Skip to content

Instantly share code, notes, and snippets.

View dmauser's full-sized avatar

Daniel Mauser dmauser

View GitHub Profile
@dmauser
dmauser / afd-premium-pe.azcli
Last active June 3, 2022 02:01
Azure Front Door Premimum and Private Endpoint CLI commands
#Parameters = make changes based on your needs
rg=afd-lab #set resource group
afdprofile=mauserafd #set AFD Premium Profile already created.
groupname=PE-example #set origin group name
stgacctname=afdtestpe #set storage account name.
location=westus3 #location for Private Endpoint access from AFD.
#variables (do not change)
blobfqdn=$(echo $stgacctname.blob.core.windows.net) #blob storage account
stgacctid=$(az storage account show -g $rg -n $stgacctname --query id -o tsv)
@dmauser
dmauser / vwandumproutes.azcli
Last active May 5, 2022 02:19
Dump effective routes of all vWAN Hubs route tables (AZCLI)
#vHUB effective routes
#parameters
rg=vwan-pair #Set your resource group
#variables (do not change)
#Parameter
$rg=vwan-pair
# Dump all vHUB route tables.
for vhubname in `az network vhub list -g $rg --query "[].id" -o tsv | rev | cut -d'/' -f1 | rev`
do
for routetable in `az network vhub route-table list --vhub-name $vhubname -g $rg --query "[].id" -o tsv`
@dmauser
dmauser / azfwpolicynetrule.azcli
Last active March 19, 2024 21:01
Azure Firewall Policy and adding a network rule using Azure CLI
## Firewall Policy and network rules over CLI
# Variables:
Commands to create a networking rule with Firewall Policy:
#Create firewall rules
fwpolicyname=NewPolicyTest #Firewall Policy Name
rg=FW-Policies # Set your Resource Group
@dmauser
dmauser / afdfailover.ps1
Last active October 7, 2021 17:24
azure-afd-perf-test
<#
The scenario below we have four URIs:
1) afduri - pointing to the frontdoor name which has WebApps backends hosted in three different Azure Regions (EastUS, WestUS and CentralUS)
2) easturi - East US WebApp
3) westuri - West US WebApp
4) centraluri - Central US WebApp
1st GOAL - When client sends a request to Azure Front Door URI it will show
2nd GOAL - Turn off primary WebApp and validate failover from one region to another.
#>
@dmauser
dmauser / servicetag-iprange.ps1
Last active January 12, 2021 19:43
Script dumps IP range info associated to Service Tags
#Dumping Service Tags IP Ranges.
# 1) Specify target region variable.
$serviceTags = Get-AzNetworkServiceTag -Location uksouth
# 2) Get all service tags that can be queried
$serviceTags.Values.Name
# 3) Example dumping info for SQL service tag info on UK South (SQL.uksouth). You can replace with any value dumped on step 2.
$tag = $serviceTags.Values | Where-Object { $_.Name -eq "SQL.uksouth" }
# 4) Example dumps amount of Prefixes.
$tag.Properties.AddressPrefixes.count
# 5) Example dumping all Address Spaces used by specific Serive Tag
@dmauser
dmauser / VNG-BGPInfo.ps1
Last active January 6, 2021 22:46
Dumps Azure Gateway BGP info
# ExpressRoute or VPN Virtual Network Gateway (VNG) BGP info.
$RG="<Replace>" # Add Resource Group ExpressRoute or VPN Virtual Network Gateway
$VNGName = "<Replace>" # Add ExpressRoute or VPN Gateway Name
$Peerinfo = Get-AzVirtualNetworkGatewayBGPPeerStatus -ResourceGroupName $RG -VirtualNetworkGatewayName $VNGName
#Shows Peer Connections State, Routes Received, BGP Messages send and received
$Peerinfo | Format-Table
#Shows all routes learned by Virtual Network Gateway
Get-AzVirtualNetworkGatewayLearnedRoute -ResourceGroupName $RG -VirtualNetworkGatewayName $VNGName | Format-Table
#Shows all routes advertised by Virtual Network Gateway
foreach ($Peer in $Peerinfo.Neighbor) {
# This is a script leveraged on OnPrem DNS Integration with Private Link focusing on Conditional Forwarders.
#On DNS Server side:
#Set DNS Forwarder to INETDNS (DMZ DNS)
Get-DnsServerForwarder
Set-DnsServerForwarder -IPAddress 192.168.0.45 # Set DMZ DNS as Forwarder
Remove-DnsServerForwarder -IPAddress 192.168.0.45 -Force | Clear-DnsServerCache -Force
#Zone: privatelink.blob.core.windows.net_
Add-DnsServerConditionalForwarderZone -Name "privatelink.blob.core.windows.net" -MasterServers 10.0.0.4 -PassThru
Clear-DnsServerCache -Force
@dmauser
dmauser / Powershell-Certificates-BRIEF.ps1
Last active December 7, 2022 16:54 — forked from RomelSan/Powershell-Certificates-BRIEF.ps1
Powershell Self Signed Certificate
#-------------------------------------------------------------------------------------
# Create Self signed root certificate
# -dnsname -DnsName domain.example.com,anothersubdomain.example.com
# -Subject "CN=Patti Fuller,OU=UserAccounts,DC=corp,DC=contoso,DC=com"
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=RootCert" `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 4096 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign `