您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

部署包含多个公共 IP 地址的 Azure 防火墙Deploy an Azure Firewall with multiple public IP addresses

如果要使用 Azure 防火墙保护虚拟中心,可以使用 Azure PowerShell 部署具有多个公共 IP 地址的防火墙。If you want to protect a virtual hub using Azure Firewall, you can deploy the firewall with multiple public IP addresses using Azure PowerShell.

使用 Azure Cloud ShellUse Azure Cloud Shell

Azure 托管 Azure Cloud Shell(一个可通过浏览器使用的交互式 shell 环境)。Azure hosts Azure Cloud Shell, an interactive shell environment that you can use through your browser. 可以将 Bash 或 PowerShell 与 Cloud Shell 配合使用来使用 Azure 服务。You can use either Bash or PowerShell with Cloud Shell to work with Azure services. 可以使用 Azure Cloud Shell 预安装的命令来运行本文中的代码,而不必在本地环境中安装任何内容。You can use the Cloud Shell preinstalled commands to run the code in this article without having to install anything on your local environment.

若要启动 Azure Cloud Shell,请执行以下操作:To start Azure Cloud Shell:

选项Option 示例/链接Example/Link
选择代码块右上角的“试用”。Select Try It in the upper-right corner of a code block. 选择“试用”不会自动将代码复制到 Cloud Shell。Selecting Try It doesn't automatically copy the code to Cloud Shell. Azure Cloud Shell 的“试用”示例
转到 https://shell.azure.com 或选择“启动 Cloud Shell”按钮可在浏览器中打开 Cloud Shell。Go to https://shell.azure.com, or select the Launch Cloud Shell button to open Cloud Shell in your browser. 在新窗口中启动 Cloud ShellLaunch Cloud Shell in a new window
选择 Azure 门户右上角菜单栏上的 Cloud Shell 按钮。Select the Cloud Shell button on the menu bar at the upper right in the Azure portal. Azure 门户中的“Cloud Shell”按钮

若要在 Azure Cloud Shell 中运行本文中的代码,请执行以下操作:To run the code in this article in Azure Cloud Shell:

  1. 启动 Cloud Shell。Start Cloud Shell.

  2. 选择代码块上的“复制”按钮以复制代码。Select the Copy button on a code block to copy the code.

  3. 在 Windows 和 Linux 上选择 Ctrl+Shift+V 将代码粘贴到 Cloud Shell 会话中,或在 macOS 上选择 Cmd+Shift+V 将代码粘贴到 Cloud Shell 会话中。Paste the code into the Cloud Shell session by selecting Ctrl+Shift+V on Windows and Linux or by selecting Cmd+Shift+V on macOS.

  4. 选择 Enter 运行此代码。Select Enter to run the code.

部署防火墙Deploy the firewall

使用以下 Azure PowerShell 示例部署包含多个公共 IP 地址的 Azure 防火墙,以保护虚拟中心。Use the following Azure PowerShell example to deploy an Azure Firewall with multiple public IP addresses to protect a virtual hub.

Select-AzSubscription -SubscriptionId <subscription ID> 

$rgName = <resource group name> 
$vHub = Get-AzVirtualHub -Name <hub name> 
$vHubId = $vHub.Id 
$fwpips = New-AzFirewallHubPublicIpAddress -Count 3
$hubIpAddresses = New-AzFirewallHubIpAddress -PublicIPs $fwpips 
$fw = New-AzFirewall -Name <firewall name> -ResourceGroupName $rgName `
     -Location <location> -Sku AZFW_Hub -HubIPAddresses $hubIpAddresses `
     -VirtualHubId $vHubId 

更新公共 IP 地址Update a public IP address

你可以使用 Azure PowerShell 来更新 Azure 防火墙的公共 IP 地址。You can use Azure PowerShell to update a public IP address for an Azure Firewall. 以下示例从防火墙中删除一个公共 IP 地址。The following example deletes one public IP address from a firewall. 它从三个公共 IP 地址开始。It starts with three public IP addresses.

Select-AzSubscription -SubscriptionId <subscription ID>

$azfw = get-azfirewall -Name <firewall name> -ResourceGroupName <resource group name>
$ip1 = New-AzFirewallPublicIpAddress -Address <first ip address to keep>
$ip2 = New-AzFirewallPublicIpAddress -Address <second ip address to keep>
$ipAddresses = $ip1,$ip2
$azfw.HubIPAddresses.publicIPs.Addresses = $ipAddresses
$azfw.HubIPAddresses.publicIPs.count = 2
Set-AzFirewall -AzureFirewall $azfw

后续步骤Next steps

什么是安全虚拟中心?What is a secured virtual hub?