Azure Firewall & Hub | Create Hub-Spoke Network | AZ-305 | K21Academy
Ғылым және технология
💼 Join our free class to discover our exclusive three-step framework designed to help you achieve certification and secure high-paying jobs in Azure and DevOps: bit.ly/3XchMEA
------------
🌐 Blog On Azure Firewall: bit.ly/4aIo5mJ
------------
📞 Need Career Guidance or Cloud Certifications? Apply to Work with Us: bit.ly/456R5TL
------------
🚀 Join Cloud School (Everything We’ve Learned in Cloud): bit.ly/3vFBcX7
------------
📩 Join 2,05,000+ Learning How To Scale Cloud/AI/Data Career By Subscribing For Free To The “Cloud/AI/Data Newsletter": bit.ly/4bJKZuS
------------
Hub and Spoke with Azure Firewall ☁️🔒
In this video, we going to show you how to create a Hub-Spoke network configuration with Azure Firewall using Azure Portal.
🔒 The Azure-Firewall filters traffic among stages as well as inbound traffic from on-premises.
🤔 What is a Hub-Spoke network?
↪ Think of the Hub-Spoke as two different networks, network1 is hub, network2 is spoke. Network1 acts as the central point of connectivity and perimeter for your network where all traffic has to enter and leave where it can be monitored before it reaches your network2 which is the spoke.
🤔 Why a Hub-Spoke network?
Various reasons let to this type of configuration, key areas as to why:-
↪ Cost effective:- Having a centralised-hub you will be saving cost on NVA’s such as Firewalls , third-party intrusion applications
↪ Deployment time:- No need to deploy multiple DNS servers/AD Controllers per vNET having these centralised will save time, money and even admin-overhead
↪ Azure specific:- Overcome some subscription limits by peering virtual networks from different subscriptions to the central hub
↪ Security:- Having a central hub where any incoming/out-going traffic is monitored before it has access to any of the spoke virtual networks
𝐉𝐨𝐢𝐧 𝐭𝐡𝐞 𝐅𝐑𝐄𝐄 𝐌𝐚𝐬𝐭𝐞𝐫𝐜𝐥𝐚𝐬𝐬 𝐨𝐧 [𝐀𝐙-𝟑𝟎𝟓] 𝐌𝐢𝐜𝐫𝐨𝐬𝐨𝐟𝐭 𝐀𝐳𝐮𝐫𝐞 𝐒𝐨𝐥𝐮𝐭𝐢𝐨𝐧𝐬 𝐀𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭 𝐄𝐱𝐩𝐞𝐫𝐭 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧 𝐅𝐨𝐫 𝐁𝐞𝐠𝐢𝐧𝐧𝐞𝐫𝐬 𝐛𝐲 𝐜𝐥𝐢𝐜𝐤𝐢𝐧𝐠 𝐡𝐞𝐫𝐞 bit.ly/34CsFXm
Topics covered in the video are:
00:00 - Introduction
00:13 - What is a Firewall
07:47 - Hub & Spoke Model
14:02 - Hub & Spoke On Azure Portal
18:25 - Create a Firewall
21:25 - Creating Virtual Machines
25:52 - Before & After effects of our RDP Machine
30:52 - Connecting our Hub & Spoke
31:57 - Creating Route Tables
33:44 - Associating our Route Tables with Subnets
37:37 - Creating Application Rule
40:35 - Join our Free Class!!
#az305 #azure #azuresolutionsarchitecttutorial #azuresolutionsarchitect #azure #microsoftazure #az305onlinetutorial #az305onlineclasses #az305onlinetraining #azurefirewall #azurehub #azurearchitecture #k21academy #askatul
Subscribe us and know more about latest Cloud technology: k21academy.com/youtube
---------------------------------------------------------------------------------------------------------------
LET'S CONNECT ON SOCIAL ↴
➽ Facebook: k21academy.com/Facebook
➽ Linkedin:k21academy.com/linkedin
➽ Twitter: k21academy.com/twitter
➽ Instagram: k21academy.com/instagram
See you in the next video!
Пікірлер: 63
💼 Join our free class to discover our exclusive three-step framework designed to help you achieve certification and secure high-paying jobs in Azure and DevOps: bit.ly/3XchMEA
Very nicely explained the concept of Hub and Spoke, thank you!
@K21Academy
Жыл бұрын
Thanks, keep watching!
Great content, we're about to migrate to this architecture so many thanks for explaining hub-spoke arch. !
@K21Academy
Жыл бұрын
Thanks, keep watching!
Very clear explanation, though i have no prior networking knowledge I was able to understand the entire explanation. Thanks alot!
@K21Academy
Жыл бұрын
Thank you. yours words inspire us to do more and serve you with the best.
man you're awesome! Thank you for uploading this.
@K21Academy
Жыл бұрын
Hey thanks! Do let us know what would you love to watch next?
This explanation was perfect. Thank you.
@K21Academy
Жыл бұрын
Thanks, keep watching!
Awesome..Explanation.Really liked it.Thank you so much for these kind of stuff.
@K21Academy
Жыл бұрын
Thanks, keep watching!
Great walkthrough!!
@K21Academy
Жыл бұрын
Thanks, keep watching!
Very nicely explained the concept of Hub and Spoke
@K21Academy
6 ай бұрын
Glad you liked it! 😊 Please do let us know what videos you'll like to see next?
Very crisp and informative.
@K21Academy
Жыл бұрын
Thanks, keep watching!
@K21Academy
Жыл бұрын
Thanks, keep watching!
Great Explanation👍🏻
@K21Academy
2 жыл бұрын
Thank you, keep watching!
