Azurecloud~30 mins

Azure Firewall for centralized security - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Azure Firewall for centralized security

📖 Scenario: You are working as a cloud engineer for a company that wants to secure its network traffic centrally using Azure Firewall. The company has multiple virtual networks and wants to control inbound and outbound traffic with a single firewall.

🎯 Goal: Build an Azure Firewall resource with a firewall policy and apply it to a virtual network to centralize security management.

📋 What You'll Learn

Create an Azure Firewall resource named centralFirewall in resource group NetworkRG and location eastus.

Create a firewall policy named centralFirewallPolicy in the same resource group and location.

Add a network rule collection named AllowWebTraffic to the firewall policy that allows outbound TCP traffic on ports 80 and 443 to any destination.

Associate the firewall policy centralFirewallPolicy with the Azure Firewall centralFirewall.

💡 Why This Matters

🌍 Real World

Centralized network security is critical for organizations to control and monitor traffic across multiple virtual networks and regions. Azure Firewall provides a scalable and manageable solution.

💼 Career

Cloud engineers and network administrators use Azure Firewall to enforce security policies, protect resources, and comply with organizational standards.

Progress0 / 4 steps

Create Azure Firewall resource

Create an Azure Firewall resource named centralFirewall in resource group NetworkRG and location eastus using the Azure CLI command az network firewall create.

Azure

# Your code here

Need a hint?

Use the az network firewall create command with the exact resource group, name, and location.

Create Azure Firewall Policy

Create an Azure Firewall Policy named centralFirewallPolicy in resource group NetworkRG and location eastus using the Azure CLI command az network firewall policy create.

Azure

az network firewall create --name centralFirewall --resource-group NetworkRG --location eastus
# Your code here

Need a hint?

Use the az network firewall policy create command with the exact policy name, resource group, and location.

Add network rule collection to firewall policy

Add a network rule collection named AllowWebTraffic to the firewall policy centralFirewallPolicy that allows outbound TCP traffic on ports 80 and 443 to any destination using the Azure CLI command az network firewall policy rule-collection-group collection add-filter-collection.

Azure

az network firewall create --name centralFirewall --resource-group NetworkRG --location eastus
az network firewall policy create --name centralFirewallPolicy --resource-group NetworkRG --location eastus
# Your code here

Need a hint?

Use the az network firewall policy rule-collection-group collection add-filter-collection command with the exact parameters to allow outbound web traffic.

Associate firewall policy with Azure Firewall

Associate the firewall policy centralFirewallPolicy with the Azure Firewall centralFirewall using the Azure CLI command az network firewall update with the --firewall-policy parameter.

Azure

az network firewall create --name centralFirewall --resource-group NetworkRG --location eastus
az network firewall policy create --name centralFirewallPolicy --resource-group NetworkRG --location eastus
az network firewall policy rule-collection-group collection add-filter-collection --policy-name centralFirewallPolicy --resource-group NetworkRG --rule-collection-group-name default --name AllowWebTraffic --action Allow --priority 100 --rule-name AllowWebRule --protocols TCP --source-addresses '*' --destination-addresses '*' --destination-ports 80 443 --rule-type NetworkRule
# Your code here

Need a hint?

Use the az network firewall update command with the --firewall-policy parameter to link the policy.