Introduction
In our previous article, we learned how to deploy the Azure Firewall; and configure the DNAT Rules in Azure Firewall. Currently, we can access our Virtual machine. We can access websites without any restrictions; this article will learn how to restrict the websites using the Application Rules in the Azure Firewall.
Step 1
Log in to our Virtual Machine and try some URLs in the web browser; we can access it without any issues.
![Configuring The Application Rules in Azure Firewall]()
Step 2
We need to create a Route table to restrict the public internet access, so select the Create a resource and search Route Table.
![]()
Step 3
In the create Route table page, select the subscription, Resource group, enter the Route table's name, click create + review, and click Create.
![Configuring The Application Rules in Azure Firewall]()
Step 4
Now, we need to associate our subnet to our route table, so select Subnets under the Settings and click + Associate, select the Virtual network, select the Virtual machine's subnet, and click ok.
![Configuring The Application Rules in Azure Firewall]()
Step 5
We need to add the route, select Routes under the settings, and click + Add.
![]()
Step 6
In the Add route, enter the name for the route; in the Address prefix, enter 0.0.0.0/0 select the Next hope type is Virtual appliance, and the next-hop address is our Firewall's private IP address and clicks Ok. So any traffic coming from outside the traffic goes tough the virtual appliance (Firewall).
![]()
Step 7
When we type the URL in the Virtual machine, we will receive the Action Deny message.
![Configuring The Application Rules in Azure Firewall]()
Step 8
We will enable the Application rule to access the URL, so go to the Azure Firewall and select the Firewall policy.
![Configuring The Application Rules in Azure Firewall]()
Step 9
Select the Application rule under the settings and click + Add a rule collection.
![Configuring The Application Rules in Azure Firewall]()
Step 10
In the add rule collection, enter the below parameters,
- Name: name for the rule
- Rule collection type: Application
- Priority: 100
- Rule collection group: DefaultApplicationRuleCollectionGroup
- Rules
- Name: AllowGoogle
- Source: our Virtual Machines IP address
- Protocol: HTTP and HTTPS
- Destination type: FQDN
- Destination: www.google.com, .google.com,
![Configuring The Application Rules in Azure Firewall]()
Step 11
When we refresh the browser again, we can reaccess Google.
![Configuring The Application Rules in Azure Firewall]()