The Azure Quickstart templates are currently available in English
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.
Esta plantilla de Azure Resource Manager (ARM) la creó un miembro de la comunidad, no Microsoft. Su propietario (no Microsoft) le permite usar las plantillas de ARM con arreglo a un contrato de licencia. Microsoft no se responsabiliza de ninguna plantilla de ARM que le proporcionen los miembros de la comunidad (o cuya licencia le otorguen) en cuanto a su seguridad, compatibilidad ni rendimiento. Las plantillas de ARM de la comunidad no reciben ningún tipo de soporte en ningún servicio ni programa de soporte de Microsoft. Dichas plantillas se proporcionan TAL CUAL, sin garantía de ningún tipo.
Parámetros
| Nombre del parámetro | Descripción |
|---|---|
| adlsStorageAccountName | Specifies the globally unique DNS Name for the ADLS Gen 2 storage account. |
| blobStorageAccountName | Specifies the globally unique name for the storage account used to store the test file system and the boot diagnostics logs of the virtual machines. |
| adlsStorageAccountNetworkAclsDefaultAction | Specifies the default action of allow or deny when no other rules match for the ADLS storage account. |
| blobStorageAccountNetworkAclsDefaultAction | Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property. |
| adlsStorageAccountAllowBlobPublicAccess | Allow or disallow public access to all blobs or containers in the ADLS storage account. The default interpretation is true for this property. |
| blobStorageAccountAllowBlobPublicAccess | Allow or disallow public access to all blobs or containers in the Blob storage account. The default interpretation is true for this property. |
| deployCustomDnsForwarder | Specify whether deploy a custom DNS forwarder in the Hub Virtual Network. Default value is false. |
| dnsAvailabilitySetName | Name of the Availability Set used by the DNS virtual machine. |
| dnsVmName | Specifies the name of the DNS virtual machine. |
| devVmName | Specifies the name of the virtual machine in the Development Virtual Network. |
| prodVmName | Specifies the name of the virtual machine in the Production Virtual Network. |
| vmSize | Specifies the size of the virtual machine. |
| imagePublisher | Specifies the image publisher of the disk image used to create the virtual machine. |
| imageOffer | Specifies the offer of the platform image or marketplace image used to create the virtual machine. |
| imageSku | Specifies the Ubuntu version for the VM. This will pick a fully patched image of this given Ubuntu version. |
| authenticationType | Specifies the type of authentication when accessing the Virtual Machine. SSH key is recommended. |
| adminUsername | Specifies the name of the administrator account of the virtual machine. |
| adminPasswordOrKey | Specifies the SSH Key or password for the virtual machine. SSH key is recommended. |
| diskStorageAccounType | Defines the storage account type for OS and data disk. |
| numDataDisks | Specifies the number of data disks of the virtual machine. |
| osDiskSize | The size in GB of the OS disk of the VM. |
| dataDiskSize | Specifies the size in GB of the OS disk of the virtual machine. |
| dataDiskCaching | Specifies the caching requirements for the data disks. |
| _artifactsLocation | Specifies the base URI where artifacts required by this template are located including a trailing '/' |
| _artifactsLocationSasToken | Specifies the sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated. Use the defaultValue if the staging location is not secured. |
| adlsStorageAccountAdlsPrivateEndpointName | Specifies the name of the adls private endpoint to the adls storage account. |
| adlsStorageAccountBlobPrivateEndpointName | Specifies the name of the blob private endpoint to the adls storage account. |
| blobStorageAccountBlobPrivateEndpointName | Specifies the name of the blob private endpoint to the boot diagnostics storage account. |
| privateDnsZoneName | Private DNS Zone name. |
| workspaceName | the name of the Log Analytics workspace. |
| workspaceSku | The sku of the Log Analytics workspace. |
| firewallName | The name of the Azure Firewall. |
| firewallAvailabilityZones | Zone numbers e.g. 1,2,3. |
| numberOfFirewallPublicIPAddresses | Number of public IP addresses for the Azure Firewall |
| createDnatRuleCollection | Specifies whether create DNAT rule collection in the Azure Firewall policy or not. |
| deployVpnGateway | Specifies whether deploy a VPN Gateway in the Hub or not. |
| gatewaySku | The SKU of the Gateway, if deployed |
| gatewayType | The type of this virtual network gateway. - Vpn or ExpressRoute |
| vpnType | The type of this virtual network gateway. - PolicyBased or RouteBased |
| enableBgp | Whether BGP is enabled for this virtual network gateway or not. |
| location | Location for all resources. |
| hubVnetName | (no hay descripción disponible) |
| hubVnetAddressPrefix | (no hay descripción disponible) |
| hubVnetFirewallSubnetName | The name of the Firewall subnet. |
| hubVnetFirewallSubnetPrefix | The address prefix of the Firewall subnet. |
| hubVnetCommonSubnetName | The name of the Management subnet. |
| hubVnetCommonSubnetPrefix | The address prefix of the Management subnet. |
| hubVnetGatewaySubnetName | The name of the Development Virtual Network. |
| hubVnetGatewaySubnetPrefix | The address prefix of the Gateway subnet. |
| gatewayName | The name of gateway. |
| devVnetName | The name of the Development Virtual Network. |
| devVnetAddressPrefix | The address prefix of the Development Virtual Network. |
| prodVnetName | The name of the Production Virtual Network. |
| prodVnetAddressPrefix | The address prefix of the Production Virtual Network. |
| devVnetDefaultSubnetName | The name of the Workload subnet. |
| devVNetDefaultSubnetPrefix | The address prefix of the Workload subnet in the Development Virtual Network. |
| prodVnetDefaultSubnetName | The name of the Workload subnet. |
| prodVNetDefaultSubnetPrefix | The address prefix of the Workload subnet in the Production Virtual Network. |
| hubVnetBastionSubnetPrefix | Specifies the Bastion subnet IP prefix. This prefix must be within vnet IP prefix address space. |
| bastionHostName | Specifies the name of the Azure Bastion resource. |
| firewallPolicyName | The name of the Firewall Policy uased by the Azure Firewall |
Uso de la plantilla
PowerShell
New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstalar y configurar PowerShell de Azure
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-firewall-dns-proxy/azuredeploy.json
Línea de comandos
az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deploymentInstalación y configuración de la interfaz de línea de comandos multiplataforma de Azure
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.network/azure-firewall-dns-proxy/azuredeploy.json