SIMULATION -
You need to deploy an Azure firewall to a virtual network named VNET3.
To complete this task, sign in to the Azure portal and modify the Azure resources.
This task might take several minutes to complete. You can perform other tasks while the task completes.
To deploy an Azure Firewall in an existing virtual network VNET3, follow these steps. First, create a special subnet named AzureFirewallSubnet (required for Azure Firewall deployment). Go to Azure portal, search for Virtual Networks and select VNET3. In the overview section, take note of the region and resource group. Navigate to Subnets and click on + Subnet to add a new subnet. Name it AzureFirewallSubnet and specify an appropriate address range. Click OK to create the subnet. Next, add the Azure Firewall by going to the Firewall option in VNET3 settings. Choose `Click here to add a new firewall`, ensure the resource group and region match VNET3 settings, enter a name for the firewall, and associate a public IP address. Click Review + create and then Create to complete the deployment. Ensure the new subnet has a /26 size for optimal functionality as recommended in Azure documentation.
If you get this question on the exam, make sure to go into VNET3's address space and add another one. If you don't, you will not be able to create the AzureFireWall subnet and you will not complete the Azure Firewall configuration.
Correct. Az Firewall needs its OWN subnet. There can be nothing else on it.
I'm not sure if it makes any difference to the question, but it is recommended the AzureFirewallSubnet subnet has /26 size: https://docs.microsoft.com/en-us/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size https://docs.microsoft.com/en-us/azure/firewall/firewall-faq#why-does-azure-firewall-need-a--26-subnet-size
# Exam Question 12/10/2021
Also Required to add routing rule.
yes but we don't have enough informations to define the route. What is the next hop?
Just did mine today. When you opened the subnet in vnet 3, you can already see an existing subnet.. i just deleted that and reused the same subnet with the new azurefirewallsubnet
Subnet name needs to be AzureFirewallManagementSubnet
Totally wrong my friend, as you can see in the URL ( https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-deploy-portal#create-a-vnet STEP 10 ) the name for the subnet MUST be AzureFirewallSubnet. Cheers.
"Force tunneling requires this virtual network have a subnet named AzureFirewallManagementSubnet" in the Azure portal when tested today
You will see this message if you've selected 'Basic' as the tier since forced tunnelling is mandated. If you select 'Standard' instead, that message will disappear and you return to requiring 'AzureFirewallSubnet'.
You will see this message if you've selected 'Basic' as the tier since forced tunnelling is mandated. If you select 'Standard' instead, that message will disappear and you return to requiring 'AzureFirewallSubnet'.
"Force tunneling requires this virtual network have a subnet named AzureFirewallManagementSubnet" in the Azure portal when tested today
You will see this message if you've selected 'Basic' as the tier since forced tunnelling is mandated. If you select 'Standard' instead, that message will disappear and you return to requiring 'AzureFirewallSubnet'.
AzureFirewallManagementSubnet = With forced tunneling AzureFirewallSubnet = Without forced tunneling Determined at creation of firewall - cannot be changed later.
You will see this message if you've selected 'Basic' as the tier since forced tunnelling is mandated. If you select 'Standard' instead, that message will disappear and you return to requiring 'AzureFirewallSubnet'.
Sign in to the Azure portal: Go to https://portal.azure.com and sign in with your Azure account credentials. Select “Create a resource”: On the left-hand menu, click on “+ Create a resource”. Search for “Firewall”: In the “Search the Marketplace” box, type “Firewall” and select “Firewall” from the dropdown menu. Create firewall: Click the “Create” button to start the Azure Firewall deployment process. Configure basic settings: Subscription: Select your Azure subscription. Resource group: Choose the resource group where VNET3 is located. Name: Enter a name for the firewall. Region: Choose the region where VNET3 is located. Configure networking settings: Virtual network: Select VNET3 from the dropdown menu. Public IP address: Create a new public IP address or use an existing one. Review + create: Review your settings and click “Create” to deploy the Azure Firewall to VNET3.
My questions is, from the VNet, why can't the Firewall be added from the Firewall blade in Settings?