Configuring The Application Rules In Azure Firewall

Introduction

In our previous article, we learned how to deploy the Azure Firewall; and configure the DNAT Rules in Azure Firewall. Currently, we can access our Virtual machine. We can access websites without any restrictions; this article will learn how to restrict the websites using the Application Rules in the Azure Firewall.

Step 1

Log in to our Virtual Machine and try some URLs in the web browser; we can access it without any issues.

Configuring The Application Rules in Azure Firewall

Step 2

We need to create a Route table to restrict the public internet access, so select the Create a resource and search Route Table.

Step 3

In the create Route table page, select the subscription, Resource group, enter the Route table's name, click create + review, and click Create.

Configuring The Application Rules in Azure Firewall

Step 4

Now, we need to associate our subnet to our route table, so select Subnets under the Settings and click + Associate, select the Virtual network, select the Virtual machine's subnet, and click ok.

Configuring The Application Rules in Azure Firewall

Step 5

We need to add the route, select Routes under the settings, and click + Add

Step 6

In the Add route, enter the name for the route; in the Address prefix, enter 0.0.0.0/0 select the Next hope type is Virtual appliance, and the next-hop address is our Firewall's private IP address and clicks Ok. So any traffic coming from outside the traffic goes tough the virtual appliance (Firewall).

Step 7

When we type the URL in the Virtual machine, we will receive the Action Deny message.

Configuring The Application Rules in Azure Firewall

Step 8

We will enable the Application rule to access the URL, so go to the Azure Firewall and select the Firewall policy.

Configuring The Application Rules in Azure Firewall

Step 9

Select the Application rule under the settings and click + Add a rule collection.

Configuring The Application Rules in Azure Firewall

Step 10

In the add rule collection, enter the below parameters,

  • Name: name for the rule
  • Rule collection type: Application
  • Priority: 100
  • Rule collection group: DefaultApplicationRuleCollectionGroup
  • Rules
    • Name: AllowGoogle
    • Source: our Virtual Machines IP address
    • Protocol: HTTP and HTTPS
    • Destination type: FQDN
    • Destination: www.google.com, .google.com,

Configuring The Application Rules in Azure Firewall

Step 11

When we refresh the browser again, we can reaccess Google.

Configuring The Application Rules in Azure Firewall


Similar Articles
IFS R&D International (Private) Limited
IFS is a global enterprise software vendor providing solutions that help companies get better return