Hey guys, today I’m going to show you how to create DNAT rules for Azure Firewall with Powershell. DNAT stands for Destination Network Address Translation, and it allows you to redirect traffic from a public IP address to a private IP address on your virtual network. This is useful if you want to expose some services or applications to the internet without exposing your entire network.
To create a DNAT rule, you need to have an Azure Firewall resource and a public IP address associated with it. You also need to know the private IP address and port of the destination you want to redirect traffic to. Then, you can use the New-AzFirewallNatRule cmdlet to create the rule. Here’s an example on Powershell:
# Create a DNAT rule that redirects traffic from port 80 on the public IP address to port 8080 on the private IP address 10.0.0.4
$rule = New-AzFirewallNatRule -Name “WebApp” -Protocol “TCP” -SourceAddress “*” -DestinationAddress $publicIp -DestinationPort 80 -TranslatedAddress 10.0.0.4 -TranslatedPort 8080
# Add the rule to a NAT rule collection
$collection = New-AzFirewallNatRuleCollection -Name “MyCollection” -Priority 100 -Rule $rule
# Update the Azure Firewall with the NAT rule collection
Set-AzFirewall -Firewall $firewall -NatRule $collection
That’s it! Now you can test your DNAT rule by browsing to the public IP address of your Azure Firewall on port 80. You should see the web app running on port 8080 on your private IP address. I hope you found this tutorial helpful and stay tuned for more Azure tips and tricks!