Azure Firewall

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
Hello, Siberians. Welcome to this lesson on Azure firewall.
00:04
This lesson, this part off the top model off the is it 500 Microsoft Azure Security Technologies costs
00:11
quick information on what we're recovering in. This lesson will start out with a discussion on the Azure firewall service. What is the service? What ID security capabilities,
00:21
How that demonstrates to you out of creates of our service configuration. Security rules on road traffic. True hits. Let's get into this.
00:30
So what's the firewall service? It's a fully managed, dreadful firewall as a service.
00:35
What this means is that with this service, we can have a fire world that we don't have to worry about managing that on the lion infrastructure. The operating system updates on the application off. Did we only configure thus far? Whoa. And we use it now because it's fully managed.
00:51
We don't need to worry about conficker when I availability is in load balance says,
00:57
or worry about the scalability of the service I availability is built in on. It can also scale up to accommodate as much traffic as we needed to handle that awesome.
01:08
But what types of security capabilities does A Jafar will provide the 1st 1 is network traffic. Future in rules on this allows us to centrally create, allow or denying network future in views based on source and destination I p. Sauce and destination part and protocol.
01:26
Now, if this sounds like the same capabilities as energies,
01:30
you're right, because that is why it is,
01:33
but beyond network traffic, future anvils. It also has application F. Cody in future in rules,
01:38
and this allows us to look on, lay a seven and look at the U URLs that are Costa communicating with and then to create, allow or deny Valls based on this information.
01:51
It's important to understand, though, that this is not deep packet inspection.
01:57
It does not do TLS termination, always his dream issue. Aral Future in.
02:04
And finally we have the track intelligence based future in which is this information from Microsoft right intelligence feed toe, Identify communications to known militias? I p. Addresses and domains.
02:16
So if communication is seen toe any of this, none militias I P addresses are domains. We can here be allotted to them or we can block them harder. Capabilities off the service includes support for network address translation for both sauce and destination traffic. And when it comes to log in,
02:32
it has full integration with as your monitor so we can get locks for trouble fitting on analytics
02:38
Now to our demonstration here. The tax that I'll be completing in this demonstration
02:45
first out, create on a Jafar will submit in my virtual network.
02:50
How don't deploy the firewall service into the firewall submitted. I created
02:53
how configure allow on block application rules to somewhere site.
02:59
How don't create a costume would stable that I'll be using toe the vex traffic for my private submits to the edge off our service
03:07
associates The custom foot stable that I create to my private sub nets on finally are very fighter. Everything that we've configured is working by checking that traffic is flowing through the firewall. So in the first task are created. And I, Jafar was submitted in my veteran natural called as your firewall submits
03:27
aan s official representation of what are between.
03:29
I'm going to be creating a new sub net. It's going tohave the i P address range of 10 dot wonders to slash train to fall, and it's going to be call as your firewall subject
03:38
So I'm back in the azure portal on the left on site for quiet and select facial networks,
03:44
and I'll select my single vigil network.
03:46
I scroll down to sub nets and click on that and I'll go ahead and had a new sub net. I'm gonna be calling these azure firewall submits with an I P address range of 10.1. That's too.
03:57
How live all of the settings as the fault and I'll click. OK,
04:00
now that my subject is created, I can go ahead to the next task
04:04
in the next task are we deploying the firewall service into the foul submits that I created Alia
04:10
Aan s official representation of what are between? I have my sub net already out. Deploy my foul into hit
04:17
so back in the top photo in the top left corner. Outlook on creators us
04:23
and I'll type in firewall
04:26
and I'll click on fire water
04:28
and I'll click on Create.
04:30
Now put that in the same vessels group the network out G.
04:34
I'll give it a name off UK South. Follow
04:41
the location has a bit of location off. My veteran networks are great and select your yourself
04:46
for availability zone became uses to government in March availability by ensuring that multiple instances of the firewall at distributed across different zones. So I'll select the treasons that are available
05:00
for the veteran network are selected to use an existing one, and I'll go to select my UK solve in it
05:06
for the public i p address. I'll be creating a new one.
05:10
So quiet and Lincoln had new, and I'll give you the name off UK Self
05:15
Farwell, P I. P for Public High P and I'll click on OK, so that's going to create a new public high p how violently can review and creates
05:26
on our click on creates.
05:29
That's gonna take a while to create the fowls every so go ahead and pasta recording
05:32
and whatever finished on our resume, the recording and we go through the rest of the tasks.
05:36
So the fire was successfully deployed now, so that's good
05:41
on DTA Review that I can click on the notification option and click on Go to the results
05:46
and you can see my firewall right here. So that's good.
05:49
Now in the next task, how big configuring my foul would allow and block application. Sutin rules
05:58
and, yes, official representation of what are between our configure toe application Future in rows on my foul
06:03
one allow go toe allow Get up that come and another block food to block other your ills
06:11
So I'm back in the other Pato and I can see my firewall configuration options on the left hand side are quiet and selective rules
06:17
now on the roads are select Application row collection on our hard an application rule collection
06:25
Now for the rule collection are quiet and had my fost allowable,
06:30
So I'll give you the name off allowed. Get up
06:32
for the poverty offsets that on Dredd Action allow for the tiger f killed Ian. I'll give it a name off, get hop
06:41
sauce Type I P address
06:43
and stop for any high P address.
