Subscribing Gateway and Firewall Offers to Private Azure Marketplace for Aviatrix Deployments
Depending on your company’s security policies, you may need to add and subscribe to Aviatrix gateway and firewall offers in your private Azure Marketplace using PowerShell. This document explains how to use PowerShell commands to add Aviatrix gateways, firewalls, and partner firewall offers to your private Azure Marketplace.
Since our gateway images are not publicly available, you cannot subscribe to these offers directly in the Azure portal. Instead, follow the instructions below to complete the subscription process.
|
The examples in this document demonstrate Azure PowerShell commands for subscribing in the private Marketplace. Because these commands may change, always verify usage in the Azure documentation: |
Subscribing an Aviatrix Gateway Offer to Azure Private Marketplace
Prerequisites
-
Verify that the Private Azure Marketplace is enabled for your tenant.
If it is not enabled, enable it in the Azure portal. See Azure documentation for detailed steps.
By default, only Microsoft offers are available in the private Azure Marketplace.
-
Assign the Marketplace Admin role to the user account that will manage the private Azure Marketplace.
-
Create the Private Azure Marketplace if it does not already exist.
This is a one-time operation per tenant. When you create it, a single collection called "Default Collection" is automatically created. It includes all existing subscriptions in the tenant.
-
Ensure that the Azure collection you plan to use is enabled.
By default, a single collection called "Default Collection" is created. It includes all existing subscriptions in the tenant, but contains only Microsoft offers by default. You must explicitly add and approve other offers. Make sure the collection is enabled in the Azure Manage Marketplace page.
-
Identify the Azure subscription that will be used for billing resources.
Subscribing to the Aviatrix Gateway Offer
-
Log in to your Azure account using PowerShell. Use an account that has the Marketplace Admin role in your tenant.
Connect-AzAccount -
Run the following PowerShell script to subscribe to the Aviatrix Gateway offer in your private Azure Marketplace.
Where:
-
Replace
CollectionNamewith your actual collection name. If you do not have a custom collection, useDefaultCollection(no space) in PowerShell. -
Replace
OfferIdandSpecificPlanIdLimitationwith the appropriate values for your Controller’s software version. See the table below for related values.
-
# Provide Azure Private Marketplace Collection Name. By default, a collection is scoped to all subscriptions
$CollectionName="Default Collection"
if ($CollectionName -eq "Default Collection") {$CollectionName="DefaultCollection"}
# Install the Az.Marketplace module
Install-Module -Name Az.Marketplace -Confirm:$false -Force
# Get the Private Store ID
$PrivateStore = Get-AzMarketplacePrivateStore
if ($PrivateStore.Availability -ne "enabled") {
throw "Azure Private Marketplace is not enabled. Follow https://learn.microsoft.com/en-us/marketplace/create-manage-private-azure-marketplace-new#enabledisable-private-azure-marketplace to enable it"
}
$PrivateStoreId = $PrivateStore.PrivateStoreId
# Get the Collection ID
$Collection = Get-AzMarketplacePrivateStoreCollection -PrivateStoreId $PrivateStoreId | Where-Object {$_.CollectionName -eq $CollectionName}
if (!($Collection.Enabled)) {
throw "Azure Private Marketplace Collection: $CollectionName is not enabled. Follow https://learn.microsoft.com/en-us/marketplace/create-manage-private-azure-marketplace-new#enabledisable-a-collection to enable it"
}
$CollectionId = $Collection.CollectionId
# Add the offer to the private Azure Marketplace
$Params = @{
privateStoreId = $PrivateStoreId
collectionId = $CollectionId
offerId = "aviatrix-systems.aviatrix-gateway"
SpecificPlanIdLimitation = @("aviatrix-gateway-g3")
}
# Set the offer to the private Marketplace
Set-AzMarketplacePrivateStoreCollectionOffer @ParamsUse the following table for guidance:
| Release Version | Offer ID | Specific Plan ID Limitation |
|---|---|---|
>= 6.7 |
aviatrix-systems.aviatrix-companion-gateway-v10 |
aviatrix-companion-gateway-v10u |
>= 6.8 |
aviatrix-systems.aviatrix-companion-gateway-v13 |
aviatrix-companion-gateway-v13u |
>= 6.9 |
aviatrix-systems.aviatrix-companion-gateway-v15 |
aviatrix-companion-gateway-v15u-6-9 |
>= 7.0 |
aviatrix-systems.aviatrix-companion-gateway-v16 |
aviatrix-companion-gateway-v16 |
>= 7.1.3958 |
aviatrix-systems.aviatrix-gateway |
aviatrix-gateway-g3 |
The Aviatrix Gateway image has now been added to your private Azure Marketplace.
