The Azure Quickstart templates are currently available in English

Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology

Última actualización: 15/04/2021

This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

Esta plantilla de Azure Resource Manager (ARM) la creó un miembro de la comunidad, no Microsoft. Su propietario (no Microsoft) le permite usar las plantillas de ARM con arreglo a un contrato de licencia. Microsoft no se responsabiliza de ninguna plantilla de ARM que le proporcionen los miembros de la comunidad (o cuya licencia le otorguen) en cuanto a su seguridad, compatibilidad ni rendimiento. Las plantillas de ARM de la comunidad no reciben ningún tipo de soporte en ningún servicio ni programa de soporte de Microsoft. Dichas plantillas se proporcionan TAL CUAL, sin garantía de ningún tipo.

Parámetros

Nombre del parámetro Descripción
adlsStorageAccountName Specifies the globally unique DNS Name for the ADLS Gen 2 storage account.
blobStorageAccountName Specifies the globally unique name for the storage account used to store the test file system and the boot diagnostics logs of the virtual machines.
adlsStorageAccountNetworkAclsDefaultAction Specifies the default action of allow or deny when no other rules match for the ADLS storage account.
blobStorageAccountNetworkAclsDefaultAction Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property.
adlsStorageAccountAllowBlobPublicAccess Allow or disallow public access to all blobs or containers in the ADLS storage account. The default interpretation is true for this property.
blobStorageAccountAllowBlobPublicAccess Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property.
deployCustomDnsForwarder Specify whether deploy a custom DNS forwarder in the Hub Virtual Network. Default value is false.
dnsAvailabilitySetName Name of the Availability Set used by the DNS virtual machine.
dnsVmName Specifies the name of the DNS virtual machine.
devVmName Specifies the name of the virtual machine in the Development Virtual Network.
prodVmName Specifies the name of the virtual machine in the Production Virtual Network.
vmSize Specifies the size of the virtual machine.
imagePublisher Specifies the image publisher of the disk image used to create the virtual machine.
imageOffer Specifies the offer of the platform image or marketplace image used to create the virtual machine.
imageSku Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version.
authenticationType Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended.
adminUsername Specifies the name of the administrator account of the virtual machine.
adminPasswordOrKey Specifies the SSH Key or password for the virtual machine. SSH key is recommended.
diskStorageAccounType Defines the storage account type for OS and data disk.
numDataDisks Specifies the number of data disks of the virtual machine.
osDiskSize The size in GB of the OS disk of the VM.
dataDiskSize Specifies the size in GB of the OS disk of the virtual machine.
dataDiskCaching Specifies the caching requirements for the data disks.
_artifactsLocation Specifies the base URI where artifacts required by this template are located including a trailing '/'
_artifactsLocationSasToken Specifies the sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured.
adlsStorageAccountAdlsPrivateEndpointName Specifies the name of the adls private endpoint to the adls storage account.
adlsStorageAccountBlobPrivateEndpointName Specifies the name of the blob private endpoint to the adls storage account.
blobStorageAccountBlobPrivateEndpointName Specifies the name of the blob private endpoint to the boot diagnostics storage account.
privateDnsZoneName Private DNS Zone name.
workspaceName the name of the Log Analytics workspace.
workspaceSku The sku of the Log Analytics workspace.
firewallName The name of the Azure Firewall.
firewallAvailabilityZones Zone numbers e.g. 1,2,3.
numberOfFirewallPublicIPAddresses Number of public IP addresses for the Azure Firewall
createDnatRuleCollection Specifies whether create DNAT rule collection in the Azure Firewall policy or not.
deployVpnGateway Specifies whether deploy a VPN Gateway in the Hub or not.
gatewaySku The SKU of the Gateway, if deployed
gatewayType The type of this virtual network gateway. - Vpn or ExpressRoute
vpnType The type of this virtual network gateway. - PolicyBased or RouteBased
enableBgp Whether BGP is enabled for this virtual network gateway or not.
location Location for all resources.
hubVnetName (no hay descripción disponible)
hubVnetAddressPrefix (no hay descripción disponible)
hubVnetFirewallSubnetName The name of the Firewall subnet.
hubVnetFirewallSubnetPrefix The address prefix of the Firewall subnet.
hubVnetCommonSubnetName The name of the Management subnet.
hubVnetCommonSubnetPrefix The address prefix of the Management subnet.
hubVnetGatewaySubnetName The name of the Development Virtual Network.
hubVnetGatewaySubnetPrefix The address prefix of the Gateway subnet.
gatewayName The name of gateway.
devVnetName The name of the Development Virtual Network.
devVnetAddressPrefix The address prefix of the Development Virtual Network.
prodVnetName The name of the Production Virtual Network.
prodVnetAddressPrefix The address prefix of the Production Virtual Network.
devVnetDefaultSubnetName The name of the Workload subnet.
devVNetDefaultSubnetPrefix The address prefix of the Workload subnet in the Development Virtual Network.
prodVnetDefaultSubnetName The name of the Workload subnet.
prodVNetDefaultSubnetPrefix The address prefix of the Workload subnet in the Production Virtual Network.
hubVnetBastionSubnetPrefix Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space.
bastionHostName Specifies the name of the Azure Bastion resource.
firewallPolicyName The name of the Firewall Policy uased by the Azure Firewall

Uso de la plantilla

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-azure-firewall-dns-proxy/azuredeploy.json
Instalar y configurar PowerShell de Azure

Línea de comandos

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/301-azure-firewall-dns-proxy/azuredeploy.json
Instalación y configuración de la interfaz de línea de comandos multiplataforma de Azure