Testing environment for Azure Firewall Premium

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Deploy To Azure


This template deploys a complete testing environment for Azure Firewall Premium enabled with IDPS, TLS Inspection, URL Filtering and Web Categories:


  • The template deploys a new Azure Firewall Premium and Firewall Policy with predefined settings to allow easy validation of its core capabilities (IDPS, TLS Inspection, URL Filtering and Web Categories)
  • The template deploys all dependencies including Key Vault and a Managed Identity. In a production environment these resources may already be created and not needed in the same template.
  • The template generates self signed Root CA and deploys it on the generated Key Vault
  • The template generates a derived Intermediate CA and deploys it on a Windows testing machine (WorkerVM)
  • A Bastion Host (BastionHost) is also deployed and can be used to connect to the Windows testing machine (WorkerVM)
  • Firewall Policy is pre-configured with TLS inspection and IDPS enabled. You can test it via the following URLs

Azure Firewall is a managed cloud-based network security service that protects your Azure Virtual Network resources. It is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual network. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network.

Learn more at https://docs.microsoft.com/azure/firewall.

Tags: Microsoft.Resources/deploymentScripts, Microsoft.ManagedIdentity/userAssignedIdentities, Microsoft.KeyVault/vaults, Microsoft.KeyVault/vaults/secrets, Microsoft.Network/routeTables, Microsoft.Network/virtualNetworks, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, CustomScriptExtension, Microsoft.Network/publicIpAddresses, Microsoft.Network/bastionHosts, Microsoft.Network/firewallPolicies, UserAssigned, Microsoft.Network/firewallPolicies/ruleCollectionGroups, Allow, Deny, Microsoft.Network/azureFirewalls