In this hands-on Azure lab, I walk you through a complete real-world
architecture from scratch to a working web server on a private VM that's
only reachable through Azure Firewall.
🔧 What we build:
✅ Resource Group & Virtual Network (VNet)
✅ Azure Firewall Subnet + Bastion Subnet
✅ NAT Gateway (so the private VM can reach the internet to install packages)
✅ Private VM (no public IP)
✅ Bastion SSH into the private VM
✅ Install Apache2 and deploy a custom HTML page
✅ Azure Firewall DNAT rule to expose the web page via the Firewall's public IP
🎯 Result: You type the Firewall's public IP in a browser and you see the
private VM's web page that says "I learnt Azure Firewall today."
This is the kind of architecture you'll see in real enterprise environments
where security teams don't allow direct public IP access to servers.
🚀 Perfect for:
- AZ-104 exam prep
- Cloud engineering beginners
- Anyone preparing for DevOps or cloud roles
📌 Like, comment, and subscribe for more practical Azure labs every week.
👇 Drop your questions below
#Azure #AzureFirewall #CloudEngineering #DevOps #AZ104 #CloudLab
