How To Connect Azure Virtual Machine Within Firewall Using Bastion

Introduction

 
This article demonstrates how to connect to Azure Windows Virtual Machine within a Corporate Firewall. In general, we need to have a Public IP associated with Azure Virtual machine while connecting using Remote Desktop app in Windows. Corporate Firewall restricts these Public IP and does not allow to connect the Virtual machine within their network until we reach to IT Security team and asked them to allow the Public IP in Corporate Firewall. In some cases, they might not allow citing security reasons.
 
Microsoft comes with a PasS service Azure Bastion which helps overcome the above issue and the user can connect the Azure VM directly from the Azure portal within a Supported Browser(Chrome, Microsoft Chromium, Microsoft Edge).
 
Prerequisites
  • An Azure Subscription
  • An Azure Virtual Machine
You may already have an Azure subscription either through your company or through Visual Studio subscription. If not, please apply for a free trial Azure subscription.
 
If you came to this article from a search result, that means you have already created a Virtual machine and are trying to connect within the Corporate Firewall. If not, click here to create a new Windows Virtual Machine in Azure.
 
Make sure your Virtual machine is created in the region where the Azure Bastion Service is available.
 

Connect to Virtual Machine

 
Go to your Virtual machine dashboard as shown in below screenshot:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
Click on “Connect” as highlighted above and on the flyout menu, click on “Bastion”. On a click of “Bastion”, it will take you to the below screenshot:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
On click of the “Use Bastion” button, the page will be redirected to the below screen. You can see there is a red color warning which states to create Bastion for Virtual machine, we need to create a Subnet with the name “AzureBastionSubnet”
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
Click on the highlighted link “Manage subnet configuration” as shown in the above picture, the page will be redirected, as shown in the below screen:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
You can see as in the above screen that we already have Default subnet with address range 10.0.0.24, this is the same range of Address space available for this Virtual Network as shown in the screen below.
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
To create a new subnet, we need to add an additional address range to this Virtual Network as below. We have added a new Address range 10.0.1.0/24 the same range we will use to create the “AzureBastionSubnet”. Click the button “Save” to save the changes.
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
Click on the “Subnets” link as highlighted to return back to the below screen:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
On click of “+Subnet” a new right side screen opens as below.
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
In the name field add “AzureBastionSubnet” and Address Range will be automatically picked based on the address range we have created. Click “Ok” to add the AzureBastionSubnet.
 
Once AzureBastion Subnet is created, return to your Azure Virtual machine Overview screen, Click on “Connect” and choose “Bastion” as we have done in the first few steps. user will be redirected to the below screen.
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
On click of button “Use Bastion,” you will be redirected as shown in the below screen:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
On a Click of the “Create” button, as highlighted above, it will create a new bastion for the Virtual Machine. The creation of the bastion might take a few minutes.
 
Once Azure bastion is created, return to your Azure Virtual machine Overview screen, Click on “Connect” and choose “Bastion” as we have done in the first few steps. You will be redirected to the below screen.
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 
Enter the username and password which you would have provided while creating the Windows Virtual Machine. Click “Connect” and it will redirect you to a new tab in the browser and the Virtual machine will be connected, as shown in the below image:
 
How To Connect Azure Virtual Machine Within Corporate Firewall Security Restrictions
 

Summary

 
In this article, I discussed how we can connect to Windows Virtual Machine without using a remote desktop application. We discussed how to create Azure Bastion Subnet and use a Bastion service. This article will be useful for developers who want to learn something on Azure Virtual Machine within a Corporate Network but not able to connect due to the firewall.