Challenge 5 - Azure Firewall

< Previous Challenge - Home - Next Challenge>

Introduction

In this challenge, you will build an edge security architecture for Contoso.

Description

Contoso’s security team needs a centralized solution to restrict flows going into and out of the Azure environment. The environment should be protected from known malicious IP addresses.

For web traffic, web application protection from OWASP top 10 attacks and vulnerabilities is required. However the security team wants to review the logs before blocking any incoming requests. All logs should be captured and centrally stored for the security team to review.

For this challenge:

• Deploy a centralized firewall solution meeting the requirements above.

• The solution should be highly available and protect from any underlying infrastructure hardware failure.

Success Criteria

• You should have all flows secured by the firewalls in the Azure environment.

• The virtual machine should be able to reach www.microsoft.com.

• Outbound traffic to site www.youtube.com should be blocked.

• On-premises servers should be able to access the servers deployed in Azure.

• Logs should be are captured and available for review for 30 days.

Learning Resources

Azure Firewall

Azure Web application firewall

User defined routes

Virtual network routing

Azure Storage