Tutorial: Deploy and configure Azure Firewall and policy in a hybrid network using the Azure portal

When you connect your on-premises network to an Azure virtual network to create a hybrid network, the ability to control access to your Azure network resources is an important part of an overall security plan.

You can use Azure Firewall and Firewall Policy to control network access in a hybrid network using rules that define allowed and denied network traffic.

For this tutorial, you create three virtual networks:

• VNet-Hub - the firewall is in this virtual network.
• VNet-Spoke - the spoke virtual network represents the workload located on Azure.
• VNet-Onprem - The on-premises virtual network represents an on-premises network. In an actual deployment, it can be connected by either a VPN or ExpressRoute connection. For simplicity, this tutorial uses a VPN gateway connection, and an Azure-located virtual network is used to represent an on-premises network.

 If you  learn how to:

• Create the firewall hub virtual network
• Create the spoke virtual network
• Create the on-premises virtual network
• Configure and deploy the firewall and policy
• Create and connect the VPN gateways
• Peer the hub and spoke virtual networks
• Create the routes
• Create the virtual machines
• Test the firewall