06:46
Now for the part and protocol are quiet and puts in http 80 and https for for tree
06:54
and for the target F UD and our guide and put in get up that come. So this allows traffic that's going to get up that come from any high peace, are great and click hard toe had that
07:06
once that added are go ahead and click add application. Bhutto had another application route.
07:13
This turned around, I'll say block or the um else
07:18
and for the priority are set this to 300.
07:21
And for the action outset that to deny
07:26
and for the target f guardian, I'll say all the you are else.
07:31
So Stipe upholds studying
07:35
for the protocol. I'll specify the same thing so that the HDTV https
07:41
and for the talk it f Judean Output in the Star
07:45
and I'll go ahead and hard. That's
07:47
so once I refresh that I can see my tools. I can see the blue collection to allow get hub on the other rule collection to block other, um, else. So let's move on to the next task
07:59
Now in the next task, how create a custom wood table that I'll be using to directs traffic for my private sub net to the azure foul.
08:07
Yes, official representation off What are between
08:11
fast our created custom woods table
08:15
and within my cost on board stable. Happy. How did they you said the find vou to route all traffic to the I p off Mihajlo firewall.
08:24
So back in the azure Pado without do is our quiet and click on Create a Resource on our type with table
08:33
on our Selective. It's table and I'll click on Create
08:37
Now for the name of my vote stable. Our called out UK South
08:43
Private sub nets.
08:46
It's table
08:50
now for the results of a power. Put it in the same research group for the location. It has to be in the same location as the veteran networks are lived at us, UK South. I can disable veteran. It will get way with propagation for now, and I'll go ahead and click on Create.
09:03
So what's my votes that was finished creating? Now click on the option to go to the resource. Then I'll go ahead and click on the roots and for the words out, go ahead and add in new good entry or user defined world.
09:15
I'll call these I natural
09:20
for the address prefix are say anythin, going 20.0 dot 00 slash zero, which is anything.
09:28
The next up should be virtual appliance, and I will leave the I P address off my house, Your firewall right here so I'll go ahead and get that.
09:35
So to do that right click on Microsoft Azure and open a new tab.
09:41
If I go to the top that I just opened, I'll select my firewall over there,
09:48
and I should be able to get the firewall private I p, which is Stand that one. That's toe that forced. Copy that. I'll go back to the top when configuring my used it to find room and I'll put in the I p address off my foul day
10:01
on our violently. Okay to that.
10:03
So once it's added, devote entry, we're good.
10:05
So in the next task, I will be associating. The costume would stay, but I just created to my private sub nets so that traffic would be routed to the far wall. So yes, a visual representation of what I'll be doing. Having a costume would stable. Like what I just did actually does nothing to have associate ID that would stable.
10:26
So my sub nets
10:26
so traffic actually will still be flowing the wreck, literally as your gateway to the Internet and bypassing any rule that have confident on my foul.
10:35
So what I need to do is, say, needs to go associates dad would say Boo to my subject. So let's go to do that. So back in the azure Poto, I'm still under my would stable configuration and look at that. I misspelled that. But that's OK. You understand what we're doing.
10:50
So to associate this word stable to my sub Nate our guide and click on sub nets
10:54
on under Sub Net out. Click on the option Toe Associates
10:58
on our quiet and click on the Drop Down and select my virtual network,
11:03
now violently come to drop down again, and I'll select my private sub net, which is the UK self. Submit once, argyle and select that and I'll click. OK,
11:11
now you have to give this a few minutes toe properly. Apply the configuration. So in many cases, when you see the green option here, that just means it successfully submitted the job. Just give it a few minutes. Let's the configuration properly. Bedding wants it fully better than than we can go ahead with the next task.
11:30
Now, in the final task off this lesson,
11:33
Albert very find that traffic is flowing through the eyes of firewall on that the configured rules have been applied
11:39
and as a visual absent ation of what are we doing? How be connecting to my Windows VMS and the bastion service that was set up in the previous lesson
11:48
out then, very fighter. The firewall rules that have config guard applied for traffic that's going out to the Internet.
11:56
So here I am. Back in the azure poto, I still have my bastion connection Open toe, my privates Virtual machine.
12:03
If I go ahead and click on Internet Explorer
12:07
and I typed in gets ob dot com
12:11
When I press enter to that, now I can see that it's not loading properly. That's expected, because this is actually the eurozone is gonna be trying to pull down things like Starship from that have not allowed. So that's just a quick good one into you whenever you're doing your configuration in production. That,
12:28
and make sure that you have the fullest off the Urals that you want to allow fully
12:33
configured into votes, but you can see it. I can still get to get up that come even though it's not load incorrectly. However, if I tried to go to any other you ever like, let's the Microsoft dot com on I press enter, I get an error message that say's There's a rule called block or the euros that blocking me from being able to
12:52
access that site. So that's goods. Traffic is flowing through my firewall. My rules have been applied.
12:58
So here's a somebody off what we covered in this lesson.
13:03
We started out with the discussion off. What's the azure firewall? Ease and what it does.
13:07
I don't demonstrated Outer creates the farm or service, configure security rules in needs and rich traffic through the foul or service.
13:16
Thanks very much for watching, and I'll see you in the next lesson.
Up Next
AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By