Raw New Markdown
Generating updated version of doc...
Rendered New Markdown
Generating updated version of doc...
---
title: 'Quickstart: Create an Azure Firewall with Availability Zones - Bicep'
description: In this quickstart, you deploy Azure Firewall using Bicep. The virtual network has one VNet with three subnets. Two Windows Server virtual machines, a jump box, and a server are deployed.
services: firewall
author: duongau
ms.service: azure-firewall
ms.topic: quickstart
ms.custom: subject-armqs, mode-arm, devx-track-bicep
ms.date: 06/28/2022
ms.author: duau
# Customer intent: "As a cloud administrator, I want to deploy an Azure Firewall using Bicep in a virtual network with multiple subnets, so that I can manage network security effectively and ensure high availability across Availability Zones."
---
# Quickstart: Deploy Azure Firewall with Availability Zones - Bicep
In this quickstart, you use Bicep to deploy an Azure Firewall in three Availability Zones.
[!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)]
The Bicep file creates a test network environment with a firewall. The network has one virtual network (VNet) with three subnets: *AzureFirewallSubnet*, *ServersSubnet*, and *JumpboxSubnet*. The *ServersSubnet* and *JumpboxSubnet* subnet each have a single, two-core Windows Server virtual machine.
The firewall is in the *AzureFirewallSubnet* subnet, and has an application rule collection with a single rule that allows access to `www.microsoft.com`.
A user-defined route points network traffic from the *ServersSubnet* subnet through the firewall, where the firewall rules are applied.
For more information about Azure Firewall, see [Deploy and configure Azure Firewall using the Azure portal](tutorial-firewall-deploy-portal.md).
## Prerequisites
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
## Review the Bicep file
This Bicep file creates an Azure Firewall with Availability Zones, along with the necessary resources to support the Azure Firewall.
The Bicep file used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/azurefirewall-with-zones-sandbox).
:::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/azurefirewall-with-zones-sandbox/main.bicep":::
Multiple Azure resources are defined in the Bicep file:
- [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts)
- [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables)
- [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups)
- [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks)
- [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses)
- [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces)
- [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines)
- [**Microsoft.Network/azureFirewalls**](/azure/templates/microsoft.network/azureFirewalls)
## Deploy the Bicep file
1. Save the Bicep file as `main.bicep` to your local computer.
1. Deploy the Bicep file using either Azure CLI or Azure PowerShell.
# [CLI](#tab/CLI)
```azurecli
az group create --name exampleRG --location eastus
az deployment group create --resource-group exampleRG --template-file main.bicep --parameters adminUsername=<admin-user>
```
# [PowerShell](#tab/PowerShell)
```azurepowershell
New-AzResourceGroup -Name exampleRG -Location eastus
New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -adminUsername "<admin-user>"
```
---
> [!NOTE]
> Replace **\<admin-user\>** with the administrator login username for the virtual machine. You'll be prompted to enter **adminPassword**.
When the deployment finishes, you should see a message indicating the deployment succeeded.
## Review deployed resources
Use the Azure portal, Azure CLI, or Azure PowerShell to validate the deployment and review the deployed resources.
# [CLI](#tab/CLI)
```azurecli-interactive
az resource list --resource-group exampleRG
```
# [PowerShell](#tab/PowerShell)
```azurepowershell-interactive
Get-AzResource -ResourceGroupName exampleRG
```
---
To learn about the syntax and properties for a firewall in a Bicep file, see [Microsoft.Network/azureFirewalls](/azure/templates/microsoft.network/azurefirewalls).
## Clean up resources
When you no longer need them, use the Azure portal, Azure CLI, or Azure PowerShell to remove the resource group, firewall, and all related resources.
# [CLI](#tab/CLI)
```azurecli-interactive
az group delete --name exampleRG
```
# [PowerShell](#tab/PowerShell)
```azurepowershell-interactive
Remove-AzResourceGroup -Name exampleRG
```
---
## Next steps
Next, you can monitor the Azure Firewall logs.
> [!div class="nextstepaction"]
> [Tutorial: Monitor Azure Firewall logs](./firewall-diagnostics.md)