Creating a DMZ in an Azure VNet with a firewall appliance

Reference architecture

Im in the process of putting together a new Azure design for a client. As always in Azure, the network components form the core of the design. There was a couple of key requirements that needed to be addressed that the existing environment had outgrown: lack of any layer 7 edge heightened security controls and a lack of a DMZ.

I was going through some designs that I’ve previously done and was checking the Microsoft literature on what some fresh design patterns might look like, in case anything’s changed in recent times. There is still only a single reference 1 on the Microsoft Azure documentation and it still references ASM and not ARM.

For me then, it seems that the existing pattern I’ve used is still valid. Therefore, I thought I’d share what that architecture would look like via this quick blog post.

DMZ with a firewall appliance design

Here’s an overview of some key points on the design:


Questions?

Have a question about this post? Ask away on Twitter or in my AMA repo.