FaradayCage

1.0.0

Private/Firewall.ps1

                                function New-Firewall {

    [CmdletBinding()]

    param(

        [Parameter(Mandatory, ValueFromPipeline)][pscustomobject]$Payload

    )

    $RGName = $Payload.RGName

    $Location = $Payload.Location

    $NameSuffix = $Payload.NameSuffix

    $Linux = $Payload.Linux

    #create Public IP for jumpbox and LB

    $LBPipName = "pip-$NameSuffix"

    $LBPip = New-AzPublicIpAddress -Name $LBPipName  -ResourceGroupName $RGName -Location $Location -AllocationMethod Static -Sku Standard

    #create NAT rule

    $pip = (Get-AzPublicIpAddress -ResourceGroupName $RGName -Name $LBPipName).IpAddress

    $privatevmip = (Get-AzNetworkInterface -Name "nic-$NameSuffix" -ResourceGroupName $RGName).IpConfigurations.PrivateIpAddress

    if ($Linux){

        $NATRuleName= "jumpboxSSH"

        $VMDestinationPort= "22"

        $VMTranslatedPort="22"

    }

    else{

        $NATRuleName= "jumboxRDP"

        $VMDestinationPort= "3389"

        $VMTranslatedPort="3389"

    }

    $NatRuleCollectionName= "JumpboxAccess"

    $NICName = $Payload.NICName

    $rule = New-AzFirewallNatRule -Name $NATRuleName -Protocol "TCP" -SourceAddress "*" -DestinationAddress $pip -DestinationPort $VMDestinationPort -TranslatedAddress $privatevmip -TranslatedPort $VMTranslatedPort

    $natcollection = New-AzFirewallNatRuleCollection -Name $NatRuleCollectionName -Priority 200 -Rule $rule

    #Create AZFW

    $GatewayName = "fw-$NameSuffix"

    $Azfw = New-AzFirewall -Name $GatewayName -ResourceGroupName $RGName -Location $Location -VirtualNetworkName $Payload.VnetName -PublicIpName $LBPip.Name -NatRuleCollection $natcollection

    Set-AzFirewall -AzureFirewall $Azfw

    #Create UDR rule

    $Azfw = Get-AzFirewall -ResourceGroupName $RGName

    $AzfwRouteName = "AllTraffictoIP"

    $AzfwRouteTableName = "route-$NameSuffix"

    $IlbCA = $Azfw.IpConfigurations[0].PrivateIPAddress

    $AzfwRoute = New-AzRouteConfig -Name $AzfwRouteName -AddressPrefix 0.0.0.0/0 -NextHopType VirtualAppliance -NextHopIpAddress $IlbCA

    $AzfwRouteTable = New-AzRouteTable -Name $AzfwRouteTableName -ResourceGroupName $RGName -location $Location -Route $AzfwRoute

    #associate to Servers Subnet

    $vnet = Get-AzVirtualNetwork -ResourceGroupName $RGName -Name $Payload.VnetName

    $vnet.Subnets[1].RouteTable = $AzfwRouteTable

    Set-AzVirtualNetwork -VirtualNetwork $vnet

    # create payload to be captured and printed out for the user

    $Payload | Add-Member -MemberType NoteProperty -Name 'LBPipName' -Value $LBPipName

    $Payload | Add-Member -MemberType NoteProperty -Name 'PipAddress' -Value $pip

    $Payload | Add-Member -MemberType NoteProperty -Name 'FirewallName' -Value $GatewayName

    $Payload | Add-Member -MemberType NoteProperty -Name 'RouteTableName' -Value $AzfwRouteTableName

    $Payload | Add-Member -MemberType NoteProperty -Name 'NATRuleName' -Value $NATRuleName

    $Payload | Add-Member -MemberType NoteProperty -Name 'NatRuleCollectionName' -Value $NatRuleCollectionName

    [pscustomobject]$Payload

}