Subscribing Gateway and Firewall Offers to Private Azure Marketplace for Aviatrix Deployments
Depending on your company’s security policies, you may need to add and subscribe Aviatrix gateways and firewalls to the private Azure Marketplace using PowerShell. This document explains how to use PowerShell commands to add and subscribe gateways and firewalls in Azure, and partner firewall offers, to your private Azure Marketplace.
Since our gateway images are not publicly available, you cannot subscribe to these offers directly in your private Marketplace through the Azure portal. Please follow the instructions below to complete the subscription process.
| The examples in the following sections demonstrate how to apply Azure commands to subscribe on the private Marketplace. Because the Azure commands could change, you can verify command usage in Azure documentation. See Manage a private Azure Marketplace using PowerShell and Get storage account configuration information to check for the most current updates and commands. |
Subscribing an Aviatrix Gateway Offer to Azure Private Marketplace
Prerequisites
-
You must have the administrative permissions required to run the commands in this task. If you can’t run the commands, contact your security admin.
-
Ensure the Azure collection you plan to use for this task is enabled on the Azure Manage marketplace page.
-
If you have multiple Azure subscriptions, identify which subscription should be used for resource billing.
See Manage a private Azure Marketplace using PowerShell for more details about how to choose an appropriate subscription.
Complete the following steps:
-
Log into your Azure account.
-
Run the following command to install the necessary packages:
Install-Module -Name AZ.Marketplace -
(Optional) If you have multiple Azure subscriptions, set the subscription in which the resources should be billed.
Skip this step if you only have one subscription.
Set-AzContext -SubscriptionId <subscription_id> -
Run the following command and copy your Private Store ID.
Get-AzMarketplacePrivateStore -
Run the following command and copy the collection ID.
The collection ID must already be enabled.
Get-AzMarketplacePrivateStoreCollection -PrivateStoreId <private_store_id> -
Run the following command and copy the Uniform Resource Name (URN).
az vm image list --publisher aviatrix-systems --all --output tableThe URN is in a format similar to, aviatrix-systems:aviatrix-gateway:aviatrix-gateway-g3:20240806.2003.0.
-
Run the following command to accept the terms of the image on the private Azure Marketplace:
az vm image accept-terms --urn <urn>Where <urn> is the URN value you retrieved from the previous step.
-
Run the following commands to add a gateway offer to the private Azure Marketplace, if your offer is not yet in the private Marketplace.
$Params = @{ privateStoreId = "<private_store_id>" collectionId = "<collection_id>" offerId = "<offer_id>" SpecificPlanIdLimitation =@("<specific_plan_id_limitation>") } Set-AzMarketplacePrivateStoreCollectionOffer @ParamsReplace the variables <private_store_id> and <collection_id> with the values copied in previous steps.
Replace <offer_id> and <specific_plan_id_limitation> (or
sku) with the appropriate values according to your Controller’s current software version. Use the following table:Release offerID SpecificPlanIdLimitation >= 6.7
aviatrix-systems.aviatrix-companion-gateway-v10
aviatrix-companion-gateway-v10u
>=6.8
aviatrix-systems.aviatrix-companion-gateway-v13
aviatrix-companion-gateway-v13u
>=6.9
aviatrix-systems.aviatrix-companion-gateway-v15
aviatrix-companion-gateway-v15u-6-9
>=7.0
aviatrix-systems.aviatrix-companion-gateway-v16
aviatrix-companion-gateway-v16
>=7.1.3958
aviatrix-systems.aviatrix-gateway
aviatrix-gateway-g3
The Aviatrix Gateway image is now part of your private Azure Marketplace.
Next Steps
-
In the Azure portal, onboard the service principal created under the subscription you used to add the gateway offer to the private Marketplace.
See Microsoft documentation, if needed.
-
You can deploy Aviatrix Gateways for Azure from the Aviatrix Controller.
See Building Your Network in the Aviatrix documentation.
Example Code
Below is a full example code snippet that demonstrates the workflow.
Replace variables with your account’s values.
# Install the AZ.Marketplace module
Install-Module -Name AZ.Marketplace
# (Optional) If you have multiple subscriptions, set the appropriate subscription
Set-AzContext -SubscriptionId <subscription_id>
# Get the Private StoreID
Get-AzMarketplacePrivateStore
# Get the CollectionID
Get-AzMarketplacePrivateStoreCollection -PrivateStoreId <private_store_id>
# Get the URN
az vm image list --output table
# Accept the terms of the image on Azure Private Marketplace
az vm image accept-terms --urn aviatrix-systems:aviatrix-gateway:aviatrix-gateway-g3:20240512.1500.0
# Add the offer to the private Azure Marketplace
$Params = @{
privateStoreId = "e796cf6d-fb86-4621-99b5-6764cafeee58"
collectionId = "e796cf6d-fb86-4621-99b5-6764cafeee58"
offerId = "aviatrix-systems.aviatrix-gateway"
SpecificPlanIdLimitation =@("aviatrix-gateway-g3")
}
# Set the offer to the private Marketplace
Set-AzMarketplacePrivateStoreCollectionOffer @ParamsSubscribing an Aviatrix Firewall Offer to Your Private Marketplace
Repeat the steps above to add an offer for the Azure Firewall to your private Marketplace. Use the table below to find the correct Publisher and OfferID values.
| Name | Publisher | OfferID (plan product) | SKU (plan name) |
|---|---|---|---|
PAN |
paloaltonetworks |
vmseries1, vmseries-flex |
bundle1, bundle2, byol |
Fortinet |
fortinet |
fortinet_fortigate-vm_v5 |
fortinet_fg-vm fortinet_fg-vm_payg fortinet_fg-vm_payg_20190624 |
Check Point |
checkpoint |
check-point-cg-r81, check-point-cg-r8110 |
sg-ngtp, sg-ngtx, sg-byol, mgmt-byol |
After following these steps, you can now deploy Azure Firewalls from your Azure Private Marketplace through the Aviatrix Controller.