Merge pull request #277490 from vhorne/fw-tut-deploy

tutorial freshness

Author: v-dirichards

articles/firewall/tutorial-firewall-deploy-portal-policy.md

@@ -5,7 +5,7 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: tutorial
-ms.date: 10/28/2022
+ms.date: 06/06/2024
 ms.author: victorh
 ms.custom: template-tutorial, mvc, engagement-fy23
 #Customer intent: As an administrator new to this service, I want to control outbound network access from resources located in an Azure subnet.
@@ -57,12 +57,12 @@ First, create a resource group to contain the resources needed to deploy the fir
 The resource group contains all the resources for the tutorial.
 
 1. Sign in to the [Azure portal](https://portal.azure.com).
-1. On the Azure portal menu, select **Resource groups** or search for and select *Resource groups* from any page, then select **Add**. Enter or select the following values:
+1. On the Azure portal menu, select **Resource groups** or search for and select *Resource groups* from any page, then select **Create**. Enter or select the following values:
 
     | Setting  | Value  |
     | -------- | ------ |
     | Subscription  | Select your Azure subscription. |
-    | Resource group | Enter *Test-FW-RG*. |
+    | Resource group | Enter **Test-FW-RG**. |
     | Region | Select a region. All other resources that you create must be in the same region. |
 
 1. Select **Review + create**.
@@ -77,28 +77,31 @@ This VNet will have two subnets.
 
 1. On the Azure portal menu or from the **Home** page, select **Create a resource**.
 1. Select **Networking**.
-1. Search for **Virtual network** and select it.
-1. Select **Create**, then enter or select the following values:
+1. Search for **Virtual network** and select **Create**.
+1. Enter or select the following values:
 
     | Setting  | Value  |
     | -------- | ------ |
     | Subscription  | Select your Azure subscription. |
     | Resource group | Select **Test-FW-RG**. |
-    | Name | Enter *Test-FW-VN*. |
+    | Name | Enter **Test-FW-VN**. |
     | Region | Select the same location that you used previously. |
 
-1. Select **Next: IP addresses**.
+1. Select **Next**.
+1. On the **Security** tab, select **Next**.
 1. For **IPv4 Address space**, accept the default **10.0.0.0/16**.
-1. Under **Subnet**, select **default**.
-1. For **Subnet name** change the name to **AzureFirewallSubnet**. The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
-1. For **Address range**, type **10.0.1.0/26**.
+1. Under **Subnets**, select **default**.
+1. On the **Edit subnet** page, for **Subnet purpose**, select **Azure Firewall**.
+
+   The firewall will be in this subnet, and the subnet name **must** be AzureFirewallSubnet.
+1. For **Starting address**, type **10.0.1.0**.
 1. Select **Save**.
 
-   Next, create a subnet for the workload server.
+Next, create a subnet for the workload server.
 
 1. Select **Add subnet**.
 1. For **Subnet name**, type **Workload-SN**.
-1. For **Subnet address range**, type **10.0.2.0/24**.
+1. For **Starting address**, type **10.0.2.0/24**.
 1. Select **Add**.
 1. Select **Review + create**.
 1. Select **Create**.
@@ -115,7 +118,7 @@ Now create the workload virtual machine, and place it in the **Workload-SN** sub
    | ------- | ----- |
    | Subscription  | Select your Azure subscription. |
    | Resource group     | Select **Test-FW-RG**. |
-   | Virtual machine name     | Enter *Srv-Work*.|
+   | Virtual machine name     | Enter **Srv-Work**.|
    | Region     | Select the same location that you used previously. |
    | Username     | Enter a username. |
    | Password     | Enter a password. |
@@ -126,6 +129,7 @@ Now create the workload virtual machine, and place it in the **Workload-SN** sub
 1. Make sure that **Test-FW-VN** is selected for the virtual network and the subnet is **Workload-SN**.
 1. For **Public IP**, select **None**.
 1. Accept the other defaults and select **Next: Management**.
+1. Select **Next:Monitoring**.
 1. Select **Disable** to disable boot diagnostics. Accept the other defaults and select **Review + create**.
 1. Review the settings on the summary page, and then select **Create**.
 1. After the deployment completes, select the **Srv-Work** resource and note the private IP address for later use.
@@ -143,15 +147,16 @@ Deploy the firewall into the VNet.
    | ------- | ----- |
    | Subscription  | Select your Azure subscription. |
    | Resource group     | Select **Test-FW-RG**. |
-   | Name     | Enter *Test-FW01*. |
+   | Name     | Enter **Test-FW01**. |
    | Region     | Select the same location that you used previously. |
    | Firewall management | Select **Use a Firewall Policy to manage this firewall**. |
-   | Firewall policy | Select **Add new**, and enter *fw-test-pol*. <br> Select the same region that you used previously. 
+   | Firewall policy | Select **Add new**, and enter **fw-test-pol**. <br> Select the same region that you used previously.|
    | Choose a virtual network | Select **Use existing**, and then select **Test-FW-VN**. |
-   | Public IP address     | Select **Add new**, and enter *fw-pip* for the **Name**. |
+   | Public IP address     | Select **Add new**, and enter **fw-pip** for the **Name**. |
 
