pfSense on Azure - Part 3 - Deploy pfSense in Azure

Read time: 5 minutes
Execution time: 10 minutes

Series overview

• pfSense on Azure - Part 1 - Create pfSense Virtual Machine
• pfSense on Azure - Part 2 - Install pfSense
• pfSense on Azure - Part 3 - Deploy pfSense in Azure
• pfSense on Azure - Part 4 - Deploy pfSense in Azure with ARM templates

Introduction

In the first part, we prepared the virtual machine for pfsense with all necessary tweeks for Azure. In part 2, all necessary packages are installed, along with the Azure Linux Agent. Now we are ready to upload the VHD to an Azure storage account, create an image and deploy a new virtual machine, based on that image.

Upload of the VHD

I assume you have a storage account already in place.

To upload the VHD file, we will use the Microsoft Azure Storage Explorer.

Creation of the Azure resources

Virtual Network

First we need to deploy the Azure networks. We will deploy a Virtual network with the following properties:

• Name: eu-vdc-vnet
• Resource Group: eu-network-rg
• Location: West Europe
• Address Prefix: 10.0.0.0/24
• Subnets:
  • Name: gatewaysubnet (for future use)
    • Address Prefix: 10.0.0.0/27
  • Name: frontend
    • Address Prefix: 10.0.0.32/27
  • Name: backend
    • Address Prefix: 10.0.0.64/27

Commands:

# Login to the Azure Account
Login-AzureRmAccount
# List all subscriptions, available onder your account
Get-AzureRmSubscription
# Select the right subscription
Select-AzureRmSubscription <subscription id>
# Create a new resource group
New-AzureRmResourceGroup -Name eu-network-rg -Location 'West Europe'
# Create a new Virtual Network
$VirtualNetwork = New-AzureRmVirtualNetwork -ResourceGroupName eu-network-rg -Location 'West Europe' -Name eu-vdc-vnet -AddressPrefix "10.0.0.0/24"
# Configure all subnets
Add-AzureRmVirtualNetworkSubnetConfig -Name gatewaysubnet -VirtualNetwork $VirtualNetwork -AddressPrefix "10.0.0.0/27"
Add-AzureRmVirtualNetworkSubnetConfig -Name frontend -VirtualNetwork $VirtualNetwork -AddressPrefix "10.0.0.32/27"
Add-AzureRmVirtualNetworkSubnetConfig -Name backend -VirtualNetwork $VirtualNetwork -AddressPrefix "10.0.0.64/27"
# Assign all subnets to the Virtual Network
$VirtualNetwork | Set-AzureRmVirtualNetwork

Managed disk

With the Virtual Networks in place, we can create the Managed Disk, based on the uploaded VHD. We will use the following properties:

• Name: eu-pfsense-1-os
• Resource Group: eu-firewalls-rg
• Location: West Europe

Commands:

# Initialize variables
$storageType = "Standard_LRS"
$location = "West Europe"
$storageAccountId = "/subscriptions/<subscription id>/resourceGroups/RG_IMAGES_PFSENSE/providers/Microsoft.Storage/storageAccounts/azpfsense"
$sourceVhdUri = "https://<storage account name>.blob.core.windows.net/vhd/pfsense.vhd"
New-AzureRmResourceGroup -Name eu-firewalls-rg -Location 'West Europe'
# Create the disk configuration
$diskConfig = New-AzureRmDiskConfig -AccountType $storageType -Location $location -CreateOption Import -StorageAccountId $storageAccountId -SourceUri $sourceVhdUri
# Create the Managed Disk
New-AzureRmDisk -Disk $diskConfig -ResourceGroupName eu-firewalls-rg -DiskName eu-pfsense-1-os

pfSense Virtual Machine

We are ready to create the virtual machine for pfSense. We will create the virtual machine with the following properties:

• Name: eu-pfsense-1
• Resource Group: eu-firewalls-rg
• Location West Europe
• NIC’s:
  • Name: eu-pfsense-1-frontend-nic
    • Subnet: frontend
    • IP type: fixed
    • IP Address: 10.0.0.36
  • Name: eu-pfsense-1-backend-nic
    • Subnet: backend
    • IP type: fixed
    • IP Address: 10.0.0.68

