
-4. For **Name**, type **VNet-Spoke**.
-5. For **Address space**, type **10.6.0.0/16**.
-6. For **Subscription**, select your subscription.
+2. In **Networking**, select **Virtual network**.
 7. For **Resource group**, select **FW-Hybrid-Test**.
-8. For **Location**, select the same location that you used previously.
-9. Under **Subnet**, for **Name** type **SN-Workload**.
-10. For **Address range**, type **10.6.0.0/24**.
-11. Accept the other default settings, and then select **Create**.
+1. For **Name**, type **VNet-Spoke**.
+2. For **Region**, select **(US) East US**.
+3. Select **Next: IP Addresses**.
+4. For **IPv4 address space**, type **10.6.0.0/16**.
+6. Under **Subnet name**, select **default**.
+7. for **Name** type **SN-Workload**.
+8. For **Address range**, type **10.6.0.0/24**. 
+9. Select **Save**.
+10. Select **Review + create**.
+11. Select **Create**.
 
 ## Create the on-premises virtual network
 
 1. From the Azure portal home page, select **Create a resource**.
-2. Under **Networking**, select **Virtual network**.
-4. For **Name**, type **VNet-OnPrem**.
-5. For **Address space**, type **192.168.0.0/16**.
-6. For **Subscription**, select your subscription.
+2. In **Networking**, select **Virtual network**.
 7. For **Resource group**, select **FW-Hybrid-Test**.
-8. For **Location**, select the same location that you used previously.
-9. Under **Subnet**, for **Name** type **SN-Corp**.
-10. For **Address range**, type **192.168.1.0/24**.
-11. Accept the other default settings, and then select **Create**.
+1. For **Name**, type **VNet-OnPrem**.
+2. For **Region**, select **(US) East US**.
+3. Select **Next : IP Addresses**
+4. For **IPv4 address space**, type **192.168.0.0/16**.
+5. Under **Subnet name**, select **default**.
+7. for **Name** type **SN-Corp**.
+8. For **Address range**, type **192.168.1.0/24**. 
+9. Select **Save**.
+10. Select **Review + create**.
+11. Select **Create**.
 
 Now create a second subnet for the gateway.
 
 1. On the **VNet-Onprem** page, select **Subnets**.
 2. Select **+Subnet**.
 3. For **Name**, type **GatewaySubnet**.
-4. For **Address range (CIDR block)** type **192.168.2.0/24**.
+4. For **Subnet address range** type **192.168.2.0/24**.
 5. Select **OK**.
 
 ## Configure and deploy the firewall
 
 Now deploy the firewall into the firewall hub virtual network.
 
 1. From the Azure portal home page, select **Create a resource**.
-2. In the left column, select **Networking**, and then select **Firewall**.
+2. In the left column, select **Networking**, and search for and then select **Firewall**.
 4. On the **Create a Firewall** page, use the following table to configure the firewall:
 
    |Setting  |Value  |
    |---------|---------|
    |Subscription     |\<your subscription\>|
    |Resource group     |**FW-Hybrid-Test** |
    |Name     |**AzFW01**|
-   |Location     |Select the same location that you used previously|
+   |Region     |**East US**|
    |Choose a virtual network     |**Use existing**:<br> **VNet-hub**|
-   |Public IP address     |Create new: <br>**Name** - **fw-pip**. |
+   |Public IP address     |Add new: <br>**fw-pip**. |
 
 5. Select **Review + create**.
 6. Review the summary, and then select **Create** to create the firewall.
@@ -164,8 +172,9 @@ First, add a network rule to allow web traffic.
 7. For **Protocol**, select **TCP**.
 8. For **Source type**, select **IP address**.
 9. For **Source**, type **192.168.1.0/24**.
-10. For **Destination address**, type **10.6.0.0/16**
-11. For **Destination Ports**, type **80**.
+10. For **Destination type**, select **IP address**.
+11. For **Destination address**, type **10.6.0.0/16**
+12. For **Destination Ports**, type **80**.
 
