{
	"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
		"storageName": {
			"type": "string",
			"metadata": {
				"description": "Name of the storage account created to store the VM's disks.  Storage account name must be globally unique."
			},
			"defaultValue": "ENTER A GLOBALLY UNIQUE NAME HERE"
		},
		"mgmtPublicIPDns": {
			"type": "string",
			"metadata": {
				"description": "DNS Name prefix of public IP resource for Management interface of VM-Series firewall.  Name must be globally unique."
			},
			"defaultValue": "ENTER A GLOBALLY UNIQUE NAME HERE"
		},

		// NSG Settings
		"networkSecurityGroupName": {
			"type": "string",
			"defaultValue": "mgmt-nsg",
			"metadata": {
				"description": "Network Security Group Name"
			}
		},
		"networkSecurityGroupInboundIP": {
			"type": "string",
			"metadata": {
				"description": "Your source public IP address. Added to the inbound NSG on eth0 (MGMT), to restrict access to the deployment."
			},
			"defaultValue": "0.0.0.0/0"
		},

		// Availability Set Settings
		"avsetName": {
			"type": "string",
			"metadata": {
				"description": "Name of the availability set for outbound firewall"
			},
			"defaultValue": "outbound-avset"
		},

		// Storage Settings
		"storageType": {
			"type": "string",
			"allowedValues": [
				"Standard_LRS",
				"Standard_GRS",
				"Premium_LRS",
				"Standard_RAGRS"
			],
			"metadata": {
				"description": "Type of the storage account created"
			},
			"defaultValue": "Standard_LRS"
		},

		// VNet settings
		"virtualNetworkName": {
			"type": "string",
			"defaultValue": "vnet",
			"metadata": {
				"description": "Virtual Network Name"
			}
		},
		"virtualNetworkAddressPrefix": {
			"type": "string",
			"defaultValue": "10.0.0.0/16",
			"metadata": {
				"description": "CIDR for Virtual Network"
			}
		},
		"mgmtSubnetName": {
			"type": "string",
			"defaultValue": "Mgmt",
			"metadata": {
				"description": "Subnet for Management Network"
			}
		},
		"mgmtSubnetPrefix": {
			"type": "string",
			"defaultValue": "10.0.0.0/24",
			"metadata": {
				"description": "CIDR for Management Network"
			}
		},
		"untrustedSubnetName": {
			"type": "string",
			"defaultValue": "Untrust",
			"metadata": {
				"description": "Subnet for Untrusted Network"
			}
		},
		"untrustedSubnetPrefix": {
			"type": "string",
			"defaultValue": "10.0.1.0/24",
			"metadata": {
				"description": "CIDR for Untrusted Network"
			}
		},
		"trustedSubnetName": {
			"type": "string",
			"defaultValue": "Trust",
			"metadata": {
				"description": "Subnet for Trusted Network"
			}
		},
		"trustedSubnetPrefix": {
			"type": "string",
			"defaultValue": "10.0.2.0/24",
			"metadata": {
				"description": "CIDR for Trusted Network"
			}
		},
		"backendSubnetName": {
			"type": "string",
			"defaultValue": "Backend",
			"metadata": {
				"description": "Subnet for Backend WWW Network"
			}
		},
		"backendSubnetPrefix": {
			"type": "string",
			"defaultValue": "10.0.3.0/24",
			"metadata": {
				"description": "CIDR for Backend WWW Network"
			}
		},

		// Pip setttings
		"mgmtPublicIPName": {
			"type": "string",
			"metadata": {
				"description": "Name prefix of public IP resource for Management interface of VM-Series firewall."
			},
			"defaultValue": "mgmt-pip"
		},
		
		// Load Balancers setttings
		"loadBalancerName": {
			"type": "string",
			"metadata": {
				"description": "Name for the outbound load balancer resource."
			},
			"defaultValue": "outbound-lb"
		},
		"routeTableName": {
			"type": "string",
			"defaultValue": "routes-rt",
			"metadata": {
				"description": "This is the name of the route table"
			}
		},


