Resource Manager templates and parameters demonstrating how to deploy App Service environment with Azure Firewall integration
This Azure Resource Manager template was created by a member of the community and not by Microsoft. Each Resource Manager template is licensed to you under a license agreement by its owner, not Microsoft. Microsoft is not responsible for Resource Manager templates provided and licensed by community members and does not screen for security, compatibility, or performance. Community Resource Manager templates are not supported under any Microsoft support program or service, and are made available AS IS without warranty of any kind.
Parameters
| Parameter Name | Description |
|---|---|
| location | Location (region) for all resources. Use the location value, not the display name, e.g. eastus, not East US 2 |
| aseName | Name of the ASE resource |
| vnetResourceName | The name of the vNet |
| applicationName | Name of the initial ASE App (without the FQDN) |
| internalLoadBalancingMode | 0 = public VIP only, 1 = only ports 80/443 are mapped to ILB VIP, 2 = only FTP ports are mapped to ILB VIP, 3 = both ports 80/443 and FTP ports are mapped to an ILB VIP. |
| aseSubnetName | Subnet name which will contain the App Service Environment |
| serverFarmsAseAspName | Name of the app service |
| _artifactsLocation | The location of resources, such as templates and DSC modules, that the template depends on |
| _artifactsLocationSasToken | The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. |
| vnetAddressRange | Address range for the virtual network in CIDR notation |
| aseSubnetAddressRange | Address range for the ASE subnet in CIDR notation within the vnetAddress range |
| aseNSGName | Name for the NSG attached to the ASE subnet |
| aseRouteTableName | Name of the Route Table attached to the ASE subnet |
| azureFirewallName | Name of the Azure Firewall |
| deployAzureFirewall | Toggle whether to deploy the Azure Firewall |
| azureFirewallRouteTableName | Name of the Azure Firewall Route Table |
| azureFirewallSubnetAddressRange | Address range that will be used by the Azure Firewall Subnet within the vnetAddress range |
| azureFirewallPublicIP | Name for the Azure Firewall public IP resource |
| tags | The collection of resource tags passed from parameters file |
| aseSubnetServiceEndpoints | Service Endpoints enabled on the ASE subnet |
| aseManagementIps | List of ASE management IP addresses |
| azureMonitorFQDNs | FQDNs to whitelist for Azure Monitor |
Use the template
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and configure Azure PowerShell
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/App-Service-Environment-AzFirewall/azuredeploy.json
Command line
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and Configure the Azure Cross-Platform Command-Line Interface
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/App-Service-Environment-AzFirewall/azuredeploy.json