Private/Firewall.ps1
function New-Firewall { [CmdletBinding()] param( [Parameter(Mandatory, ValueFromPipeline)][pscustomobject]$Payload ) $RGName = $Payload.RGName $Location = $Payload.Location $NameSuffix = $Payload.NameSuffix $Linux = $Payload.Linux #create Public IP for jumpbox and LB $LBPipName = "pip-$NameSuffix" $LBPip = New-AzPublicIpAddress -Name $LBPipName -ResourceGroupName $RGName -Location $Location -AllocationMethod Static -Sku Standard #create NAT rule $pip = (Get-AzPublicIpAddress -ResourceGroupName $RGName -Name $LBPipName).IpAddress $privatevmip = (Get-AzNetworkInterface -Name "nic-$NameSuffix" -ResourceGroupName $RGName).IpConfigurations.PrivateIpAddress if ($Linux){ $NATRuleName= "jumpboxSSH" $VMDestinationPort= "22" $VMTranslatedPort="22" } else{ $NATRuleName= "jumboxRDP" $VMDestinationPort= "3389" $VMTranslatedPort="3389" } $NatRuleCollectionName= "JumpboxAccess" $NICName = $Payload.NICName $rule = New-AzFirewallNatRule -Name $NATRuleName -Protocol "TCP" -SourceAddress "*" -DestinationAddress $pip -DestinationPort $VMDestinationPort -TranslatedAddress $privatevmip -TranslatedPort $VMTranslatedPort $natcollection = New-AzFirewallNatRuleCollection -Name $NatRuleCollectionName -Priority 200 -Rule $rule #Create AZFW $GatewayName = "fw-$NameSuffix" $Azfw = New-AzFirewall -Name $GatewayName -ResourceGroupName $RGName -Location $Location -VirtualNetworkName $Payload.VnetName -PublicIpName $LBPip.Name -NatRuleCollection $natcollection Set-AzFirewall -AzureFirewall $Azfw #Create UDR rule $Azfw = Get-AzFirewall -ResourceGroupName $RGName $AzfwRouteName = "AllTraffictoIP" $AzfwRouteTableName = "route-$NameSuffix" $IlbCA = $Azfw.IpConfigurations[0].PrivateIPAddress $AzfwRoute = New-AzRouteConfig -Name $AzfwRouteName -AddressPrefix 0.0.0.0/0 -NextHopType VirtualAppliance -NextHopIpAddress $IlbCA $AzfwRouteTable = New-AzRouteTable -Name $AzfwRouteTableName -ResourceGroupName $RGName -location $Location -Route $AzfwRoute #associate to Servers Subnet $vnet = Get-AzVirtualNetwork -ResourceGroupName $RGName -Name $Payload.VnetName $vnet.Subnets[1].RouteTable = $AzfwRouteTable Set-AzVirtualNetwork -VirtualNetwork $vnet # create payload to be captured and printed out for the user $Payload | Add-Member -MemberType NoteProperty -Name 'LBPipName' -Value $LBPipName $Payload | Add-Member -MemberType NoteProperty -Name 'PipAddress' -Value $pip $Payload | Add-Member -MemberType NoteProperty -Name 'FirewallName' -Value $GatewayName $Payload | Add-Member -MemberType NoteProperty -Name 'RouteTableName' -Value $AzfwRouteTableName $Payload | Add-Member -MemberType NoteProperty -Name 'NATRuleName' -Value $NATRuleName $Payload | Add-Member -MemberType NoteProperty -Name 'NatRuleCollectionName' -Value $NatRuleCollectionName [pscustomobject]$Payload } |