To deploy a firewall to subnetl-2, you need to create a network virtual appliance (NVA) in the same virtual network as subnetl-2.  An NVA is a virtual machine that performs network functions, such as firewall, routing, or load balanc ing 1 .

To create an NVA, you need to create a virtual machine in the Azure portal and select an image that has the firewall software installed.  You can choose from th e Azure Marketplace or upload your own image 2 .

To assign the IP address of 10.1.2.4 to the NVA, you need to create a static private IP address for the network interface of the virtual machine.  You can do this in the IP configura tions settings of the network interface 3 .

To ensure that traffic from subnetl-1 to the IP address range of 192.1 68.10.0/24 is routed through the NVA, you need to create a user-defined route (UDR) table and associate it with subnetl-1.  A UDR table allows you to override the default routing behavior of Azure and specify custom routes for your subnets 4 .

To create a UDR ta ble, you need to go to the Route tables service in the Azure portal and select + Create.  You can give a name and a resource group for the route table 5 .

To create a custom route, you need to select Routes in the route table and select + Add.  You can enter the f ollowing information for the route 5 :

Destination: 192.168.10.0/24

Next hop type: Virtual appliance

Next hop address: 10.1.2.4

To associate the route table with subnetl-1, you need to select Subnets in the route table and select + Associate.  Y ou can select the virtual network and subnet that you want to asso ciate with the route table 5 .