Proposed Pull Request Change

📄 Document Links

View on GitHub View on Microsoft Learn

--- title: 'Quickstart: Create an Azure Firewall with multiple public IP addresses - Bicep' description: In this quickstart, you learn how to use a Bicep file to create an Azure Firewall with multiple public IP addresses. services: firewall author: mumian ms.service: azure-firewall ms.topic: quickstart ms.author: jgao ms.date: 10/19/2023 ms.custom: - subject-armqs - mode-arm - devx-track-bicep - sfi-image-nochange # Customer intent: As a cloud architect, I want to deploy an Azure Firewall with multiple public IP addresses using a Bicep file, so that I can enable secure remote access to my virtual machines efficiently. --- # Quickstart: Create an Azure Firewall with multiple public IP addresses - Bicep In this quickstart, you use a Bicep file to deploy an Azure Firewall with multiple public IP addresses from a public IP address prefix. The deployed firewall has NAT rule collection rules that allow RDP connections to two Windows Server 2019 virtual machines. :::image type="content" source="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png" alt-text="Diagram showing the network configuration for this quickstart." lightbox="media/quick-create-multiple-ip-bicep/azure-firewall-multiple-ip.png"::: [!INCLUDE [About Bicep](~/reusable-content/ce-skilling/azure/includes/resource-manager-quickstart-bicep-introduction.md)] For more information about Azure Firewall with multiple public IP addresses, see [Deploy an Azure Firewall with multiple public IP addresses using Azure PowerShell](deploy-multi-public-ip-powershell.md). ## Prerequisites - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn). ## Review the Bicep file This Bicep file creates an Azure Firewall with two public IP addresses, along with the necessary resources to support the Azure Firewall. The Bicep file used in this quickstart is from [Azure Quickstart Templates](https://azure.microsoft.com/resources/templates/fw-docs-qs). :::code language="bicep" source="~/quickstart-templates/quickstarts/microsoft.network/fw-docs-qs/main.bicep"::: Multiple Azure resources are defined in the template: - [**Microsoft.Network/networkSecurityGroups**](/azure/templates/microsoft.network/networksecuritygroups) - [**Microsoft.Network/publicIPPrefix**](/azure/templates/microsoft.network/publicipprefixes) - [**Microsoft.Network/publicIPAddresses**](/azure/templates/microsoft.network/publicipaddresses) - [**Microsoft.Network/virtualNetworks**](/azure/templates/microsoft.network/virtualnetworks) - [**Microsoft.Compute/virtualMachines**](/azure/templates/microsoft.compute/virtualmachines) - [**Microsoft.Storage/storageAccounts**](/azure/templates/microsoft.storage/storageAccounts) - [**Microsoft.Network/networkInterfaces**](/azure/templates/microsoft.network/networkinterfaces) - [**Microsoft.Network/azureFirewalls**](/azure/templates/microsoft.network/azureFirewalls) - [**Microsoft.Network/routeTables**](/azure/templates/microsoft.network/routeTables) ## Deploy the Bicep file 1. Save the Bicep file as **main.bicep** to your local computer. 1. Deploy the Bicep file using either Azure CLI or Azure PowerShell. # [CLI](#tab/CLI) ```azurecli az group create --name exampleRG --location eastus az deployment group create --resource-group exampleRG --template-file main.bicep --parameters adminUsername=<admin-username> ``` # [PowerShell](#tab/PowerShell) ```azurepowershell New-AzResourceGroup -Name exampleRG -Location eastus New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -adminUsername "<admin-username>" ``` --- > [!NOTE] > Replace **\<admin-username\>** with the admin username for the backend server. You will be prompt to enter the admin password. When the deployment finishes, you should see a message indicating the deployment succeeded. ## Validate the deployment In the Azure portal, review the deployed resources. Note the firewall public IP addresses. Use Remote Desktop Connection to connect to the firewall public IP addresses. Successful connection demonstrates firewall NAT rules that allow the connection to the backend servers. ## Clean up resources When you no longer need the resources that you created with the firewall, delete the resource group. This removes the firewall and all the related resources. To delete the resource group, call the `Remove-AzResourceGroup` cmdlet: ```azurepowershell-interactive Remove-AzResourceGroup -Name "exampleRG" ``` ## Next steps > [!div class="nextstepaction"] > [Tutorial: Deploy and configure Azure Firewall in a hybrid network using the Azure portal](tutorial-hybrid-portal.md)