| title | description | services | author | ms.service | ms.topic | ms.custom | ms.date | ms.author |
|---|---|---|---|---|---|---|---|---|
Quickstart: Create an Azure Firewall and IP Groups - Resource Manager template |
In this quickstart, you learn how to use an Azure Resource Manager template (ARM template) to create an Azure Firewall and IP Groups. |
firewall |
vhorne |
firewall |
quickstart |
subject-armqs |
08/28/2020 |
victorh |
In this quickstart, you use an Azure Resource Manager template (ARM template) to deploy an Azure Firewall with sample IP Groups used in a network rule and application rule. An IP Group is a top-level resource that allows you to define and group IP addresses, ranges, and subnets into a single object. This is useful for managing IP addresses in Azure Firewall rules. You can either manually enter IP addresses or import them from a file.
[!INCLUDE About Azure Resource Manager]
If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. The template will open in the Azure portal.
- An Azure account with an active subscription. Create an account for free.
This template creates an Azure Firewall and IP Groups, along with the necessary resources to support the Azure Firewall.
The template used in this quickstart is from Azure Quickstart Templates.
:::code language="json" source="~/quickstart-templates/101-azurefirewall-create-with-ipgroups-and-linux-jumpbox/azuredeploy.json":::
Multiple Azure resources are defined in the template:
- Microsoft.Network/ipGroups
- Microsoft.Storage/storageAccounts
- Microsoft.Network/routeTables
- Microsoft.Network/networkSecurityGroups
- Microsoft.Network/virtualNetworks
- Microsoft.Network/publicIPAddresses
- Microsoft.Network/networkInterfaces
- Microsoft.Compute/virtualMachines
- Microsoft.Network/azureFirewalls
Deploy the ARM template to Azure:
-
Select Deploy to Azure to sign in to Azure and open the template. The template creates an Azure Firewall, the network infrastructure, and two virtual machines.
-
In the portal, on the Create an Azure Firewall with IpGroups page, type or select the following values:
- Subscription: Select from existing subscriptions
- Resource group: Select from existing resource groups or select Create new, and select OK.
- Location: Select a location
- Virtual Network Name: Type a name for the new virtual network (VNet)
- IP Group Name 1: Type name for IP Group 1
- IP Group Name 2: Type name for IP Group 2
- Admin Username: Type username for the administrator user account
- Authentication: Select sshPublicKey or password
- Admin Password: Type an administrator password or key
-
Select I agree to the terms and conditions stated above and then select Purchase. The deployment can take 10 minutes or longer to complete.
In the Azure portal, review the deployed resources, especially the firewall rules that use IP Groups.
:::image type="content" source="media/quick-create-ipgroup-template/ipgroups.png" alt-text="IP Groups.":::
:::image type="content" source="media/quick-create-ipgroup-template/network-rule.png" alt-text="Network rules.":::
To learn about the JSON syntax and properties for a firewall in a template, see Microsoft.Network azureFirewalls template reference.
When you no longer need the resources that you created with the firewall, delete the resource group. This removes the firewall and all the related resources.
To delete the resource group, call the Remove-AzResourceGroup cmdlet:
Remove-AzResourceGroup -Name "<your resource group name>"
[!div class="nextstepaction"] Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal