To create an Azure Firewall subnet in the existing virtual network enter and select Virtual networks in the search bar.

Select app-vnet.

Select Subnets.

Select + Subnet.

Enter the required information and select Save.
Property Value
Name AzureFirewallSubnet
Address range 10.1.63.0/24

To Create an Azure Firewall enter and select Firewall in the Azure search portal.

Select + Create.

Create a firewall by using the values in the following table. Use the default for any property that is not specified.

Property Value:
Resource group -- RG1
Name -- app-vnet-firewall
Firewall SKU -- Standard
Firewall management -- Use a Firewall Policy to manage this firewall
Firewall policy -- select Add new
Policy name -- fw-policy
Region -- East US
Policy Tier -- Standard
Choose a virtual network -- Use existing
Virtual network -- app-vnet (RG1)
Public IP address -- Add new: fwpip

Select Review + create and then select Create.

To update the Firewall Policy enter and select Firewall Policies in the search bar.

Select fw-policy.

Select Application rules.

Click on ”+ Application rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-rule-collection
Rule collection type -- Application
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultApplicationRuleCollectionGroup

Under rules use the values with the following information:

Property Value:
Name -- AllowAzurePipelines
Source type -- IP address
Source -- 10.1.0.0/23
Protocol -- https
Destination type -- FQDN
Destination -- dev.azure.com, azure.microsoft.com
and press Add

To create a network rule collection that contains a single IP Address rule by using the values in the following table. Use the default for any property that is not specified.

Select Network rules.

Select on ”+ Network rule collection”.

Use the values in the following table. Use the default for any property that is not specified.

Property Value:
Name -- app-vnet-fw-nrc-dns
Rule collection type -- Network
Priority -- 200
Rule collection action -- Allow
Rule collection group -- DefaultNetworkRuleCollectionGroup

Under rules use the values with the following information:

Property -- Value
Rule -- AllowDns
Source -- 10.1.0.0/23
Protocol -- UDP
Destination ports -- 53
Destination addresses -- 1.1.1.1, 1.0.0.1
And select Add.

To verify that the Azure Firewall and Firewall Policy provisioning state show Succeeded enter and select app-vnet-firewall and fw-policy respectively then validate that the provisioning state is succeeded.