Before you continue, consider reading this blog to understand the basics of network security in the cloud.
- ✅ Create Resource Group & Virtual Network
- ✅ Create Subnets (VM, Firewall, Firewall Management)
- ✅ Create Public IP
- ✅ Deploy Azure Firewall
- ✅ Deploy a Test VM
- ✅ Configure NSG
- ✅ Create Firewall Rules (DNAT + Outbound)
- ✅ Test access (RDP, outbound internet)
- Double-check DNAT and NSG rules
- Verify VM has no public IP
- Use correct key or password
- Is 0.0.0.0/0 routing to firewall?
- Did you allow TCP 80/443 outbound on firewall?
- DNS might be the issue → use nslookup
"LinkedAccessCheckFailed"- You need Network Contributor role on the subnet/resource group
- Effective Routes: On VM NIC, confirm next hop is the firewall
- Effective Rules: Make sure NSG isn't blocking needed traffic
- Use Azure Network Watcher to troubleshoot connections
-
Use Azure Bastion as an alternative to SSH
-
Clean up easily:
az group delete --name Lab-RG --yes
-
Tag your resources for easy management
-
Monitor with Azure Monitor or Log Analytics
You've now built a secure Azure lab with:
- NSGs for basic security
- Azure Firewall for advanced filtering
- Custom routing and NAT rules
💡 Bonus Tips
- ✅ Use Azure Bastion as a backup connection method if SSH fails
- ✅ Tag each resource (Lab, Firewall, etc.) so you don’t delete wrong ones
- ✅ Review Activity Log in the Azure portal if a deployment fails
- ✅ Use Network Watcher > Connection Troubleshoot to test VM-to-internet reachability