Creating a DMZ in an Azure VNet with a firewall appliance

Reference architecture

Im in the process of putting together a new Azure design for a client. As always in Azure, the network components form the core of the design. There was a couple of key requirements that needed to be addressed that the existing environment had outgrown: lack of any layer 7 edge heightened security controls and a lack of a DMZ.

I was going through some designs that I've previously done and was checking the Microsoft literature on what some fresh design patterns might look like, in case anything's changed in recent times. There is still only a single reference 1 on the Microsoft Azure documentation and it still references ASM and not ARM.

For me then, it seems that the existing pattern I've used is still valid. Therefore, I thought I'd share what that architecture would look like via this quick blog post.

DMZ with a firewall appliance design

Here's an overview of some key points on the design:

  1. Reference - Build a DMZ to Protect Networks with a Firewall, UDR, and NSG ↩︎

Microsoft Azure VNet Azure Networking Firewall

Discussion 💬

Follow or start a discussion for this blog (Creating a DMZ in an Azure VNet with a firewall appliance) on Twitter. If you're after something more in depth, or want to ask me an expanded question: raise an issue in my open GitHub AMA repo.