**Azure Networking Lab Guide**

1. Setting Up a Virtual Network (VNet)

Objective:

Create and configure a Virtual Network (VNet) in Azure, which allows resources within Azure to
communicate securely with each other.

Steps:

1. Create a Virtual Network (VNet):

- In the Azure portal, search for Virtual Network in the search bar and select Create.

- Fill in the following details:

- Subscription: Select your Azure subscription.

- Resource Group: Choose an existing resource group or create a new one.

- Name: Name your VNet (e.g., MyVNet).

- Region: Choose a region (e.g., Central India).

- Address Space: Define the IP range for the VNet (e.g., 10.0.0.0/16).

2. Create Subnets:

- Under the Subnets section, click Add Subnet.

- For each subnet:

- Name: Give it a name (e.g., FrontendSubnet, BackendSubnet).

- Address Range: Assign a range of IP addresses (e.g., 10.0.1.0/24 for the frontend, 10.0.2.0/24 for the
backend).

- Click Add after configuring each subnet.

3. Configure Network Security Groups (NSGs):

- After creating the VNet, navigate to Network Security Groups in the portal.

- Create a new NSG and define inbound and outbound rules:

- Allow HTTP (Port 80) or HTTPS (Port 443) if you have web applications.

- Block all other traffic (default behavior).

4. Associate the NSG with Subnets:

- Once the NSG is created, go to your VNet, and under Subnets, associate the NSG with your subnets
(e.g., associate FrontendSubnet with the NSG created earlier).

**================================================================================**

--Configuring Azure Load Balancer--

Objective:

Set up an Azure Load Balancer to distribute traffic between multiple VMs and ensure high availability.

Steps:

1. Create a Load Balancer:

- Go to Create a resource > Networking > Load Balancer.

- Choose Public for a public-facing load balancer or Internal for internal traffic.

- Fill in the required fields:

- Name: MyLoadBalancer

- Region: Same as your VNet (e.g., East US).

- SKU: Choose Standard.

- Frontend IP configuration: Create a new public IP address.

2. Configure Backend Pool:

- Go to the Backend Pools section and click Add a backend pool.

- Name it (e.g., MyBackendPool) and add the VMs that you want to include in this pool.

3. Create Health Probes:

- Go to Health Probes > Add.

- Name: HTTPProbe

- Protocol: HTTP

- Port: 80

- Path: / (Make sure your VMs return a valid response from this endpoint).

- Click OK to create the probe.

4. Create Load Balancing Rules:

- Go to Load Balancing Rules and click Add.

- Name: MyLBRule

- Frontend IP: Use the public IP created in the frontend configuration.

- Backend Pool: Select the backend pool

- Protocol: TCP

- Port: 80

- Health Probe: Select the health probe you just created.

- Click OK to create the rule.

=====================================================================================

Setting Up VPN Gateway (Site-to-Site VPN)

Objective:

Establish a secure VPN connection between an on-premises network and Azure.

Steps:

1. Create a Virtual Network Gateway:

- Go to Create a resource > Networking > Virtual Network Gateway.

- Configure the following:

- Name: MyVPNGateway
 - Region: Same as your VNet.

- Gateway Type: VPN

- VPN Type: Route-based (recommended for most scenarios).

- SKU: Standard

- Virtual Network: Select the VNet you created earlier.

- Public IP address: Create a new public IP for the gateway.

2. Create the Local Network Gateway:

- Go to Create a resource > Networking > Local Network Gateway.

- Fill in the following details:

- Name: MyLocalGateway

- IP Address: Enter the public IP of your on-premises VPN device.

- Address Space: Enter the IP range of your on-premises network (e.g., 192.168.1.0/24).

3. Create the VPN Connection:

- Go to your Virtual Network Gateway and click Connections > Add.

- Provide the connection details:

- Name: MyVPNConnection

- Connection Type: Site-to-Site (IPsec)

- Local Network Gateway: Select the gateway you created in step 2.

- Shared Key: Enter a shared key (used for encryption).

4. Verify the VPN Connection:

- Once the connection is established, use the Connection Monitor in Network Watcher to test the VPN
connectivity.

=====================================================================================

--Setting Up ExpressRoute for Private Connectivity--

Use ExpressRoute to set up a private, dedicated connection between your on-premises network and
Azure.

Steps:

1. Create an ExpressRoute Circuit:

- Go to Create a resource > Networking > ExpressRoute.

Fill in the details:

- Name: MyExpressRouteCircuit

- Subscription: Choose the appropriate subscription.

