Create a sandbox setup of Azure Firewall with Zones

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure Visualize

Azure Firewall is a managed cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual network.

Azure Firewall uses one or more static public IP addresses for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for logging and analytics. Learn more.

To learn more about how to deploy the template, see the quickstart article.

The template creates following resources:

  • A virtual network with three subnets (ServerSubnet, JumpboxSubnet and AzureFirewallSubnet).
  • A jumpbox VM running Microsoft Windows with public IP and RDP access.
  • A server VM running Microsoft Windows with only a private IP.
  • UDR route to point to Azure Firewall for the ServerSubnet.
  • An Azure Firewall with one or more Public IPs, one sample application rule, and one sample network rule.
  • Azure Firewall is placed in Availability Zones 1, 2 and 3.

Tags: Microsoft.Storage/storageAccounts, Microsoft.Network/routeTables, Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, Microsoft.Network/azureFirewalls, Allow