Deploying the SNS EVA virtual firewall

There are two ways in which the SNS EVA virtual firewall can be deployed in Microsoft Azure:

  • From the Microsoft Azure portal: this method makes it possible to deploy a firewall with a single interface. An additional operation will be required after deployment to add more interfaces.

  • From the Stormshield azure-templates area on GitHub: with this method, you can deploy a firewall with two pre-configured interfaces by using a custom template.

Deploy your SNS EVA virtual firewall according to the method of your choice. Remember, you need an active Azure subscription (see Requirements).

Deploying the firewall from the Microsoft Azure portal

Deploying the firewall

  1. Sign in to the Microsoft Azure portal.
  2. Click on Create a resource.
  3. Search for the resource Stormshield Elastic Virtual Appliance and go to its page.
  4. Click on Create.
  5. In Project details:
    • Subscription field: select an Azure subscription linked to your account,
    • Resource group field: select or create a resource group (SNS-Documentation in the example).
  6. Fill in the form with information about your deployment.
  7. Click on Review + Create.

Adding a new interface to the firewall

  1. In the Microsoft Azure portal once again, click on Create a resource.

  2. Search for the resource Network interface and go to its page.

  3. Click on Create.
  4. In Project details:
    • Subscription field: select an Azure subscription linked to your account,
    • Resource group field: select the firewall's resource group.
  5. Fill in the form and click on Review + Create.

  6. Search for the firewall's virtual machine and click on its name.

  7. Click on Stop and confirm. Wait for the status of the virtual machine to turn to Stopped.

  8. In Settings > Networking, click on Attach network interface.

  9. Select the network interface to attach and confirm.

  10. Search for the new network interface and select it to show information about it.

  11. In Settings > IP configurations, enable IP forwarding. This setting allows the firewall to redirect traffic from protected virtual machines.

  12. Restart the firewall's virtual machine.

Once this is done, continue to the chapter Activating the SNS EVA virtual firewall.

Deploying the firewall from the Stormshield azure-templates area on GitHub

  1. Go to the Stormshield azure-templates area on GitHub.
  2. Click on Deploy to Azure.
  3. Sign in to the Microsoft Azure portal. The customized deployment form will then appear. All of the values can be customized according to your requirements.
  4.  In Project details:
    • Subscription field: select an Azure subscription linked to your account,
    • Resource group field: select or create a resource group (SNS-Documentation in the example),
  5. In Instance details, review and enter the information in the following fields:
Field Description
Region Geographical location in which the firewall is hosted.
SNS Admin password

Firewall's admin account password.

Vnet Name

Name of the virtual network that groups the firewall's public and private networks (virtual-network in the template).
Vnet Prefix

Virtual network and its mask (192.168.0.0/16 in the template). This network needs to be chosen from the IP address ranges that are not routed over the Internet.
Public Subnet Name

Name of the subnet in which the firewall's public interface is located (Public in the template).
Public Subnet Prefix

Public subnet and its mask (192.168.0.0/24 in the template). This prefix must be a subnet of Vnet Prefix.
Private Subnet Name

Name of the subnet in which the firewall's private interface is located (Private in the template).
Private Subnet Prefix

Private subnet and its mask (192.168.1.0/24 in the template). This prefix must be a subnet of Vnet Prefix.
SNS Name

Name of the firewall (sns-gateway in the template).
SNS If Public Name

Name of the firewall's public interface (sns-gateway-public-nic in the template).
SNS If Public IP

IP address of the firewall's public interface (192.168.0.100 in the template). This address must belong to the subnet Public Subnet Prefix.
SNS If Private Name

Name of the firewall's private interface (sns-gateway-private-nic in the template).
SNS If Private IP

IP address of the firewall's private interface (192.168.1.100 in the template). This address must belong to the subnet Private Subnet Prefix.
VM Size

The Azure instance with technical properties that match the SNS EVA virtual firewall model that you need (see technical characteristics).
Public IP Name

Name of the public IP address that Microsoft Azure has assigned to the firewall (sns-gateway-public-ip in the template).
Route Table Name

Name of the firewall's private routing table (route-table-private in the template).
  1. When all this information has been entered, click on Review + Create.

As soon as the deployment is complete, continue to the chapter Activating the SNS EVA virtual firewall.