Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1 contributor

Users who have contributed to this file

384 lines (383 sloc) 12.3 KB
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "virtual network name"
}
},
"adminUsername": {
"type": "string",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"vnetAddressPrefix": "10.0.0.0/16",
"serversSubnetPrefix": "10.0.2.0/24",
"azureFirewallSubnetPrefix": "10.0.1.0/24",
"jumpboxSubnetPrefix": "10.0.0.0/24",
"nextHopIP": "10.0.1.4",
"azureFirewallSubnetName": "AzureFirewallSubnet",
"jumpBoxSubnetName": "JumpboxSubnet",
"serversSubnetName": "ServersSubnet",
"jumpBoxPublicIPAddressName": "JumpHostPublicIP",
"jumpBoxNsgName": "JumpHostNSG",
"jumpBoxNicName": "JumpHostNic",
"jumpBoxSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), variables('jumpBoxSubnetName'))]",
"serverNicName": "ServerNic",
"serverSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('virtualNetworkName'), variables('serversSubnetName'))]",
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sajumpbox')]",
"azfwRouteTableName": "AzfwRouteTable",
"firewallName": "firewall1",
"publicIPName": "publicIP1",
"azureFirewallSubnetId": "[resourceId('Microsoft.Network/virtualNetworks/subnets',parameters('virtualNetworkName'), variables('azureFirewallSubnetName'))]",
"azureFirewallPublicIpId": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPName'))]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"name": "[variables('storageAccountName')]",
"apiVersion": "2017-10-01",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Network/routeTables",
"name": "[variables('azfwRouteTableName')]",
"apiVersion": "2018-02-01",
"location": "[parameters('location')]",
"properties": {
"disableBgpRoutePropagation": false,
"routes": [
{
"name": "AzfwDefaultRoute",
"properties": {
"addressPrefix": "0.0.0.0/0",
"nextHopType": "VirtualAppliance",
"nextHopIpAddress": "[variables('nextHopIP')]"
}
}
]
}
},
{
"name": "[parameters('virtualNetworkName')]",
"apiVersion": "2017-06-01",
"type": "Microsoft.Network/virtualNetworks",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/routeTables', variables('azfwRouteTableName'))]"
],
"tags": {
"displayName": "[parameters('virtualNetworkName')]"
},
"properties": {
"addressSpace": {
"addressPrefixes": [
"[variables('vnetAddressPrefix')]"
]
},
"subnets": [
{
"name": "[variables('jumpBoxSubnetName')]",
"properties": {
"addressPrefix": "[variables('jumpboxSubnetPrefix')]"
}
},
{
"name": "[variables('azureFirewallSubnetName')]",
"properties": {
"addressPrefix": "[variables('azureFirewallSubnetPrefix')]"
}
},
{
"name": "[variables('serversSubnetName')]",
"properties": {
"addressPrefix": "[variables('serversSubnetPrefix')]",
"routeTable": {
"id": "[resourceId('Microsoft.Network/routeTables', variables('azfwRouteTableName'))]"
}
}
}
]
}
},
{
"name": "[variables('publicIPName')]",
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2017-10-01",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAllocationMethod": "Static",
"publicIPAddressVersion": "IPv4"
}
},
{
"name": "[variables('jumpBoxPublicIPAddressName')]",
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2017-10-01",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "Dynamic"
}
},
{
"name": "[variables('jumpBoxNsgName')]",
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2018-02-01",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "myNetworkSecurityGroupRuleRDP",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "3389",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 1000,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('JumpBoxNicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses/', variables('jumpBoxPublicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
"[resourceId('Microsoft.Network/networkSecurityGroups', variables('jumpBoxNsgName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('jumpBoxPublicIPAddressName'))]"
},
"subnet": {
"id": "[variables('jumpBoxSubnetId')]"
}
}
}
],
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', variables('jumpBoxNsgName'))]"
}
}
},
{
"apiVersion": "2016-03-30",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('ServerNicName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('serverSubnetId')]"
}
}
}
]
}
},
{
"name": "JumpBox",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2017-12-01",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS1_v2"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2012-R2-Datacenter",
"version": "latest"
},
"osDisk": {
"osType": "Windows",
"createOption": "FromImage",
"diskSizeGB": 127
},
"dataDisks": []
},
"osProfile": {
"computerName": "JumpBox",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]",
"secrets": []
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('JumpBoxNicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces', variables('JumpBoxNicName'))]"
]
},
{
"name": "Server",
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2017-12-01",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "Standard_DS1_v2"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2012-R2-Datacenter",
"version": "latest"
},
"osDisk": {
"osType": "Windows",
"createOption": "FromImage",
"diskSizeGB": 127
},
"dataDisks": []
},
"osProfile": {
"computerName": "Server",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]",
"secrets": []
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', variables('ServerNicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob]"
}
}
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces', variables('ServerNicName'))]"
]
},
{
"apiVersion": "2018-06-01",
"type": "Microsoft.Network/azureFirewalls",
"name": "[variables('firewallName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]",
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "IpConf",
"properties" : {
"subnet": {
"id": "[variables('azureFirewallSubnetId')]"
},
"InternalPublicIPAddress": {
"id": "[variables('azureFirewallPublicIpId')]"
}
}
}
],
"applicationRuleCollections": [
{
"name": "appRc1",
"properties": {
"priority": 101,
"action": {"type": "Allow"},
"rules": [
{
"name": "appRule1",
"protocols": [{"port": "80", "protocolType": "http"}, {"port": "443", "protocolType": "https"}],
"targetUrls": ["*microsoft.com"]
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netRc1",
"properties": {
"priority": 200,
"action": { "type": "Allow"},
"rules": [
{
"name": "netRule1",
"protocols": ["TCP"],
"sourceAddresses": ["192.168.2.0/24"],
"destinationAddresses": ["*"],
"destinationPorts": ["8000-8999"]
}
]
}
}
]
}
}
]
}
You can’t perform that action at this time.