This template creates an Application Gateway with WAF configured along with a firewall policy
This Azure Resource Manager template was created by a member of the community and not by Microsoft. Each Resource Manager template is licensed to you under a license agreement by its owner, not Microsoft. Microsoft is not responsible for Resource Manager templates provided and licensed by community members and does not screen for security, compatibility, or performance. Community Resource Manager templates are not supported under any Microsoft support program or service, and are made available AS IS without warranty of any kind.
Parameters
| Parameter Name | Description |
|---|---|
| applicationGatewayName | Application gateway name |
| location | Application gateway location |
| tier | Application gateway tier |
| sku | Application gateway sku |
| http2Enabled | Enable HTTP/2 support |
| capacity | Capacity (instance count) of application gateway |
| autoScaleMaxCapacity | Autoscale capacity (instance count) of application gateway |
| publicIpAddressName | Public ip address name |
| vNetSubscriptionId | Virutal network subscription id |
| existingVnetResourceGroup | Virutal network resource group |
| existingVnetName | Virutal network name |
| existingSubnetName | Application gateway subnet name |
| sslCertificates | Array containing ssl certificates |
| trustedRootCertificates | Array containing trusted root certificates |
| httpListeners | Array containing http listeners |
| backendAddressPools | Array containing backend address pools |
| backendHttpSettings | Array containing backend http settings |
| rules | Array containing request routing rules |
| redirectConfigurations | Array containing redirect configurations |
| frontEndPorts | Array containing front end ports |
| customProbes | Array containing custom probes |
| managedIdentityResourceId | Resource id of an existing user assigned managed identity to associate with the application gateway |
| enableWebApplicationFirewall | Enable web application firewall |
| firewallPolicyName | Name of the firewall policy. Only required if enableWebApplicationFirewall is set to true |
| firewallPolicySettings | Array containing the firewall policy settings. Only required if enableWebApplicationFirewall is set to true |
| firewallPolicyCustomRules | Array containing the firewall policy custom rules. Only required if enableWebApplicationFirewall is set to true |
| firewallPolicyManagedRuleSets | Array containing the firewall policy managed rule sets. Only required if enableWebApplicationFirewall is set to true |
| firewallPolicyManagedRuleExclusions | Array containing the firewall policy managed rule exclusions. Only required if enableWebApplicationFirewall is set to true |
| enableDeleteLock | Enable delete lock |
| enableDiagnostics | Enable diagnostic logs |
| diagnosticStorageAccountId | Storage account resource id. Only required if enableDiagnostics is set to true |
| logAnalyticsWorkspaceId | Log analytics workspace resource id. Only required if enableDiagnostics is set to true |
Use the template
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and configure Azure PowerShell
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/application-gateway-waf-firewall-policy/azuredeploy.json
Command line
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstall and Configure the Azure Cross-Platform Command-Line Interface
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/application-gateway-waf-firewall-policy/azuredeploy.json