Commands:

# Get the object of the existing Managed Disk
$disk = Get-AzureRmDisk -DiskName eu-pfsense-1-os -ResourceGroupName eu-firewalls-rg
# Get the object for the existing Virtual Network
$VirtualNetwork = Get-AzureRmVirtualNetwork -Name eu-vdc-vnet -ResourceGroupName eu-network-rg
# Create a new Virtual Machine object
$virtualMachine = New-AzureRmVMConfig -VMName eu-pfsense-1 -VMSize Standard_B2s
# Attach the existing Managed Disk to the Virtual Machine
$virtualMachine = Set-AzureRmVMOSDisk -VM $virtualMachine -ManagedDiskId $disk.Id -CreateOption Attach -Linux
# Create the NIC's for the frontend and the backend
$frontEndNic = New-AzureRmNetworkInterface -Name eu-pfsense-1-frontend-nic -ResourceGroupName eu-firewalls-rg -Location 'West Europe' -SubnetId $VirtualNetwork.Subnets[1].Id -PrivateIpAddress 10.0.0.36
$backEndNic = New-AzureRmNetworkInterface -Name eu-pfsense-1-backend-nic -ResourceGroupName eu-firewalls-rg -Location 'West Europe' -SubnetId $VirtualNetwork.Subnets[2].Id -PrivateIpAddress 10.0.0.68
# Add the NIC's to the Virtual Machine
$virtualMachine = Add-AzureRmVMNetworkInterface -VM $virtualMachine -Id $frontEndNic.Id -Primary
$virtualMachine = Add-AzureRmVMNetworkInterface -VM $virtualMachine -Id $backEndNic.Id
# Create the Virtual Machine
New-AzureRmVM -VM $virtualMachine -ResourceGroupName eu-firewalls-rg -Location 'West Europe'

Test Virtual Machine

To be able to test the configuration, we need a Virtual Machine in the backend subnet. The procedure is nearly the same as for the firewalls, but with some small differences. We will add a public IP to enable external access and we also need only one NIC. We will create the Virtual Machine with these properties:

• Name: eu-pfsense-mgmt
• Resource Group: eu-firewalls-rg
• Location: West Europe
• NIC:
  • Name: eu-pfsense-mgmt-nic
  • IP type: fixed
  • IP Address: 10.0.0.37
• Public IP address:
  • Name: eu-pfsense-mgmt-pip
  • IP type: variable

Commands:

# Create the Public IP Address
$pip = New-AzureRmPublicIpAddress -ResourceGroupName eu-firewalls-rg -Location 'West Europe' -Name eu-pfsense-mgmt-pip -AllocationMethod Dynamic
# Create the NIC for the Virtual Machine
$nic = New-AzureRmNetworkInterface -Name eu-pfsense-mgmt-nic -ResourceGroupName eu-firewalls-rg -Location 'West Europe' -SubnetId $VirtualNetwork.Subnets[2].Id -PublicIpAddressId $pip.Id -PrivateIpAddress 10.0.0.37
# Create the Virtual Machine Object
$virtualMachine = New-AzureRmVMConfig -VMName eu-pfsense-mgmt -VMSize "Standard_B1s"
# Prepare the Virtual Machine for Windows
$virtualMachine | Set-AzureRmVMOperatingSystem -Windows -ComputerName eu-pfsense-mgmt -Credential (Get-Credential)
# Configure the Virtual Machine for Windows 2016 Datacenter
$virtualMachine | Set-AzureRmVMSourceImage -PublisherName MicrosoftWindowsServer -Offer WindowsServer -SKus 2016-Datacenter -Version latest
# Add the NIC to the Virtual Machine
$virtualMachine | Add-AzureRmVMNetworkInterface -Id $nic.Id
# Create the Virtual Machine
New-AzureRmVM -ResourceGroupName eu-firewalls-rg -Location 'West Europe' -VM $virtualMachine

With the Virtual Machine deployed, we can now access the deployed pfSense instance.