- Resource Group: Select or create a resource group.

- Region: Choose the region.

- Provider: Select your connectivity provider.

- Peering Location: Choose the location where you will connect to the Azure network.

2. Configure Peering:

- After the ExpressRoute circuit is provisioned, go to Peering and configure the peering settings:

- Private Peering: For VNet-to-VNet connectivity.

- Public Peering: For accessing Microsoft services (e.g., Office 365).

- Microsoft Peering: For accessing Microsoft cloud services.

3. Link to Virtual Networks:

- Once the peering is configured, link the ExpressRoute circuit to your Azure VNets.

**Configuring Azure Firewall**

Objective:
Use Azure Firewall to secure and monitor network traffic in your Azure environment.

Steps:

1. Create Azure Firewall:

- Go to Create a resource > Networking > Firewall.

- Fill in the details:

- Name: MyAzureFirewall

- Region: Same region as your VNet.

- Virtual Network: Select the VNet where the firewall will be deployed.

2. Configure Firewall Policies:

- Go to Firewall Policies and click Add Policy.

- Define inbound and outbound rules:

- Allow HTTP/HTTPS: Allow inbound HTTP (Port 80) and HTTPS (Port 443).

- Deny All: Block all other traffic by default.

3. Apply Firewall Rules:

- Apply the firewall policy to your firewall.

4. Configure Routing:

- Update the route table for your VNet to route traffic through the firewall. This ensures that all
network traffic is filtered through the firewall.

==================================================================================

Azure Traffic Manager

Objective:

In this lab, you will learn how to set up and configure Azure Traffic Manager to distribute traffic between
multiple Azure resources, such as Virtual Machines (VMs) or Web Apps, in a way that improves
performance, reliability, and availability.

1. Overview of Azure Traffic Manager

- Performance: Routes traffic to the endpoint with the lowest latency.

- Priority: Routes traffic to endpoints in a defined priority order.

- Geographic: Routes traffic based on the geographic location of the user.

- Multivalue: Routes traffic to multiple healthy endpoints.

- Subnet: Routes traffic to endpoints based on the client's IP subnet.

Traffic Manager works with both Azure resources (like VMs and Web Apps) and external endpoints (such
as on-premises servers).

Setting Up Azure Traffic Manager

Step 1: Create Traffic Manager Profile

1. Log into Azure Portal:

Go to the [Azure Portal](https://portal.azure.com).

2. Create Traffic Manager Profile:

- In the Azure portal, search for Traffic Manager profiles in the search bar and select it.

- Click + Add to create a new Traffic Manager profile.

- Fill in the details:

- Name: Provide a name for your Traffic Manager profile (e.g., DemoTrafficManager).

- Routing Method: Choose the routing method (e.g., Performance for directing traffic to the endpoint
with the lowest latency).

- Resource Group: Choose an existing resource group or create a new one.

- DNS Name: Provide a unique DNS name for the Traffic Manager (e.g.,
Demotrafficmanager.trafficmanager.net).

- Region: Choose a region for the Traffic Manager profile.

3. Review + Create:
 - After filling out the information, click Review + Create, review the settings, and click Create.

Step 2: Add Endpoints to the Traffic Manager Profile

1. Go to Traffic Manager Profile:

- Once the profile is created, click on the Traffic Manager profile you just created.

2. Add an Endpoint:

In the Traffic Manager profile, go to the Endpoints section.

- Click + Add to add an endpoint.

3. Configure the Endpoint:

- Type: Choose the type of endpoint you are adding. Options include:

- Azure (for Azure resources like VMs or Web Apps).

- External (for external endpoints such as an on-premises server or a third-party service).

- Name: Provide a name for the endpoint (e.g., Endpoint1).

- Target Resource: Choose the resource you want to associate with the endpoint. If you're using a Web
App, select Azure Web App and choose the Web App instance.

- Endpoint Location: Choose the region where your resource is hosted.

- Priority: (Applicable for Priority routing method) Set a priority for the endpoint.

Weight: (Applicable for Performance or Weighted routing method) Assign a weight if you want to
control the distribution of traffic across multiple endpoints.

4. Add More Endpoints:

- Repeat the process to add additional endpoints. For example, you might add another Web App or VM
located in a different Azure region.

5. Save Endpoints:

- Once you have added all the endpoints, click Save.

Open a terminal or command prompt and run the following command:

bash

nslookup Demotrafficmanager.trafficmanager.net

This will return the IP address of the endpoint that is being routed based on your chosen method.