Azure Classroom Series – 28/Feb/2020

Azure Powershell for Networking contd

  • Exercise: Create Azure Virtual Network with 4 subnets
    • 2 subnets at the time of creation of network
    • 4 subnets post creation of network

# Create a resource group
$rg = New-AzResourceGroup -Name 'fromps2' -Location 'centralus'

$management_subnet = New-AzVirtualNetworkSubnetConfig -Name 'manage' -AddressPrefix '10.10.4.0/24' 

$test_subnet = New-AzVirtualNetworkSubnetConfig -Name 'test' -AddressPrefix '10.10.5.0/24' 
# Create a virtual Network
$vnet = New-AzVirtualNetwork -Name 'vnetfromps' -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -AddressPrefix '10.10.0.0/16' -Subnet $management_subnet,$test_subnet

# add subnets
Add-AzVirtualNetworkSubnetConfig -Name 'web' -VirtualNetwork $vnet -AddressPrefix '10.10.0.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'app' -VirtualNetwork $vnet -AddressPrefix '10.10.1.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'db' -VirtualNetwork $vnet -AddressPrefix '10.10.2.0/24'

Add-AzVirtualNetworkSubnetConfig -Name 'cache' -VirtualNetwork $vnet -AddressPrefix '10.10.3.0/24'

$vnet | Set-AzVirtualNetwork

# Remove Resource Group
# Remove-AzResourceGroup -Name $rg.ResourceGroupName -Force
  • Exercise: Create a network security group and attach this to existing subnets.
# Create a Network Security Group Rules

$inbound_rule_ssh = New-AzNetworkSecurityRuleConfig -Name 'Allowssh' -Protocol 'TCP' -SourcePortRange '*' -SourceAddressPrefix '*' -DestinationPortRange '22' -DestinationAddressPrefix '*' -Access 'Allow' -Priority 300 -Direction 'Inbound'

$outbound_allow_all = New-AzNetworkSecurityRuleConfig -Name 'AllowAllOutbound' -Protocol '*' -SourcePortRange '*' -DestinationPortRange '*' -SourceAddressPrefix '*' -DestinationAddressPrefix '*' -Direction 'Outbound' -Access 'Allow' -Priority '200'

$inbound_rule_http = New-AzNetworkSecurityRuleConfig -Name 'Allowhttp' -Protocol 'TCP' -SourcePortRange '*' -SourceAddressPrefix '*' -DestinationPortRange '80' -DestinationAddressPrefix '*' -Access 'Allow' -Priority 310 -Direction 'Inbound'

$nsg1 = New-AzNetworkSecurityGroup -Name 'Allowhttpssh' -ResourceGroupName $rg.ResourceGroupName -Location $rg.Location -SecurityRules $inbound_rule_ssh,$inbound_rule_http,$outbound_allow_all

# Associate nsg1 to test subnet
Set-AzVirtualNetworkSubnetConfig -Name $test_subnet.Name -VirtualNetwork $vnet -NetworkSecurityGroup $nsg1 -AddressPrefix $test_subnet.AddressPrefix

$vnet | Set-AzVirtualNetwork

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin