The Azure Quickstart templates are currently available in English

ILB App Service Environment with Azure Firewall

John Scott 提供
上次更新日期: 2019/10/6

Resource Manager templates and parameters demonstrating how to deploy App Service environment with Azure Firewall integration

此 Azure Resource Manager (ARM) 範本是由社群成員 (而非 Microsoft) 建立。每個 ARM 範本都是由其擁有者 (而非 Microsoft) 依據授權合約授權給您。Microsoft 並不負責社群成員所提供和授權的 ARM 範本,而不會為了安全性、相容性或效能進行篩選。社群 ARM 範本並未依據任何 Microsoft 支援方案或服務提供支援,而且會在沒有任何擔保的情況下依現況提供。

參數

參數名稱 說明
location Location (region) for all resources. Use the location value, not the display name, e.g. eastus, not East US 2
aseName Name of the ASE resource
vnetResourceName The name of the vNet
applicationName Name of the initial ASE App (without the FQDN)
internalLoadBalancingMode 0 = public VIP only, 1 = only ports 80/443 are mapped to ILB VIP, 2 = only FTP ports are mapped to ILB VIP, 3 = both ports 80/443 and FTP ports are mapped to an ILB VIP.
aseSubnetName Subnet name which will contain the App Service Environment
serverFarmsAseAspName Name of the app service
_artifactsLocation The location of resources, such as templates and DSC modules, that the template depends on
_artifactsLocationSasToken The sasToken required to access _artifactsLocation. When the template is deployed using the accompanying scripts, a sasToken will be automatically generated.
vnetAddressRange Address range for the virtual network in CIDR notation
aseSubnetAddressRange Address range for the ASE subnet in CIDR notation within the vnetAddress range
aseNSGName Name for the NSG attached to the ASE subnet
aseRouteTableName Name of the Route Table attached to the ASE subnet
azureFirewallName Name of the Azure Firewall
deployAzureFirewall Toggle whether to deploy the Azure Firewall
azureFirewallRouteTableName Name of the Azure Firewall Route Table
azureFirewallSubnetAddressRange Address range that will be used by the Azure Firewall Subnet within the vnetAddress range
azureFirewallPublicIP Name for the Azure Firewall public IP resource
tags The collection of resource tags passed from parameters file
aseSubnetServiceEndpoints Service Endpoints enabled on the ASE subnet
aseManagementIps List of ASE management IP addresses
azureMonitorFQDNs FQDNs to whitelist for Azure Monitor

使用範本

PowerShell

New-AzResourceGroup -Name <resource-group-name> -Location <resource-group-location> #use this command when you need to create a new resource group for your deployment
New-AzResourceGroupDeployment -ResourceGroupName <resource-group-name> -TemplateUri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/App-Service-Environment-AzFirewall/azuredeploy.json
安裝和設定 Azure PowerShell

命令列

az group create --name <resource-group-name> --location <resource-group-location> #use this command when you need to create a new resource group for your deployment
az group deployment create --resource-group <my-resource-group> --template-uri https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/App-Service-Environment-AzFirewall/azuredeploy.json
安裝和設定 Azure 跨平台命令列介面

John Scott 提供的其他範本