-5. Accept the other default values, then select **Review + create**.
-6. Review the summary, and then select **Create** to create the firewall.
+5. Accept the other default values, then select **Next: Tags**.
+1. Select **Next : Review + create**.
+1. Review the summary, and then select **Create** to create the firewall.
 
    This will take a few minutes to deploy.
 7. After deployment completes, go to the **Test-FW-RG** resource group, and select the **Test-FW01** firewall.
@@ -170,39 +175,41 @@ For the **Workload-SN** subnet, configure the outbound default route to go throu
    | Subscription | Select your Azure subscription. |
    | Resource group | Select **Test-FW-RG**. |
    | Region  | Select the same location that you used previously. |
-   | Name  | Enter *Firewall-route*. |
+   | Name  | Enter **Firewall-route**. |
 
 1. Select **Review + create**.
 1. Select **Create**.
 
 After deployment completes, select **Go to resource**.
 
-1. On the **Firewall-route** page, select **Subnets** and then select **Associate**.
-1. Select **Virtual network** > **Test-FW-VN**.
-1. For **Subnet**, select **Workload-SN**. Make sure that you select only the **Workload-SN** subnet for this route, otherwise your firewall won't work correctly.
+1. On the **Firewall-route** page, under **Settings**, select **Subnets** and then select **Associate**.
+1. For **Virtual network** select **Test-FW-VN**.
+1. For **Subnet**, select **Workload-SN**. 
 1. Select **OK**.
 1. Select **Routes** and then select **Add**.
-1. For **Route name**, enter *fw-dg*.
-1. For **Address prefix**, enter *0.0.0.0/0*.
+1. For **Route name**, enter **fw-dg**.
+1. For **Destination type** select **IP Addresses**.
+1. For **Destination IP addresses/CIDR ranges prefix**, enter **0.0.0.0/0**.
 1. For **Next hop type**, select **Virtual appliance**.
-    Azure Firewall is actually a managed service, but virtual appliance works in this situation.
+    
+   Azure Firewall is actually a managed service, but virtual appliance works in this situation.
 1. For **Next hop address**, enter the private IP address for the firewall that you noted previously.
-1. Select **OK**.
+1. Select **Add**.
 
 ## Configure an application rule
 
 This is the application rule that allows outbound access to `www.google.com`.
 
 1. Open the **Test-FW-RG** resource group, and select the **fw-test-pol** firewall policy.
-1. Select **Application rules**.
+1. Under **Settings**, Select **Application rules**.
 1. Select **Add a rule collection**.
-1. For **Name**, enter *App-Coll01*.
-1. For **Priority**, enter *200*.
+1. For **Name**, enter **App-Coll01**.
+1. For **Priority**, enter **200**.
 1. For **Rule collection action**, select **Allow**.
-1. Under **Rules**, for **Name**, enter *Allow-Google*.
+1. Under **Rules**, for **Name**, enter **Allow-Google**.
 1. For **Source type**, select **IP address**.
-1. For **Source**, enter *10.0.2.0/24*.
-1. For **Protocol:port**, enter *http, https*.
+1. For **Source**, enter **10.0.2.0/24**.
+1. For **Protocol:port**, enter **http, https**.
 1. For **Destination Type**, select **FQDN**.
 1. For **Destination**, enter *`www.google.com`*
 1. Select **Add**.
@@ -215,17 +222,17 @@ This is the network rule that allows outbound access to two IP addresses at port
 
