You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall-manager/secure-cloud-network-powershell.md
+47-1Lines changed: 47 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,6 +21,9 @@ In this tutorial, you learn how to:
21
21
> * Deploy Azure Firewall and configure custom routing
22
22
> * Test connectivity
23
23
24
+
> [!IMPORTANT]
25
+
> Virtual WAN is a collection of hubs and services made available inside the hub. The user can have as many Virtual WAN per their need. In a Virtual WAN hub, there are multiple services like VPN, ExpressRoute etc. Each of these services is automatically deployed across **Availability Zones***except* Azure Firewall, if the region supports Availability Zones. To upgrade an existing Azure Virtual WAN Hub to Secure Hub and have the Azure Firewall leveraging Availability Zones, PowerShell code must be used, as described in this article, see section below.
26
+
24
27
## Prerequisites
25
28
26
29
- If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free/?WT.mc_id=A261C142F) before you begin.
@@ -29,6 +32,8 @@ In this tutorial, you learn how to:
29
32
30
33
This tutorial requires that you run Azure PowerShell locally on PowerShell 7. To install PowerShell 7, see [Migrating from Windows PowerShell 5.1 to PowerShell 7](/powershell/scripting/install/migrating-from-windows-powershell-51-to-powershell-7?view=powershell-7&preserve-view=true).
31
34
35
+
- "Az.Network" module version must be 4.17.0 or higher.
36
+
32
37
## Sign in to Azure
33
38
34
39
```azurepowershell
@@ -46,6 +51,8 @@ $RG = "vwan-rg"
46
51
$Location = "westeurope"
47
52
$VwanName = "vwan"
48
53
$HubName = "hub1"
54
+
$FirewallTier = "Standard" # or "Premium"
55
+
49
56
# Create Resource Group, Virtual WAN and Virtual Hub
> The Firewall creation command below will **not** use Availability Zones. If you want to leverage this feature, an additional parameter **-Zone** is required. An example is provided in the upgrade section at the end of this article.
90
+
80
91
Enabling logging from the Azure Firewall to Azure Monitor is optional, but in this example you use the Firewall logs to prove that traffic is traversing the firewall:
81
92
82
93
```azurepowershell
@@ -272,6 +283,41 @@ To delete the test environment, you can remove the resource group with all conta
272
283
Remove-AzResourceGroup -Name $RG
273
284
```
274
285
286
+
## Upgrade an existing Hub with Availability Zones
287
+
288
+
The procedure described above will permit a user to create a brand **new** Azure Virtual WAN Hub, and then immediately convert to a Secured Hub deploying Azure Firewall using a PowerShell script.
289
+
A similar approach can be applied to an **existing** Azure Virtual WAN Hub: Firewall Manager can be also used for the conversion, but will not be possible to deploy Azure Firewall across Availability Zones without a script-based approach.
290
+
The code snippet required to convert an existing Azure Virtual WAN Hub to a Secured Hub, using an Azure Firewall deployed across all three Availability Zones, is reported below:
291
+
292
+
```azurepowershell
293
+
# Variable definition
294
+
$RG = "vwan-rg"
295
+
$Location = "westeurope"
296
+
$VwanName = "vwan"
297
+
$HubName = "hub1"
298
+
$FirewallName = "azfw1"
299
+
$FirewallTier = "Standard" # or "Premium"
300
+
$FirewallPolicyName = "VwanFwPolicy"
301
+
302
+
# Get references to vWAN and vWAN Hub to convert #
0 commit comments