Hello, Siberians. Welcome to this lesson on Azure firewall.
This lesson, this part off the top model off the is it 500 Microsoft Azure Security Technologies costs
quick information on what we're recovering in. This lesson will start out with a discussion on the Azure firewall service. What is the service? What ID security capabilities,
How that demonstrates to you out of creates of our service configuration. Security rules on road traffic. True hits. Let's get into this.
So what's the firewall service? It's a fully managed, dreadful firewall as a service.
What this means is that with this service, we can have a fire world that we don't have to worry about managing that on the lion infrastructure. The operating system updates on the application off. Did we only configure thus far? Whoa. And we use it now because it's fully managed.
We don't need to worry about conficker when I availability is in load balance says,
or worry about the scalability of the service I availability is built in on. It can also scale up to accommodate as much traffic as we needed to handle that awesome.
But what types of security capabilities does A Jafar will provide the 1st 1 is network traffic. Future in rules on this allows us to centrally create, allow or denying network future in views based on source and destination I p. Sauce and destination part and protocol.
Now, if this sounds like the same capabilities as energies,
you're right, because that is why it is,
but beyond network traffic, future anvils. It also has application F. Cody in future in rules,
and this allows us to look on, lay a seven and look at the U URLs that are Costa communicating with and then to create, allow or deny Valls based on this information.
It's important to understand, though, that this is not deep packet inspection.
It does not do TLS termination, always his dream issue. Aral Future in.
And finally we have the track intelligence based future in which is this information from Microsoft right intelligence feed toe, Identify communications to known militias? I p. Addresses and domains.
So if communication is seen toe any of this, none militias I P addresses are domains. We can here be allotted to them or we can block them harder. Capabilities off the service includes support for network address translation for both sauce and destination traffic. And when it comes to log in,
it has full integration with as your monitor so we can get locks for trouble fitting on analytics
Now to our demonstration here. The tax that I'll be completing in this demonstration
first out, create on a Jafar will submit in my virtual network.
How don't deploy the firewall service into the firewall submitted. I created
how configure allow on block application rules to somewhere site.
How don't create a costume would stable that I'll be using toe the vex traffic for my private submits to the edge off our service
associates The custom foot stable that I create to my private sub nets on finally are very fighter. Everything that we've configured is working by checking that traffic is flowing through the firewall. So in the first task are created. And I, Jafar was submitted in my veteran natural called as your firewall submits
aan s official representation of what are between.
I'm going to be creating a new sub net. It's going tohave the i P address range of 10 dot wonders to slash train to fall, and it's going to be call as your firewall subject
So I'm back in the azure portal on the left on site for quiet and select facial networks,
and I'll select my single vigil network.
I scroll down to sub nets and click on that and I'll go ahead and had a new sub net. I'm gonna be calling these azure firewall submits with an I P address range of 10.1. That's too.
How live all of the settings as the fault and I'll click. OK,
now that my subject is created, I can go ahead to the next task
in the next task are we deploying the firewall service into the foul submits that I created Alia
Aan s official representation of what are between? I have my sub net already out. Deploy my foul into hit
so back in the top photo in the top left corner. Outlook on creators us
and I'll type in firewall
and I'll click on fire water
and I'll click on Create.
Now put that in the same vessels group the network out G.
I'll give it a name off UK South. Follow
the location has a bit of location off. My veteran networks are great and select your yourself
for availability zone became uses to government in March availability by ensuring that multiple instances of the firewall at distributed across different zones. So I'll select the treasons that are available
for the veteran network are selected to use an existing one, and I'll go to select my UK solve in it
for the public i p address. I'll be creating a new one.
So quiet and Lincoln had new, and I'll give you the name off UK Self
Farwell, P I. P for Public High P and I'll click on OK, so that's going to create a new public high p how violently can review and creates
on our click on creates.
That's gonna take a while to create the fowls every so go ahead and pasta recording
and whatever finished on our resume, the recording and we go through the rest of the tasks.
So the fire was successfully deployed now, so that's good
on DTA Review that I can click on the notification option and click on Go to the results
and you can see my firewall right here. So that's good.
Now in the next task, how big configuring my foul would allow and block application. Sutin rules
and, yes, official representation of what are between our configure toe application Future in rows on my foul
one allow go toe allow Get up that come and another block food to block other your ills
So I'm back in the other Pato and I can see my firewall configuration options on the left hand side are quiet and selective rules
now on the roads are select Application row collection on our hard an application rule collection
Now for the rule collection are quiet and had my fost allowable,
So I'll give you the name off allowed. Get up
for the poverty offsets that on Dredd Action allow for the tiger f killed Ian. I'll give it a name off, get hop
sauce Type I P address
and stop for any high P address.
