Azure VPN – Part 1/2

This new Azure related blog describes how to extend your on-premises network to the Azure datacenter. The blog explains how to create an Azure Virtual Network, create VPN gateway, and connect it to your on-premises environment. In part 2 we expand this solution with Point-to-Site VPN, with Always ON – Azure VPN, allowing Modern Managed clients to connect via VPN to Azure Virtual Network, and if required to your on-premises network.


This picture shows the setup we are going to create in this BLOG.

The blog assumes you have basic knowledge about networking and how the Azure portal works. The region I usually work in is West Europe. Please adjust your region to you preferred Azure Region.

Part 1: Site-to-Site VPN

  1. Create Azure VNET
  2. Create Azure Virtual Network Gateway
  3. Create Virtual Machine in Azure
  4. Create Site-2-Site between Azure and Sophos XG
    1. Configure Azure
    2. Configure Sophos XG
    3. Proof of the pudding

Coming Soon: Part 2: Azure VPN (Point-to-Site)

Continue reading Azure VPN – Part 1/2

Azure NAT with Ubuntu Linux

Introduction

When creating a workplace for your users in Azure using RDS or Windows Virtual Desktop you might recognize this issue. All servers in Azure use a dynamic outbound IP for browsing. When you need to access websites that require IP whitelisting this can be an issue.

You can use multiple solutions for this problem:

  • Route your internet traffic back to on-prem via ExpressRoute or VPN
  • Use Azure Firewall, or a virtual firewall appliance (can be costly)
  • Use a self-build outbound NAT VM

This blog will explain how to build your own outbound NAT VM for your Azure virtual net. Although this is not Enterprise ready it will work just fine. Determine production readiness for yourself.

Continue reading Azure NAT with Ubuntu Linux

Manage non domain Joined Windows Server 2019 Core

In this blog I will explain how to install a Hyper-V role on a Windows 2019 Standard Server Core. I also install and configure the DHCP and RRAS role. To configure these roles, I use a Windows 2019 Standard Server (Desktop Experience).

This normally is pretty easy when all are joined to the domain, but for my “LAB” scenario I do not use a Domain Controller. Procedures should work also on Hyper-V Server 2019, except for the DHCP and RRAS role.

In my LAB network I want to use a Sophos XG HOME edition for network protection to the Internet. I want to virtualize this software to maximize the usability of the MiniPC I purchased.

From a major Chinese webshop I purchased a J1900 based MiniPC with 4x Intel Network card in it. It came with 8GB and 120GB SSD. The J1900 processor supports Hyper-V.

I want to use the DHCP/RRAS and Hyper-V role on this BOX. Because the J1900 only supports 8GB of RAM I use the Server Core edition of Windows 2019 instead of the Desktop Experience.

Continue reading Manage non domain Joined Windows Server 2019 Core