 1. Select **Network rules**.
 2. Select **Add a rule collection**.
-3. For **Name**, enter *Net-Coll01*.
-4. For **Priority**, enter *200*.
+3. For **Name**, enter **Net-Coll01**.
+4. For **Priority**, enter **200**.
 5. For **Rule collection action**, select **Allow**.
 1. For **Rule collection group**, select **DefaultNetworkRuleCollectionGroup**.
-1. Under **Rules**, for **Name**, enter *Allow-DNS*.
+1. Under **Rules**, for **Name**, enter **Allow-DNS**.
 1. For **Source type**, select **IP Address**.
-1. For **Source**, enter *10.0.2.0/24*.
+1. For **Source**, enter **10.0.2.0/24**.
 1. For **Protocol**, select **UDP**.
-1. For **Destination Ports**, enter *53*.
+1. For **Destination Ports**, enter **53**.
 1. For **Destination type** select **IP address**.
-1. For **Destination**, enter *209.244.0.3,209.244.0.4*.<br>These are public DNS servers operated by CenturyLink.
+1. For **Destination**, enter **209.244.0.3,209.244.0.4**.<br>These are public DNS servers operated by CenturyLink.
 2. Select **Add**.
 
 ## Configure a DNAT rule
@@ -234,18 +241,18 @@ This rule allows you to connect a remote desktop to the **Srv-Work** virtual mac
 
 1. Select the **DNAT rules**.
 2. Select **Add a rule collection**.
-3. For **Name**, enter *rdp*.
-1. For **Priority**, enter *200*.
+3. For **Name**, enter **RDP**.
+1. For **Priority**, enter **200**.
 1. For **Rule collection group**, select **DefaultDnatRuleCollectionGroup**.
-1. Under **Rules**, for **Name**, enter *rdp-nat*.
+1. Under **Rules**, for **Name**, enter **rdp-nat**.
 1. For **Source type**, select **IP address**.
 1. For **Source**, enter *\**.
 1. For **Protocol**, select **TCP**.
-1. For **Destination Ports**, enter *3389*.
-1. For **Destination Type**, select **IP Address**.
+1. For **Destination Ports**, enter **3389**.
 1. For **Destination**, enter the firewall public IP address.
+1. For **Translated type**, select **IP Address**.
 1. For **Translated address**, enter the **Srv-work** private IP address.
-1. For **Translated port**, enter *3389*.
+1. For **Translated port**, enter **3389**.
 1. Select **Add**.
 
 
@@ -257,7 +264,7 @@ For testing purposes in this tutorial, configure the server's primary and second
 2. Select the network interface for the **Srv-Work** virtual machine.
 3. Under **Settings**, select **DNS servers**.
 4. Under **DNS servers**, select **Custom**.
-5. Enter *209.244.0.3* in the **Add DNS server** text box, and *209.244.0.4* in the next text box.
+5. Enter **209.244.0.3** in the **Add DNS server** text box, and **209.244.0.4** in the next text box.
 6. Select **Save**.
 7. Restart the **Srv-Work** virtual machine.
 
@@ -266,7 +273,7 @@ For testing purposes in this tutorial, configure the server's primary and second
 Now, test the firewall to confirm that it works as expected.
 
 1. Connect a remote desktop to firewall public IP address and sign in to the **Srv-Work** virtual machine. 
-3. Open Internet Explorer and browse to `https://www.google.com`.
+3. Open Microsoft Edge and browse to `https://www.google.com`.
 4. Select **OK** > **Close** on the Internet Explorer security alerts.
 
    You should see the Google home page.