		// VM settings
		"firewallModel": {
			"type": "string",
			"defaultValue": "byol",
			"allowedValues": [
				"byol",
				"bundle1",
				"bundle2"
			],
			"metadata": {
				"description": "byol = Bring Your Own License; bundle1 = Bundle 1 PAYG (Hourly); bundle2 = Bundle 2 PAYG (Hourly)"
			}
		},
		"firewallVmName": {
			"type": "string",
			"metadata": {
				"description": "Name prefix of VM-Series VM in the Azure portal"
			},
			"defaultValue": "series-vm"
		},
		"firewallVmSize": {
			"type": "string",
			"allowedValues": [
				"Standard_D3",
				"Standard_D4",
				"Standard_D3_v2",
				"Standard_D4_v2",
				"Standard_D5_v2",
				"Standard_D14_v2",
				"Standard_A4"
			],
			"metadata": {
				"description": "Azure VM size for VM-Series"
			},
			"defaultValue": "Standard_D3_v2"
		},
		"authenticationType": {
			"type": "string",
			"metadata": {
				"description": "Type of administrator user authentication "
			},
			"allowedValues": [
				"sshPublicKey",
				"password"
			],
			"defaultValue": "password"
		},
		"username": {
			"type": "string",
			"defaultValue": "AdminUser",
			"metadata": {
				"description": "Username of the administrator account of VM instances"
			}
		},
		"password": {
			"type": "securestring",
			"defaultValue": "P@ssword1234",
			"metadata": {
				"description": "Password for the administrator account of all VM instances. Must be specified if Authentication Type is 'password'."
			}
		},
		"sshPublicKey": {
			"type": "string",
			"defaultValue": "",
			"metadata": {
				"description": "SSH RSA public key file as a string. Must be specified if Authentication Type is 'sshPublicKey'."
			}
		}
	},
	
	"variables": {
		"baseUrl"              : "http://raw.githubusercontent.com/fullscale180/PAN/master",
		"deployStorageURL"     : "[concat(variables('baseUrl'),'/deployStorage.json')]",
		"deployNsgURL"         : "[concat(variables('baseUrl'),'/deployNsg.json')]",
		"deployVnetURL"        : "[concat(variables('baseUrl'),'/deployVnet.json')]",
		"deployFirewallURL"    : "[concat(variables('baseUrl'),'/deployFirewall.json')]",
		"deployLoadBalancerURL": "[concat(variables('baseUrl'),'/deployLoadBalancer.json')]",

		"location"   : "[resourceGroup().location]",
		"rgname"     : "[resourceGroup().name]",
		"storageName": "[toLower(concat(parameters('storageName')))]"
	},

	"resources": [

		// Deploy Storage
		{	
			"name": "deployStorage",
			"type": "Microsoft.Resources/deployments",
			"apiVersion": "2015-01-01",
			"properties": {
				"mode": "Incremental",
				"templateLink": {
					"uri": "[variables('deployStorageURL')]",
					"contentVersion": "1.0.0.0"
				},
				"parameters": {
					"location": {
						"value": "[variables('location')]"
					},
					"storageType": {
						"value": "[parameters('storageType')]"
					},
					"storageName": {
						"value": "[variables('storageName')]"
					}
				}
			}
		},

		// Deploy NSG
		{	
			"name": "deployNsg",
			"type": "Microsoft.Resources/deployments",
			"apiVersion": "2015-01-01",
			"properties": {
				"mode": "Incremental",
				"templateLink": {
					"uri": "[variables('deployNsgURL')]",
					"contentVersion": "1.0.0.0"
				},
				"parameters": {
					"location": {
						"value": "[variables('location')]"
					},
					"nsgName": {
						"value": "[parameters('networkSecurityGroupName')]"
					},
					"srcIPInboundNSG": {
						"value": "[parameters('networkSecurityGroupInboundIP')]"
					},
					"virtualNetworkAddressPrefix": {
						"value": "[parameters('virtualNetworkAddressPrefix')]"
					}
				}
			}
		},

		// Deploy VNet
		{	
			"name": "deployVnet",
			"type": "Microsoft.Resources/deployments",
			"apiVersion": "2015-01-01",
			"dependsOn": [
				"Microsoft.Resources/deployments/deployNsg"
			],
			"properties": {
				"mode": "Incremental",
				"templateLink": {
					"uri": "[variables('deployVnetURL')]",
					"contentVersion": "1.0.0.0"
				},
				"parameters": {
					"nsgName": {
						"value": "[parameters('networkSecurityGroupName')]"
					},
					"virtualNetworkName": {
						"value": "[parameters('virtualNetworkName')]"
					},
					"virtualNetworkAddressPrefix": {
						"value": "[parameters('virtualNetworkAddressPrefix')]"
					},
					"mgmtSubnetName": {
						"value": "[parameters('MgmtSubnetName')]"
					},
					"untrustSubnetName": {
						"value": "[parameters('untrustedSubnetName')]"
					},
					"trustSubnetName": {
						"value": "[parameters('trustedSubnetName')]"
					},
					"backendSubnetName": {
						"value": "[parameters('backendSubnetName')]"
					},
					"mgmtSubnetPrefix": {
						"value": "[parameters('mgmtSubnetPrefix')]"
					},
					"untrustSubnetPrefix": {
						"value": "[parameters('untrustedSubnetPrefix')]"
					},
					"trustSubnetPrefix": {
						"value": "[parameters('trustedSubnetPrefix')]"
					},
					"backendSubnetPrefix": {
						"value": "[parameters('backendSubnetPrefix')]"
					}
				}
			}
		},

