dmauser

#Parameters = make changes based on your needs
rg=afd-lab #set resource group
afdprofile=mauserafd #set AFD Premium Profile already created.
groupname=PE-example #set origin group name
stgacctname=afdtestpe #set storage account name.
location=westus3 #location for Private Endpoint access from AFD.

#variables (do not change)
blobfqdn=$(echo $stgacctname.blob.core.windows.net) #blob storage account
stgacctid=$(az storage account show -g $rg -n $stgacctname --query id -o tsv)

dmauser

#vHUB effective routes
#parameters
rg=vwan-pair #Set your resource group
#variables (do not change)
#Parameter
$rg=vwan-pair
# Dump all vHUB route tables.
for vhubname in `az network vhub list -g $rg --query "[].id" -o tsv | rev | cut -d'/' -f1 | rev`
do
  for routetable in `az network vhub route-table list --vhub-name $vhubname -g $rg --query "[].id" -o tsv`

dmauser

## Firewall Policy and network rules over CLI
# Variables:


Commands to create a networking rule with Firewall Policy:

#Create firewall rules
fwpolicyname=NewPolicyTest #Firewall Policy Name
rg=FW-Policies # Set your Resource Group

dmauser

<#
The scenario below we have four URIs:
1) afduri - pointing to the frontdoor name which has WebApps backends hosted in three different Azure Regions (EastUS, WestUS and CentralUS)
2) easturi - East US WebApp
3) westuri - West US WebApp
4) centraluri - Central US WebApp

1st GOAL - When client sends a request to Azure Front Door URI it will show
2nd GOAL - Turn off primary WebApp and validate failover from one region to another.
#>

dmauser

#Dumping Service Tags IP Ranges.
# 1) Specify target region variable.
$serviceTags = Get-AzNetworkServiceTag -Location uksouth
# 2) Get all service tags that can be queried
$serviceTags.Values.Name 
# 3) Example dumping info for SQL service tag info on UK South (SQL.uksouth). You can replace with any value dumped on step 2.
$tag = $serviceTags.Values | Where-Object { $_.Name -eq "SQL.uksouth" } 
# 4) Example dumps amount of Prefixes.
$tag.Properties.AddressPrefixes.count
# 5) Example dumping all Address Spaces used by specific Serive Tag

dmauser

# ExpressRoute or VPN Virtual Network Gateway (VNG) BGP info.
$RG="<Replace>" # Add Resource Group ExpressRoute or VPN Virtual Network Gateway
$VNGName = "<Replace>" # Add ExpressRoute or VPN Gateway Name
$Peerinfo = Get-AzVirtualNetworkGatewayBGPPeerStatus -ResourceGroupName $RG -VirtualNetworkGatewayName $VNGName
#Shows Peer Connections State, Routes Received, BGP Messages send and received
$Peerinfo | Format-Table
#Shows all routes learned by Virtual Network Gateway
Get-AzVirtualNetworkGatewayLearnedRoute -ResourceGroupName $RG -VirtualNetworkGatewayName $VNGName | Format-Table
#Shows all routes advertised by Virtual Network Gateway
foreach ($Peer in $Peerinfo.Neighbor) {

dmauser

# This is a script leveraged on OnPrem DNS Integration with Private Link focusing on Conditional Forwarders.
#On DNS Server side:
#Set DNS Forwarder to INETDNS (DMZ DNS) 
Get-DnsServerForwarder
Set-DnsServerForwarder -IPAddress 192.168.0.45 # Set DMZ DNS as Forwarder
Remove-DnsServerForwarder -IPAddress 192.168.0.45 -Force | Clear-DnsServerCache -Force

#Zone: privatelink.blob.core.windows.net_
Add-DnsServerConditionalForwarderZone -Name "privatelink.blob.core.windows.net" -MasterServers 10.0.0.4 -PassThru 
Clear-DnsServerCache -Force

dmauser

#-------------------------------------------------------------------------------------
# Create Self signed root certificate
# -dnsname -DnsName domain.example.com,anothersubdomain.example.com
# -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com" 
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=RootCert" `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 4096 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `