Deploying Azure Gateways and Firewalls using PowerShell

Depending on your company’s security policies, you may need to use Azure PowerShell to deploy gateways and firewalls in Azure. This document explains how to use PowerShell commands to deploy gateways and firewalls in Azure and partner firewall offers to your Private Azure Marketplace.

Be aware that this Companion Gateway is not immediately visible in the Azure Marketplace. Hiding the gateway offer makes the Controller deployment process simpler and easier, as when you first deploy an Aviatrix Controller, you only have one marketplace offer to select.

The user who runs this command via Azure PowerShell must have admin permissions for the Azure Private Marketplace.

Please see this article for general instructions about adding offers to your Azure Private Marketplace.

Retrieving the PrivateStoreID

  1. Log into your Azure account.

  2. Install the Az. Marketplace PowerShell module using this command:

    Install-Module -Name Az.Marketplace

  3. Next, retrieve a list of private stores created in this Azure tenant to retrieve the PrivateStoreID you need to install on the Private Marketplace. Use this command:

    Get-AzMarketplacePrivateStore.

    The output generated includes your Private Store ID.

  4. Now, validate the offer. Use this command:

    Get-AzMarketplacePrivateStoreOffer -PrivateStoreId <PS_id> -OfferId <UniqueOfferId>

    • For <PS_id>, use the PrivateStoreID you retrieved.

    • For <UniqueOfferId>, use publisherId.offerId.

  • If there is no output (or code 'BadRequest'), this means the offer is not in your Private Store. Go to step 5.

  • If the command responded with the output, this means the offer is already in your Private Store - go to step 5.

  1. Use the PrivateStoreId from step 3 and follow the steps below to add the offer to your Private Store.

Adding the Aviatrix Companion Gateway Offer to Your Private Marketplace

Use this command to add the gateway image from the public marketplace to your private marketplace:

$Params = @{
privateStoreId = "03e6c03e-074e-474c-8d40-3eac96d82a77"
collectionId = "03e6c03e-074e-474c-8d40-3eac96d82a77"
offerId = "<offerID for the Aviatrix Companion Gateway>"
SpecificPlanIdLimitation =@("<SpecificPlanIdLimitation for the Aviatrix Companion Gateway>")
}
Set-AzMarketplacePrivateStoreCollectionOffer @Params
Collection ID == Private Store ID

Depending on your Controller’s current software version, replace the offerID and SpecificPlanldLimitation values with the correct values. Use this table:

Release offerID SpecificPlanIdLimitation

6.7

aviatrix-systems.aviatrix-companion-gateway-v10

aviatrix-companion-gateway-v10u

6.8

aviatrix-systems.aviatrix-companion-gateway-v13

aviatrix-companion-gateway-v13u

6.9

aviatrix-systems.aviatrix-companion-gateway-v15

aviatrix-companion-gateway-v15u-6-9

7.0

aviatrix-systems.aviatrix-companion-gateway-v16

aviatrix-companion-gateway-v16

The Aviatrix Companion Gateway is now part of your Azure Private Marketplace. You can now deploy Aviatrix Companion Gateways for Azure from the Aviatrix Controller.

Adding the Aviatrix Firewall Offer to Your Private Marketplace

Repeat the steps above to add an offer for the Azure Firewall to your Private Marketplace. Use the table below to find the correct Publisher and OfferID.

Name Publisher Offer (plan product) SKU (plan name)

PAN

paloaltonetworks

vmseries1, vmseries-flex

bundle1, bundle2, byol

Fortinet

fortinet

fortinet_fortigate-vm_v5

fortinet_fg-vm fortinet_fg-vm_payg fortinet_fg-vm_payg_20190624

Check Point

checkpoint

check-point-cg-r81, check-point-cg-r8110

sg-ngtp, sg-ngtx, sg-byol, mgmt-byol

After following these steps, you can deploy Azure Firewalls from your Azure Private Marketplace through the Aviatrix Controller.