@yaaweehoo
Жыл бұрын
Indeed!
thanks for sharing real scenario ,,very much clear explanation
@K21Academy
3 ай бұрын
Glad it was helpful!
Valuable content 👏👏
@K21Academy
2 жыл бұрын
Thank you, keep watching!
very beautiful explanation ,seeing the architecture might terrifying for begineers or fresher after your brief anyone can accomplish!
@K21Academy
3 ай бұрын
Glad you liked it!
very well explained
@K21Academy
2 жыл бұрын
Thanks, keep watching!
Very nice content
@K21Academy
Жыл бұрын
Hey! Thanks for the feedback. Do let us know what videos you'd like to see next?
Amazing material thanks so much for sharing
@K21Academy
Ай бұрын
Thank you for your kind words, we appreciate your support!
Thanks for your knowledge
@K21Academy
Жыл бұрын
Thanks, keep watching!
@K21Academy
Жыл бұрын
Thanks, keep watching!
Awesome
@K21Academy
Жыл бұрын
Thanks, keep watching.
Great 👍
@K21Academy
6 ай бұрын
Thank you! Cheers!
Great thank you ❤
@K21Academy
Жыл бұрын
Hey, thanks to you too! Do let us know what videos you'd like to watch next?
@romjohnawacay6390
Жыл бұрын
@@K21Academy im looking for azure application gateway with multiple listners and backend pool
@K21Academy
Жыл бұрын
Thanks for the suggestion. Stay tuned!
I remember in my previous organization, not all subnets have route table associated. And the traffic still goes to the firewall. How can that be achieved?
@K21Academy
Жыл бұрын
In order for traffic to go through the firewall, even if not all subnets have associated route tables, you can configure the default route on the firewall to forward all traffic to the appropriate destination. By setting up the default route, any traffic that does not have a specific route defined will be sent to the firewall for further processing and inspection. This ensures that all network traffic passes through the firewall, regardless of the subnet's individual route table configuration. Hope this helps. Regards Team K21Academy
Good explanation. Could you also show how to use firewall to intercept traffic for malicious content in a scenario where there is a traffic manager and app services as its backend pools?
@K21Academy
6 ай бұрын
To give you a short overview In a scenario where there is a Traffic Manager and App Services as its backend pools, Azure Firewall can be used to intercept traffic for malicious content by deploying it in the same virtual network as the App Services. This will allow Azure Firewall to inspect all traffic going to and from the App Services, and block any traffic that is found to be malicious. We cover this practical implementation during our sessions. To know more? Join our FREE Class: bit.ly/4a9v9cq
@Shravan_Reddy
6 ай бұрын
Thanks @@K21Academy Does this mean, in this specific scenario a VNET is mandatory for App service setup?
I see, you created two VM's with public IP's for each vnet. I think one VM with public IP is enough.. You can take any one work(spoke) machine using RDP from public IP machine. from that work(spoke) machine the second work machine can be taken for RDP.. just cost saving for public IP.. Another options is to enable bastion- can be in production environment (mid to big size).. Please comment on your views..
@K21Academy
3 ай бұрын
We are using the hub as a firewall. This Firewall is common for 2 machines that are acting as 2 work machines in different machines. So if we are connecting one with public IP to other with private, then only one will be working at a time either. then there is no use of creating 2 separate work machines.
May i know how internet was working prior to attaching it with firewall vnet ? I think we need nat gateway in vnet for the same
@Cloudgyan87
2 жыл бұрын
internet is allowed by default on Azure Vms while creating
hmm don't understand why you would route traffic from a different geo-region to another geo-region fw? you would said the traffic over the vNET peering to the speak to the other regions surely?
@praveenkumarp1357
Жыл бұрын
He was Deployed the HUB ( Firewall ) Subnet on a different region and all other two Spoke subnets was deployed on other two different regions. Inorder to communicate the Spoke Subnets to Firewall subnets we have to enable the Regional VNET Peering , then only Spoke Subnets on Different regions can communicate with Firewall Subnets. In Azure , Azure Firewall Deployment Under each VNETS is not a logical solution as it is bit Costly. That is the reason why he was created a Single firewall under firewall Subnet on Different region and routed all the Spoke Subnet Traffic towards to Firewall Subnet and attached the Spoke subnets on Routing tables. Which means any traffic that is originating from the Spokes subnet to any destinations will be routed to Azure Firewall and based on the Firewall rules ( Network/Application rules) the services will be allow/deny by firewall.
@ismashkhy
Жыл бұрын
@@praveenkumarp1357 Azure VPN gateway is the major Trap, when you start creating your network and depending to it you need the VPN gateway as the core, and you realize later on the cost it incur that your whole mesh network is dependent to it you cannot just turn it off. that is why others are switching to SDNetworking, trashing the azure vpn gateway out of the scene. I maybe wrong about this, I would be happy someone could shed some light into this.
Do we require NSG rule allowed for internet to achieve this
@K21Academy
11 ай бұрын
No, you do not need to configure Network Security Group (NSG) rules to allow internet access. When VM-work does not have a public IP and the traffic is passing through Azure Firewall, it means that the access to VM-work is restricted to internal network traffic only. In this setup, VM-work is not directly accessible from the internet, and its inbound traffic is controlled by the Azure Firewall. So if you setup NSG rules then also it will not show any response to it. Hope this helps! Regards Team K21Academy
dose azure firewall support ikev2 VPN (on premise to Azure ) or need VPN gateway
@K21Academy
6 ай бұрын
Yes, Azure Firewall supports IKEv2 VPN for on-premises to Azure VPN connections. However, it is important to note that the Azure Firewall VPN Gateway is still required to create the connection.
@sandeepdhuri
6 ай бұрын
@@K21Academy Thank you