1

We have a firewall solution in place. Is there anyway to build an azure server without the windows firewall? Or at a minimum have it turned off?

The build is being done by powershell. Also currently looking into Templates, but right now is powershell.

Shui shengbao
  • 3,583
  • 1
  • 11
  • 20
Greg P
  • 121
  • 1
  • Sure, you can disable the host firewall just as you'd do with a non-Azure server. The question is: why? Defense in depth is a real thing, and if you're doing the build via powershell, you already have the automation bits together to programmatically create and modify firewall rules. – EEAA May 24 '17 at 19:18
  • While building the server via powershell, how does one create a firewall rule during the build. Currently have to rdp into it and updating it to allow 5985 to access the server. Need to do this thru PSSession but need that port opened first. The following doesn't do it, so rather turn it off, do what we need to and turn on our solution $nsgRulePS = New-AzureRmNetworkSecurityRuleConfig -Name $myNetworkSecurityGroupRulePS -Protocol Tcp ` -Direction Inbound -Priority 1200 -SourceAddressPrefix * -SourcePortRange * -DestinationAddressPrefix * ` -DestinationPortRange 5985 -Access Allow – Greg P May 24 '17 at 19:35

1 Answers1

1

You could use Azure Custom Script Extension to achiever your scenario.

The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other configuration / management task. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time.

If you want to use PowerShell to do it. You could write a PowerShell script and upload it to GitHub or Azure storage.

 netsh advfirewall firewall add rule name="Open Port 5985" dir=in action=allow protocol=TCP localport=5985

The Set-AzureRmVMCustomScriptExtension command can be used to add the Custom Script extension to an existing virtual machine. For more information, see Set-AzureRmVMCustomScriptExtension.

After your VM is created successful, you could execute the following cmdlet.

Set-AzureRmVMCustomScriptExtension -ResourceGroupName myResourceGroup `
    -VMName myVM `
    -Location myLocation `
    -FileUri myURL `
    -Run 'myScript.ps1' `
    -Name DemoScriptExtension

I suggest you could upload your script to GitHub, please ensure the script should be public. Just an example, it works for me.

Set-AzureRmVMCustomScriptExtension -ResourceGroupName shuiwinrm `
    -VMName shui `
    -Location "South Central US" `
    -FileUri "https://gist.githubusercontent.com/Walter-Shui/432bc4e657b813522c6dea88ada2b0cd/raw/7fd9a04babf909f85a45a293a421bc703561ae15/winrm5985.ps1" `
    -Run 'winrm5985.ps1' `
    -Name DemoScriptExtension
Shui shengbao
  • 3,583
  • 1
  • 11
  • 20
  • Just checking in to see if the information provided was helpful. Please let me know if you would like further assistance. – Shui shengbao Jun 05 '17 at 09:19
  • @Greg P If my answer is helpful, don't forget to accept it. It will help more people. Thanks. – Shui shengbao Jun 07 '17 at 01:07
  • Thanks for this information @Walter - MSFT! I'm trying to leverage custom script extension and the official documentation doesn't lend itself to much clarity. – nthieling Jun 09 '17 at 17:27
  • Fine, if my answer solves your issue, don't forget to accept it as answer. – Shui shengbao Jun 12 '17 at 01:38
  • I'm not the submitter, otherwise I would! I also do not possess enough magical ServerFault points to do it on other people's questions. – nthieling Jun 12 '17 at 04:21