Now for the part and protocol are quiet and puts in http 80 and https for for tree
and for the target F UD and our guide and put in get up that come. So this allows traffic that's going to get up that come from any high peace, are great and click hard toe had that
once that added are go ahead and click add application. Bhutto had another application route.
This turned around, I'll say block or the um else
and for the priority are set this to 300.
And for the action outset that to deny
and for the target f guardian, I'll say all the you are else.
So Stipe upholds studying
for the protocol. I'll specify the same thing so that the HDTV https
and for the talk it f Judean Output in the Star
and I'll go ahead and hard. That's
so once I refresh that I can see my tools. I can see the blue collection to allow get hub on the other rule collection to block other, um, else. So let's move on to the next task
Now in the next task, how create a custom wood table that I'll be using to directs traffic for my private sub net to the azure foul.
Yes, official representation off What are between
fast our created custom woods table
and within my cost on board stable. Happy. How did they you said the find vou to route all traffic to the I p off Mihajlo firewall.
So back in the azure Pado without do is our quiet and click on Create a Resource on our type with table
on our Selective. It's table and I'll click on Create
Now for the name of my vote stable. Our called out UK South
now for the results of a power. Put it in the same research group for the location. It has to be in the same location as the veteran networks are lived at us, UK South. I can disable veteran. It will get way with propagation for now, and I'll go ahead and click on Create.
So what's my votes that was finished creating? Now click on the option to go to the resource. Then I'll go ahead and click on the roots and for the words out, go ahead and add in new good entry or user defined world.
I'll call these I natural
for the address prefix are say anythin, going 20.0 dot 00 slash zero, which is anything.
The next up should be virtual appliance, and I will leave the I P address off my house, Your firewall right here so I'll go ahead and get that.
So to do that right click on Microsoft Azure and open a new tab.
If I go to the top that I just opened, I'll select my firewall over there,
and I should be able to get the firewall private I p, which is Stand that one. That's toe that forced. Copy that. I'll go back to the top when configuring my used it to find room and I'll put in the I p address off my foul day
on our violently. Okay to that.
So once it's added, devote entry, we're good.
So in the next task, I will be associating. The costume would stay, but I just created to my private sub nets so that traffic would be routed to the far wall. So yes, a visual representation of what I'll be doing. Having a costume would stable. Like what I just did actually does nothing to have associate ID that would stable.
so traffic actually will still be flowing the wreck, literally as your gateway to the Internet and bypassing any rule that have confident on my foul.
So what I need to do is, say, needs to go associates dad would say Boo to my subject. So let's go to do that. So back in the azure Poto, I'm still under my would stable configuration and look at that. I misspelled that. But that's OK. You understand what we're doing.
So to associate this word stable to my sub Nate our guide and click on sub nets
on under Sub Net out. Click on the option Toe Associates
on our quiet and click on the Drop Down and select my virtual network,
now violently come to drop down again, and I'll select my private sub net, which is the UK self. Submit once, argyle and select that and I'll click. OK,
now you have to give this a few minutes toe properly. Apply the configuration. So in many cases, when you see the green option here, that just means it successfully submitted the job. Just give it a few minutes. Let's the configuration properly. Bedding wants it fully better than than we can go ahead with the next task.
Now, in the final task off this lesson,
Albert very find that traffic is flowing through the eyes of firewall on that the configured rules have been applied
and as a visual absent ation of what are we doing? How be connecting to my Windows VMS and the bastion service that was set up in the previous lesson
out then, very fighter. The firewall rules that have config guard applied for traffic that's going out to the Internet.
So here I am. Back in the azure poto, I still have my bastion connection Open toe, my privates Virtual machine.
If I go ahead and click on Internet Explorer
and I typed in gets ob dot com
When I press enter to that, now I can see that it's not loading properly. That's expected, because this is actually the eurozone is gonna be trying to pull down things like Starship from that have not allowed. So that's just a quick good one into you whenever you're doing your configuration in production. That,
and make sure that you have the fullest off the Urals that you want to allow fully
configured into votes, but you can see it. I can still get to get up that come even though it's not load incorrectly. However, if I tried to go to any other you ever like, let's the Microsoft dot com on I press enter, I get an error message that say's There's a rule called block or the euros that blocking me from being able to
access that site. So that's goods. Traffic is flowing through my firewall. My rules have been applied.
So here's a somebody off what we covered in this lesson.
We started out with the discussion off. What's the azure firewall? Ease and what it does.
I don't demonstrated Outer creates the farm or service, configure security rules in needs and rich traffic through the foul or service.
Thanks very much for watching, and I'll see you in the next lesson.