Example Code
Below is a complete example PowerShell snippet demonstrating the workflow. Replace the variables with values specific to your account.
# Replace <offer_id> and <specific_plan_id_limitation> (or sku) with appropriate values
$OfferId = "aviatrix-systems.aviatrix-gateway"
$SpecificPlanIdLimitation = "aviatrix-gateway-g3" # Example for 8.0 G3 Gateway
$CollectionName="Default Collection"
if ($CollectionName -eq "Default Collection") {$CollectionName="DefaultCollection"}
Install-Module -Name Az.Marketplace -Confirm:$false -Force
$PrivateStore = Get-AzMarketplacePrivateStore
if ($PrivateStore.Availability -ne "enabled") {
throw "Azure Private Marketplace is not enabled. Follow https://learn.microsoft.com/en-us/marketplace/create-manage-private-azure-marketplace-new#enabledisable-private-azure-marketplace to enable it"
}
$PrivateStoreId = $PrivateStore.PrivateStoreId
$Collection = Get-AzMarketplacePrivateStoreCollection -PrivateStoreId $PrivateStoreId | Where-Object {$_.CollectionName -eq $CollectionName}
if (!($Collection.Enabled)) {
throw "Azure Private Marketplace Collection: $CollectionName is not enabled. Follow https://learn.microsoft.com/en-us/marketplace/create-manage-private-azure-marketplace-new#enabledisable-a-collection to enable it"
}
$CollectionId = $Collection.CollectionId
$Params = @{
privateStoreId = $PrivateStoreId
collectionId = $CollectionId
offerId = $OfferId
SpecificPlanIdLimitation = @($SpecificPlanIdLimitation)
}
Set-AzMarketplacePrivateStoreCollectionOffer @ParamsAccepting the Marketplace Terms for the Subscription
After you have added the Aviatrix Gateway offer to your private Azure Marketplace, ensure that any subscription where you will deploy the gateway has accepted the Marketplace terms for the plan.
If your Access Account (service principal or app registration) does not have the permission (Microsoft.MarketplaceOrdering/offerTypes/publishers/offers/plans/agreements/*), you must accept the terms for the offer at the subscription level.
You can do this using PowerShell or Azure CLI:
$PublisherId = "aviatrix-systems"
$OfferId = "aviatrix-gateway"
$PlanId = "aviatrix-gateway-g3"
Set-AzMarketplaceTerms -Publisher $PublisherId -Product $OfferId -Name $PlanId -Acceptaz vm image terms accept --publisher aviatrix-systems --offer aviatrix-gateway --plan aviatrix-gateway-g3Subscribing an Aviatrix Firewall Offer to Your Private Azure Marketplace
Repeat the steps above to add a partner firewall offer to your private Azure Marketplace. Use the table below to find the correct Publisher, Offer ID, and SKU values.
| Name | Publisher | Offer ID (plan product) | SKU (plan name) |
|---|---|---|---|
PAN |
paloaltonetworks |
vmseries1, vmseries-flex |
bundle1, bundle2, byol |
Fortinet |
fortinet |
fortinet_fortigate-vm_v5 |
fortinet_fg-vm fortinet_fg-vm_payg fortinet_fg-vm_payg_20190624 |
Check Point |
checkpoint |
check-point-cg-r81, check-point-cg-r8110 |
sg-ngtp, sg-ngtx, sg-byol, mgmt-byol |
After completing these steps, you can deploy Azure firewalls from your private Azure Marketplace using the Aviatrix Controller.
Next Steps
-
In the Azure portal, onboard the service principal created under the subscription you used to add the gateway offer.
See the relevant Microsoft documentation, if needed.
-
You can now deploy Aviatrix Gateways for Azure from the Aviatrix Controller.
See Building Your Network in the Aviatrix documentation.