So now we have discussed the issue of Public IP addresses as well as concepts around Azure ARM templates.

Next step is to remove their use. Its really quite a simple process of removing entries from both the parameters.json and template.json files.

ASAv public ip json

Consider the Cisco ASAv deployment from the previous deployment.

Looking through the values a number of items relating to the devices Public IP address can be found. Luckilly Cisco used the string public to make things simple to find.

They set things like Public IP sku (Basic), Allocation method, the DNS name along with the address object name.

These values are referenced within the template.json file. Again looking at the ASAv version an excerpt is shown below

ASAv public ip json

The first section is used to describe the varibles for interactive deploymentsor if they are not specified within the parameters.json or overwridden during deploment.

Further down each one is described as a resource. This is the main section that defines the underlying Azure resource. Consider the snip shown below showing a public IP address name object, along with the Azure ARM API that is called to create the object.

Lastly, towards the bottom of the file is an area where the public IP address is bound to the network adaptor. In this case its Nic0 the ASAv’s primary interface.

I’d love to tell you there is a magic way of editing this but sadly there is not. Using a little bit of search/delete my method is to:

  1. Back all files up
  2. Identify in parameters.json any entry relating to the Public IP address.
  3. Search for those names within the deploy.json file.
  4. Remove the entries and the regions around them, remembering to keep the json formatting.
  5. Delete the entry from the parameters.json
  6. Repeat until entries are removed.
  7. Test a deployment, verifying using the Azure Activity Log for your subscription

I have successfully created these for the following infrastructure devices:

  • Cisco ASAv
  • Palo Alto NG Firewall
  • CheckPoint NGX Firewall
  • Pulse VPN appliance (used to be Juniper)
  • RSA Authentication Server
  • F5 BIG-IP

Ill add some links to some before and after examples, however be aware that the templates as well as Azure API’s could in theory change.

Good luck. As I say its not easy however is very possible.