 Now add a rule to allow RDP traffic.
 
@@ -175,9 +184,10 @@ On the second rule row, type the following information:
 2. For **Protocol**, select **TCP**.
 3. For **Source type**, select **IP address**.
 4. For **Source**, type **192.168.1.0/24**.
-5. For **Destination address**, type **10.6.0.0/16**
-6. For **Destination Ports**, type **3389**.
-7. Select **Add**.
+5. For **Destination type**, select **IP address**.
+6. For **Destination address**, type **10.6.0.0/16**
+7. For **Destination Ports**, type **3389**.
+8. Select **Add**.
 
 ## Create and connect the VPN gateways
 
@@ -188,7 +198,7 @@ The hub and on-premises virtual networks are connected via VPN gateways.
 Now create the VPN gateway for the hub virtual network. Network-to-network configurations require a RouteBased VpnType. Creating a VPN gateway can often take 45 minutes or more, depending on the selected VPN gateway SKU.
 
 1. From the Azure portal home page, select **Create a resource**.
-2. In the search text box, type **virtual network gateway** and press **Enter**.
+2. In the search text box, type **virtual network gateway**.
 3. Select **Virtual network gateway**, and select **Create**.
 4. For **Name**, type **GW-hub**.
 5. For **Region**, select the same region that you used previously.
@@ -237,7 +247,7 @@ Create the on-premises to hub virtual network connection. This step is similar t
 1. Open the **FW-Hybrid-Test** resource group and select the **GW-Onprem** gateway.
 2. Select **Connections** in the left column.
 3. Select **Add**.
-4. The the connection name, type **Onprem-to-Hub**.
+4. For the connection name, type **Onprem-to-Hub**.
 5. Select **VNet-to-VNet** for **Connection type**.
 6. For the **Second virtual network gateway**, select **GW-hub**.
 7. For **Shared key (PSK)**, type **AzureA1b2C3**.
@@ -284,56 +294,56 @@ Next, create a couple routes:
 2. In the search text box, type **route table** and press **Enter**.
 3. Select **Route table**.
 4. Select **Create**.
-5. For the name, type **UDR-Hub-Spoke**.
 6. Select the **FW-Hybrid-Test** for the resource group.
-8. For **Location**, select the same location that you used previously.
-9. Select **Create**.
-10. After the route table is created, select it to open the route table page.
-11. Select **Routes** in the left column.
-12. Select **Add**.
-13. For the route name, type **ToSpoke**.
-14. For the address prefix, type **10.6.0.0/16**.
-15. For next hop type, select **Virtual appliance**.
-16. For next hop address, type the firewall's private IP address that you noted earlier.
-17. Select **OK**.
+8. For **Region**, select the same location that you used previously.
+1. For the name, type **UDR-Hub-Spoke**.
+9. Select **Review + Create**.
+10. Select **Create**.
+11. After the route table is created, select it to open the route table page.
+12. Select **Routes** in the left column.
+13. Select **Add**.
+14. For the route name, type **ToSpoke**.
+15. For the address prefix, type **10.6.0.0/16**.
+16. For next hop type, select **Virtual appliance**.
+17. For next hop address, type the firewall's private IP address that you noted earlier.
+18. Select **OK**.
 
 Now associate the route to the subnet.
 
 1. On the **UDR-Hub-Spoke - Routes** page, select **Subnets**.
 2. Select **Associate**.
-3. Select **Choose a virtual network**.
-4. Select **VNet-hub**.
-5. Select **GatewaySubnet**.
-6. Select **OK**.
+3. Under **Virtual network**, select **VNet-hub**.
+1. Under **Subnet**, select **GatewaySubnet**.
+2. Select **OK**.
 
 Now create the default route from the spoke subnet.
 
 1. From the Azure portal home page, select **Create a resource**.
 2. In the search text box, type **route table** and press **Enter**.
 3. Select **Route table**.
 5. Select **Create**.
-6. For the name, type **UDR-DG**.
 7. Select the **FW-Hybrid-Test** for the resource group.
-8. For **Location**, select the same location that you used previously.
-4. For **Virtual network gateway route propagation**, select **Disabled**.
-1. Select **Create**.
-2. After the route table is created, select it to open the route table page.
-3. Select **Routes** in the left column.
-4. Select **Add**.
-5. For the route name, type **ToHub**.
-6. For the address prefix, type **0.0.0.0/0**.
-7. For next hop type, select **Virtual appliance**.
-8. For next hop address, type the firewall's private IP address that you noted earlier.
-9. Select **OK**.
+8. For **Region**, select the same location that you used previously.
+1. For the name, type **UDR-DG**.
+4. For **Propagate gateway route**, select **No**.
+5. Select **Review + Create**.
+6. Select **Create**.
+7. After the route table is created, select it to open the route table page.
+8. Select **Routes** in the left column.
+9. Select **Add**.
+10. For the route name, type **ToHub**.
+11. For the address prefix, type **0.0.0.0/0**.
+12. For next hop type, select **Virtual appliance**.
+13. For next hop address, type the firewall's private IP address that you noted earlier.
+14. Select **OK**.
 
 Now associate the route to the subnet.
 
 1. On the **UDR-DG - Routes** page, select **Subnets**.
 2. Select **Associate**.
-3. Select **Choose a virtual network**.
-4. Select **VNet-spoke**.
-5. Select **SN-Workload**.
-6. Select **OK**.
+3. Under **Virtual network**, select **VNet-spoke**.
+1. Under **Subnet**, select **SN-Workload**.
+2. Select **OK**.
 
 ## Create virtual machines
 
@@ -349,15 +359,15 @@ Create a virtual machine in the spoke virtual network, running IIS, with no publ
     - **Resource group** - Select **FW-Hybrid-Test**.
     - **Virtual machine name**: *VM-Spoke-01*.
     - **Region** - Same region that you're used previously.
-    - **User name**: *azureuser*.
-    - **Password**: *Azure123456!*
+    - **User name**: \<type a user name\>.
+    - **Password**: \<type a password\>
+4. For **Public inbound ports**, select **Allow selected ports**, and then select **HTTP (80)**, and **RDP (3389)**
 4. Select **Next:Disks**.
 5. Accept the defaults and select **Next: Networking**.
 6. Select **VNet-Spoke** for the virtual network and the subnet is **SN-Workload**.
-7. For **Public IP**, select **None**.
-8. For **Public inbound ports**, select **Allow selected ports**, and then select **HTTP (80)**, and **RDP (3389)**
+7. For **Public IP**, select **None**. 
 9. Select **Next:Management**.
-10. For **Boot diagnostics**, Select **Off**.
+10. For **Boot diagnostics**, Select **Disable**.
 11. Select **Review+Create**, review the settings on the summary page, and then select **Create**.
 
 ### Install IIS
@@ -387,14 +397,14 @@ This is a virtual machine that you use to connect using Remote Desktop to the pu
     - **Resource group** - Select existing, and then select **FW-Hybrid-Test**.
     - **Virtual machine name** - *VM-Onprem*.
     - **Region** - Same region that you're used previously.
-    - **User name**: *azureuser*.
-    - **Password**: *Azure123456!*.
+    - **User name**: \<type a user name\>.
+    - **Password**: \<type a user password\>.
+7. For **Public inbound ports**, select **Allow selected ports**, and then select **RDP (3389)**
 4. Select **Next:Disks**.
 5. Accept the defaults and select **Next:Networking**.
 6. Select **VNet-Onprem** for virtual network and the subnet is **SN-Corp**.
-7. For **Public inbound ports**, select **Allow selected ports**, and then select **RDP (3389)**
 8. Select **Next:Management**.
-9. For **Boot diagnostics**, Select **Off**.
+10. For **Boot diagnostics**, Select **Disable**.
 10. Select **Review+Create**, review the settings on the summary page, and then select **Create**.
 
 ## Test the firewall