		// Deploy outbound load balancer
		{	
			"name": "deployOutboundLoadBalancer",
			"type": "Microsoft.Resources/deployments",
			"apiVersion": "2015-01-01",
			"dependsOn": [
				"Microsoft.Resources/deployments/deployVNet"
			],
			"properties": {
				"mode": "Incremental",
				"templateLink": {
					"uri": "[variables('deployLoadBalancerURL')]",
					"contentVersion": "1.0.0.0"
				},
				"parameters": {
					"location": {
						"value": "[variables('location')]"
					},
					"virtualNetworkRG": {
						"value": "[variables('rgName')]"
					},
					"virtualNetworkName": {
						"value": "[parameters('virtualNetworkName')]"
					},
					"subnetName": {
						"value": "[parameters('trustedSubnetName')]"
					},
					"loadBalancerName": {
						"value": "[parameters('loadBalancerName')]"
					}
				}
			}
		},

		// Deploy outbound Firewall
		{	
			"name": "deployOutboundFirewall",
			"type": "Microsoft.Resources/deployments",
			"apiVersion": "2015-01-01",
			"dependsOn": [
				"Microsoft.Resources/deployments/deployStorage",
				"Microsoft.Resources/deployments/deployVNet",
				"Microsoft.Resources/deployments/deployOutboundLoadBalancer"
			],
			"properties": {
				"mode": "Incremental",
				"templateLink": {
					"uri": "[variables('deployFirewallURL')]",
					"contentVersion": "1.0.0.0"
				},
				"parameters": {
					"baseUrl": {
						"value": "[variables('baseUrl')]"
					},
					"location": {
						"value": "[variables('location')]"
					},
					"avSetName": {
						"value": "[parameters('avsetName')]"
					},
					"storageName": {
						"value": "[variables('storageName')]"
					},
					"virtualNetworkRG": {
						"value": "[variables('rgName')]"
					},
					"virtualNetworkName": {
						"value": "[parameters('virtualNetworkName')]"
					},
					"mgmtSubnetName": {
						"value": "[parameters('mgmtSubnetName')]"
					},
					"inboundSubnetName": {
						"value": "[parameters('trustedSubnetName')]"
					},
					"outboundSubnetName": {
						"value": "[parameters('untrustedSubnetName')]"
					},
					"loadBalancerName": {
						"value": "[parameters('loadBalancerName')]"
					},
					"mgmtPublicIPName": {
						"value": "[concat('out', parameters('mgmtPublicIPName'))]"
					},
					"mgmtPublicIPDns":{
						"value": "[concat('out', parameters('mgmtPublicIPDns'))]"
					},
					"virtualMachineName": {
						"value": "[concat('out', parameters('firewallVmName'))]"
					},
					"vmSize": {
						"value": "[parameters('firewallVmSize')]"
					},
					"imageSku" : {
						"value": "[parameters('firewallModel')]"
					},
					"adminUsername": {
						"value": "[parameters('username')]"
					},
					"adminPassword": {
						"value": "[parameters('password')]"
					},
					"sshKey": {
						"value": "[parameters('sshPublicKey')]"
					},
				}
			}
		},

		// Setup RouteTable
		{
			"apiVersion": "2015-06-15",
			"type": "Microsoft.Network/routeTables",
			"name": "[parameters('routeTableName')]",
			"dependsOn": [
				"Microsoft.Resources/deployments/deployOutboundLoadBalancer"
			],
			"location": "[variables('location')]",
			"properties": {
				"routes": [
					{
						"name": "Default",
						"properties": {
							"addressPrefix": "0.0.0.0/0",
							"nextHopType": "VirtualAppliance", 
							"nextHopIpAddress": "[reference('deployOutboundLoadBalancer').outputs.LoadBalancerFrontEndIp.value]"
						}
					}
				]
			}
		}

	],
	"outputs": {}
}