Azure Firewall Configuration and Testing
Student Name: Daniel Wanjama
Student ID: ADC-CSS02-25012
Introduction
This lab explores the deployment and configuration of Azure Firewall using the Learn on Demand portal. Azure Firewall provides centralized, scalable, and stateful network security for cloud environments. The lab covers key tasks including firewall deployment, routing, rule creation, DNS setup, and traffic validation.
Objectives
- Deploy Azure Firewall using an ARM template
- Configure User Defined Routes (UDRs)
- Create application and network rules
- Set up DNS server integration
- Test firewall functionality
Prerequisites
- Skillable lab access
- Azure subscription with admin privileges
- Familiarity with virtual networks and routing
Walkthrough
Task 1: Deploy Lab Environment
- Used ARM template to provision virtual network, subnets, and resources
- Verified deployment via Azure Portal
Task 2: Deploy Azure Firewall
- Navigated to Firewall Manager
- Created Azure Firewall in the designated subnet
- Verified firewall provisioning status
Task 3: Configure Default Route (UDR)
- Created User Defined Route to redirect traffic through firewall
- Associated route table with subnet
Task 4: Create Application Rules
- Defined Layer 7 rules for FQDN-based access
- Allowed traffic to
*.microsoft.comand*.github.com
Task 5: Create Network Rules
- Configured Layer 3/4 rules for IP and port-based access
- Allowed TCP traffic on port 443 to specific IP ranges
Task 6: Configure DNS Server
- Enabled DNS proxy on Azure Firewall
- Verified DNS resolution for outbound traffic
Task 7: Test Firewall Functionality
- Validated access to allowed domains
- Confirmed blocked traffic for unauthorized destinations
- Used VM browser and command-line tools for testing
