This demo is an adaptation of the demo released for the 20Q3 private preview.
A demo sequence and script are provided in the Powerpoint deck in this repo.
The policy deployed through FirewallPolicy.template.json maps to the demo sequence in the Powerpoint deck.
Topology deployed through FirewallTopology2.template.json:
NB: the template does not include the Web App. This should be in place already. Prior to running the demo verify if the Web App still exists and deploy manually if not.
The following template samples files are included:
- FirewallTopology1.template.json – This is the main template file which include the deployment definition of this premium firewall preview in single VNet topology
- FirewallTopology2.template.json – This is the main template file which include the deployment definition of this premium firewall preview in spoke to spoke topology
- FirewallPolicy.template.json – This is Azure Firewall Policy configuration parameters definition
- CACertificate.template.json – This is a template for easy deployment of customer CA certificate in Key vault.
Refer to the pdf document in this repo for deployment instructions.
Hints:
- Key Vault
- Import interCA.pfx from the Certificates folder in this repo as a new Certificate and name it "intermediateCA".
- Access Policies: ensure an AAD user-assigned identity named DemoIdentity exists and is granted Get, List permissions on Secret and Certificate.
- Firewall policy
- After deployment of the firewall completes, copy its public IP address. In FirewallPoloicy.template.json, under ruletype:"NATRule", find and replace "destinationAddresses" with firewall public IP address (two entries).