Skip to content

Latest commit

 

History

History
245 lines (168 loc) · 17.3 KB

Protection-Firewall-Hub-Spoke.md

File metadata and controls

245 lines (168 loc) · 17.3 KB
  • Az firewall

image

  • az firewall is linked to Az Vnet
  • Vnet should spare subnet in place
  • due to FW helps to communicate on private IP hence public IP is not assigned to VM

image

- firewall subnet name should "AzureFirewallSubnet"

image

image

image

image

- add the route

image

image

image

image

image

image

image

image

image

  • supply private ip address of firewall here to route traffic via firewall

image

image

  • attach subnet of VM to route table

image

image

image

  • connect VM via NAT

image

image

image

image

image

image

image

  • Hub Spoke model

image

image

  • traffic flow will be via peering

image

  • attach route table to GatewaySubnet

image

image

  • Setting up Hub network

image

  • acting as onprem machine with routing capability

image

Part 1- now install 3 components in azure for Hub setup

  1. create VNet for Hub
  2. vn gateway
  3. az bastion

image

image

image

2. Enable Azure Firewall in the HubVnet

image

image

image

  1. add gatewaysubnet to hubVnet

image

image

  1. Create Virtual network gateway

image

image

image

image

image

Part 2- create Spoke network

  1. create a vnet for spoke and subnet

image

2. create a VM in spoke but dont assign any public ip

image

Part 3- Local Network Gateway

  1. create local network gateway

image

  • assign IP of you on-prem vpn device public IP
  • same for address space, should be taken from on-prem vpn subnet

image

image

image

image

Part 4- Add VPN Connection @ Virtual Network gateway

  1. click on connection on VNgateway

image

image

image

  1. select above created local network gateway, supply shared key

image

Part 5- on-premises n/w vpn device

image

image

image

image

2. supply public IP address of Virtual Network gateway

image

image

image

3. in the destination address, hub n spoke vnet information is supplied

image

image

image

image

image

image

  1. supply pre-shared key in the properties

image

5. right click n connect

image

image

Part 6- Create VNet peering b/w Hub n Spoke

image

1. open any of the network, hub or spoke, click on peering

image

image

2. name peering link name

image

3. use virtual network gateway

image

network flow now, spoke to VPN gateway to on-premises

image

image

Now , routing the traffic via Az Firewall

image

image

1. Attach UDR to respective Vnet 2. one to gateway subnet in hub and another to spoke subnet

image

  1. Create Route Table

image

image

- now add route of Spoke

image

- pick private address of firwall

image

image

image

  • associate the hubnet / subnet and associate with Route Table

image

image

  1. Create another Route Table to route the traffice to company

image

image

- add route to reach traffic to Company device(internet)

image

image

image

image

- attach spoke network/subnet here

image

image

- Firewall rules to be updated to allow the flow of traffic

image

# Part 7 - Firewall Manager - click on firewall manager

image

image

image

image

image

- add a rule for spoke

image

image

image

- Associate Firewall policy to Vnet(Hub Network)

image

image