private PSAzureFirewall CreateAzureFirewall()
{
var firewall = new PSAzureFirewall();
if (Sku == MNM.AzureFirewallSkuName.AZFWHub)
{
if (VirtualHubId != null && this.Location != null)
{
var resourceInfo = new ResourceIdentifier(VirtualHubId);
var hub = this.VirtualHubClient.Get(resourceInfo.ResourceGroupName, resourceInfo.ResourceName);
if (hub.Location != this.Location)
{
throw new ArgumentException("VirtualHub and Firewall cannot be in different locations", nameof(VirtualHubId));
}
}
var sku = new PSAzureFirewallSku();
sku.Name = MNM.AzureFirewallSkuName.AZFWHub;
sku.Tier = MNM.AzureFirewallSkuTier.Standard;
firewall = new PSAzureFirewall()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
Sku = sku,
VirtualHub = VirtualHubId != null ? new MNM.SubResource(VirtualHubId) : null,
FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null
};
}
else
{
var sku = new PSAzureFirewallSku();
sku.Name = MNM.AzureFirewallSkuName.AZFWVNet;
sku.Tier = MNM.AzureFirewallSkuTier.Standard;
firewall = new PSAzureFirewall()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
ApplicationRuleCollections = this.ApplicationRuleCollection?.ToList(),
NatRuleCollections = this.NatRuleCollection?.ToList(),
NetworkRuleCollections = this.NetworkRuleCollection?.ToList(),
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = this.ThreatIntelWhitelist,
Sku = sku
};
if (this.Zone != null)
{
firewall.Zones = this.Zone?.ToList();
}
if (this.virtualNetwork != null)
{
firewall.Allocate(this.virtualNetwork, this.publicIpAddresses);
}
}
// Map to the sdk object
var azureFirewallModel = NetworkResourceManagerProfile.Mapper.Map <MNM.AzureFirewall>(firewall);
azureFirewallModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallModel);
return(this.GetAzureFirewall(this.ResourceGroupName, this.Name));
}
private PSAzureFirewall CreateAzureFirewall()
{
var firewall = new PSAzureFirewall();
if (Sku == MNM.AzureFirewallSkuName.AZFWHub)
{
if (VirtualHubId != null && this.Location != null)
{
var resourceInfo = new ResourceIdentifier(VirtualHubId);
var hub = this.VirtualHubClient.Get(resourceInfo.ResourceGroupName, resourceInfo.ResourceName);
if (hub.Location != this.Location)
{
throw new ArgumentException("VirtualHub and Firewall cannot be in different locations", nameof(VirtualHubId));
}
}
if (this.HubIPAddress != null && this.HubIPAddress.PublicIPs != null && this.HubIPAddress.PublicIPs.Addresses != null)
{
throw new ArgumentException("The list of public Ip addresses cannot be provided during the firewall creation");
}
var sku = new PSAzureFirewallSku();
sku.Name = MNM.AzureFirewallSkuName.AZFWHub;
sku.Tier = MNM.AzureFirewallSkuTier.Standard;
firewall = new PSAzureFirewall()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
Sku = sku,
VirtualHub = VirtualHubId != null ? new MNM.SubResource(VirtualHubId) : null,
FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null,
HubIPAddresses = this.HubIPAddress
};
}
else
{
var sku = new PSAzureFirewallSku();
sku.Name = MNM.AzureFirewallSkuName.AZFWVNet;
sku.Tier = MNM.AzureFirewallSkuTier.Standard;
firewall = new PSAzureFirewall()
{
Name = this.Name,
ResourceGroupName = this.ResourceGroupName,
Location = this.Location,
FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null,
ApplicationRuleCollections = this.ApplicationRuleCollection?.ToList(),
NatRuleCollections = this.NatRuleCollection?.ToList(),
NetworkRuleCollections = this.NetworkRuleCollection?.ToList(),
ThreatIntelMode = this.ThreatIntelMode ?? MNM.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = this.ThreatIntelWhitelist,
PrivateRange = this.PrivateRange,
DNSEnableProxy = (this.EnableDnsProxy.IsPresent? "true" : null),
DNSRequireProxyForNetworkRules = (this.DnsProxyNotRequiredForNetworkRule.IsPresent ? "false" : null),
DNSServer = this.DnsServer,
AllowActiveFTP = (this.AllowActiveFTP.IsPresent ? "true" : null),
Sku = sku
};
if (this.Zone != null)
{
firewall.Zones = this.Zone?.ToList();
}
if (this.virtualNetwork != null)
{
firewall.Allocate(this.virtualNetwork, this.publicIpAddresses, this.ManagementPublicIpAddress);
}
firewall.ValidateDNSProxyRequirements();
}
// Map to the sdk object
var azureFirewallModel = NetworkResourceManagerProfile.Mapper.Map <MNM.AzureFirewall>(firewall);
azureFirewallModel.Tags = TagsConversionHelper.CreateTagDictionary(this.Tag, validate: true);
// Execute the Create AzureFirewall call
this.AzureFirewallClient.CreateOrUpdate(this.ResourceGroupName, this.Name, azureFirewallModel);
return(this.GetAzureFirewall(this.ResourceGroupName, this.Name));
}
