The Azure Quickstart templates are currently available in English
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Tuto šablonu Azure Resource Manageru (ARM) vytvořil člen komunity a ne Microsoft. Licenci na každou šablonu ARM vám na základě licenční smlouvy uděluje její vlastník, ne Microsoft. Za šablony ARM poskytované a licencované členy komunity nenese Microsoft žádnou odpovědnost ani neprověřuje jejich zabezpečení, kompatibilitu nebo výkon. Šablony ARM komunity nejsou podporované v rámci žádné služby nebo programu podpory Microsoftu a jsou dostupné TAK JAK JSOU, bez jakékoliv záruky.
Parametry
| Název parametru | Popis |
|---|---|
| adlsStorageAccountName | Specifies the globally unique DNS Name for the ADLS Gen 2 storage account. |
| blobStorageAccountName | Specifies the globally unique name for the storage account used to store the test file system and the boot diagnostics logs of the virtual machines. |
| adlsStorageAccountNetworkAclsDefaultAction | Specifies the default action of allow or deny when no other rules match for the ADLS storage account. |
| blobStorageAccountNetworkAclsDefaultAction | Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property. |
| adlsStorageAccountAllowBlobPublicAccess | Allow or disallow public access to all blobs or containers in the ADLS storage account. The default interpretation is true for this property. |
| blobStorageAccountAllowBlobPublicAccess | Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property. |
| deployCustomDnsForwarder | Specify whether deploy a custom DNS forwarder in the Hub Virtual Network. Default value is false. |
| dnsAvailabilitySetName | Name of the Availability Set used by the DNS virtual machine. |
| dnsVmName | Specifies the name of the DNS virtual machine. |
| devVmName | Specifies the name of the virtual machine in the Development Virtual Network. |
| prodVmName | Specifies the name of the virtual machine in the Production Virtual Network. |
| vmSize | Specifies the size of the virtual machine. |
| imagePublisher | Specifies the image publisher of the disk image used to create the virtual machine. |
| imageOffer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
| imageSku | Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version. |
| authenticationType | Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended. |
| adminUsername | Specifies the name of the administrator account of the virtual machine. |
| adminPasswordOrKey | Specifies the SSH Key or password for the virtual machine. SSH key is recommended. |
| diskStorageAccounType | Defines the storage account type for OS and data disk. |
| numDataDisks | Specifies the number of data disks of the virtual machine. |
| osDiskSize | The size in GB of the OS disk of the VM. |
| dataDiskSize | Specifies the size in GB of the OS disk of the virtual machine. |
| dataDiskCaching | Specifies the caching requirements for the data disks. |
| _artifactsLocation | Specifies the base URI where artifacts required by this template are located including a trailing '/' |
| _artifactsLocationSasToken | Specifies the sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. |
| adlsStorageAccountAdlsPrivateEndpointName | Specifies the name of the adls private endpoint to the adls storage account. |
| adlsStorageAccountBlobPrivateEndpointName | Specifies the name of the blob private endpoint to the adls storage account. |
| blobStorageAccountBlobPrivateEndpointName | Specifies the name of the blob private endpoint to the boot diagnostics storage account. |
| privateDnsZoneName | Private DNS Zone name. |
| workspaceName | the name of the Log Analytics workspace. |
| workspaceSku | The sku of the Log Analytics workspace. |
| firewallName | The name of the Azure Firewall. |
| firewallAvailabilityZones | Zone numbers e.g. 1,2,3. |
| numberOfFirewallPublicIPAddresses | Number of public IP addresses for the Azure Firewall |
| createDnatRuleCollection | Specifies whether create DNAT rule collection in the Azure Firewall policy or not. |
| deployVpnGateway | Specifies whether deploy a VPN Gateway in the Hub or not. |
| gatewaySku | The SKU of the Gateway, if deployed |
| gatewayType | The type of this virtual network gateway. - Vpn or ExpressRoute |
| vpnType | The type of this virtual network gateway. - PolicyBased or RouteBased |
| enableBgp | Whether BGP is enabled for this virtual network gateway or not. |
| location | Location for all resources. |
| hubVnetName | (není dostupný žádný popis) |
| hubVnetAddressPrefix | (není dostupný žádný popis) |
| hubVnetFirewallSubnetName | The name of the Firewall subnet. |
| hubVnetFirewallSubnetPrefix | The address prefix of the Firewall subnet. |
| hubVnetCommonSubnetName | The name of the Management subnet. |
| hubVnetCommonSubnetPrefix | The address prefix of the Management subnet. |
| hubVnetGatewaySubnetName | The name of the Development Virtual Network. |
| hubVnetGatewaySubnetPrefix | The address prefix of the Gateway subnet. |
| gatewayName | The name of gateway. |
| devVnetName | The name of the Development Virtual Network. |
| devVnetAddressPrefix | The address prefix of the Development Virtual Network. |
| prodVnetName | The name of the Production Virtual Network. |
| prodVnetAddressPrefix | The address prefix of the Production Virtual Network. |
| devVnetDefaultSubnetName | The name of the Workload subnet. |
| devVNetDefaultSubnetPrefix | The address prefix of the Workload subnet in the Development Virtual Network. |
| prodVnetDefaultSubnetName | The name of the Workload subnet. |
| prodVNetDefaultSubnetPrefix | The address prefix of the Workload subnet in the Production Virtual Network. |
| hubVnetBastionSubnetPrefix | Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space. |
| bastionHostName | Specifies the name of the Azure Bastion resource. |
| firewallPolicyName | The name of the Firewall Policy uased by the Azure Firewall |
Použití šablony
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstalace a konfigurace Azure PowerShell
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-firewall-dns-proxy/azuredeploy.json
Příkazový řádek
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstalace a konfigurace rozhraní Azure Cross-Platform Command-Line Interface
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-firewall-dns-proxy/azuredeploy.json