Deploying the EVA

Stormshield's Microsoft Azure Marketplace page does not allow step-by-step deployments of SNS firewalls that have more than one network interface.
The method presented is therefore based on the use of a customized template which you can find in Stormshield's Github area.

 

  1. Go to Stormshield's Github page by clicking on the following link: https://github.com/stormshield/azure-templates/tree/master/sns/sns-2-nics,
  2. Click on Deploy to Azure,
  3. Log on using your Azure or Microsoft account.
    The pre-entered deployment form will then appear.
  4. All the values suggested in this template's fields can be customized.

 

Basic information

  • Subscription: select an Azure subscription associated with your account.
  • Select or create a resource group (SNS-Documentation in the example).
  • Select the geographic location in which your firewall is hosted.

 

Settings

  • SNS Admin password: type the password assigned to the firewall's admin account.
  • Vnet Name: enter the name of the virtual network that groups the firewall's public and private networks (virtual-network in the template).
  • Vnet Prefix: indicate the network and network mask of this virtual network (192.168.0.0/16 in the template). This network needs to be chosen from the IP address ranges that are not routed over the Internet.
  • Public Subnet Name: enter the name of the sub-network in which the firewall's public interface is located (Public in the template).
  • Public Subnet Prefix: indicate the network and network mask of this public sub-network (192.168.0.0/24 in the template). This must be a sub-network of Vnet Prefix.
  • Private Subnet Name: enter the name of the sub-network in which the firewall's private interface is located (Private in the template).
  • Private Subnet Prefix: indicate the network and network mask of this private sub-network (192.168.1.0/24 in the template). This must be a sub-network of Vnet Prefix.
  • SNS Name: specify the name assigned to your EVA (sns-gateway in the template).
  • SNS If Public Name: indicate the name assigned to the firewall's public interface (sns-gateway-public-nic in the template).
  • SNS If Public IP: indicate the IP address allocated to the firewall's public interface (192.168.0.100 in the template). This address must belong to the network defined in the Public Subnet Prefix field.
  • SNS If Private Name: indicate the name assigned to the firewall's private interface (sns-gateway-private-nic in the template).
  • SNS If Private IP: indicate the IP address allocated to the firewall's private interface (192.168.1.100 in the template). This address must belong to the network defined in the Private Subnet Prefix field.
  • VM Size: select a virtual machine model that supports several network interfaces (Standard_D2s_v3 in the template). Find out more about the characteristics of various virtual machine models on this page.
  • Public IP Name: Enter a name that describes the public IP address that Microsoft Azure has allocated to the firewall (sns-gateway-public-ip in the template).
  • Route Table Name: give a name to the firewall's private routing table (route-table-private in the template).

 

When all mandatory fields have been entered, read the Microsoft Azure Marketplace conditions carefully, select the "I agree to the terms and conditions stated above" checkbox and click on Purchase.

The deployment of the firewall will begin. A "Deployment successful" notification will appear when the firewall is created on the hosting platform.