Connect-AzAccount Select-AzSubscription -SubscriptionId '29d3ac63-5269-4613-be96-dbe5b26e8e07' New-AzResourceGroup -Name appgw-rg -Location "East US" #Create a virtual network and a subnet for the application gateway #Assign an address range for the subnet to be used for the application gateway. $gwSubnet = New-AzVirtualNetworkSubnetConfig -Name 'appgwsubnet' -AddressPrefix 10.0.0.0/24 #Assign an address range to be used for the back-end address pool. $nicSubnet = New-AzVirtualNetworkSubnetConfig -Name 'appsubnet' -AddressPrefix 10.0.2.0/24 #Create a virtual network with the subnets defined in the preceding steps. $vnet = New-AzvirtualNetwork -Name 'appgwvnet' -ResourceGroupName appgw-rg -Location "East US" -AddressPrefix 10.0.0.0/16 -Subnet $gwSubnet, $nicSubnet #Retrieve the virtual network resource and subnet resources to be used in the steps that follow. $vnet = Get-AzvirtualNetwork -Name 'appgwvnet' -ResourceGroupName appgw-rg $gwSubnet = Get-AzVirtualNetworkSubnetConfig -Name 'appgwsubnet' -VirtualNetwork $vnet $nicSubnet = Get-AzVirtualNetworkSubnetConfig -Name 'appsubnet' -VirtualNetwork $vnet #Create a public IP address for the front-end configuration $publicip = New-AzPublicIpAddress -ResourceGroupName appgw-rg -Name 'publicIP01' -Location "East US" -AllocationMethod Dynamic #Create an application gateway configuration object $gipconfig = New-AzApplicationGatewayIPConfiguration -Name 'gwconfig' -Subnet $gwSubnet #Create a front-end IP configuration $fipconfig = New-AzApplicationGatewayFrontendIPConfig -Name 'fip01' -PublicIPAddress $publicip #Configure the back-end IP address pool with the IP addresses of the back-end web servers $pool = New-AzApplicationGatewayBackendAddressPool -Name 'pool01' -BackendIPAddresses 10.0.3.11 #Configure the front-end IP port for the public IP endpoint $fp = New-AzApplicationGatewayFrontendPort -Name 'port01' -Port 443 #Configure the certificate for the application gateway. This certificate is used to decrypt and reencrypt the traffic on the application gateway $passwd = ConvertTo-SecureString "Pcidss@283489" -AsPlainText -Force $cert = New-AzApplicationGatewaySSLCertificate -Name cert01 -CertificateFile "C:\Feroz\Securities\Certificates\contosowebstores.com.cer" -Password $passwd #Create the HTTP listener for the application gateway $listener = New-AzApplicationGatewayHttpListener -Name listener01 -Protocol Https -FrontendIPConfiguration $fipconfig -FrontendPort $fp -SSLCertificate $cert #Upload the certificate to be used on the SSL-enabled back-end pool resources #$authcert = New-AzApplicationGatewayAuthenticationCertificate -Name 'allowlistcert1' -CertificateFile C:\cert.cer $trustedRootCert01 = New-AzApplicationGatewayTrustedRootCertificate -Name "test1" -CertificateFile "C:\Feroz\Securities\Certificates\contosowebstores.com.cer" #Configure the HTTP settings for the application gateway back end $poolSetting01 = New-AzApplicationGatewayBackendHttpSettings -Name “setting01” -Port 443 -Protocol Https -CookieBasedAffinity Disabled -TrustedRootCertificate $trustedRootCert01 -HostName "test1" #Create a load-balancer routing rule that configures the load balancer $rule = New-AzApplicationGatewayRequestRoutingRule -Name 'rule01' -RuleType basic -BackendHttpSettings $poolSetting -HttpListener $listener -BackendAddressPool $pool #Configure the instance size of the application gateway $sku = New-AzApplicationGatewaySku -Name Standard_Small -Tier Standard -Capacity 2 #Configure the SSL policy to be used on the application gateway $SSLPolicy = New-AzApplicationGatewaySSLPolicy -MinProtocolVersion TLSv1_2 -CipherSuite "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256" -PolicyType Custom $appgw = New-AzApplicationGateway -Name appgateway -SSLCertificates $cert -ResourceGroupName "appgw-rg" -Location "East US" -BackendAddressPools $pool -BackendHttpSettingsCollection $poolSetting01 -FrontendIpConfigurations $fipconfig -GatewayIpConfigurations $gipconfig -FrontendPorts $fp -HttpListeners $listener -RequestRoutingRules $rule -Sku $sku -SSLPolicy $SSLPolicy -TrustedRootCertificate $trustedRootCert01 -Verbose