1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. AzureFirewall
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

azure-native.network.AzureFirewall

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.29.0 published on Friday, Feb 16, 2024 by Pulumi

    Azure Firewall resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01.

    Other available API versions: 2020-04-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01.

    Example Usage

    Create Azure Firewall

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Additional Properties

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AdditionalProperties = 
            {
                { "key1", "value1" },
                { "key2", "value2" },
            },
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			AdditionalProperties: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    				"key2": pulumi.String("value2"),
    			},
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .additionalProperties(Map.ofEntries(
                    Map.entry("key1", "value1"),
                    Map.entry("key2", "value2")
                ))
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        additional_properties={
            "key1": "value1",
            "key2": "value2",
        },
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        additionalProperties: {
            key1: "value1",
            key2: "value2",
        },
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          additionalProperties:
            key1: value1
            key2: value2
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With IpGroups

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Zones

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US 2",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[]
            {
                "1",
                "2",
                "3",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US 2"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones: pulumi.StringArray{
    				pulumi.String("1"),
    				pulumi.String("2"),
    				pulumi.String("3"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US 2")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones(            
                    "1",
                    "2",
                    "3")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US 2",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[
            "1",
            "2",
            "3",
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US 2",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [
            "1",
            "2",
            "3",
        ],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US 2
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones:
            - '1'
            - '2'
            - '3'
    

    Create Azure Firewall With management subnet

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallMgmtIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
                },
            },
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			ManagementIpConfiguration: network.AzureFirewallIPConfigurationResponse{
    				Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
    				PublicIPAddress: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
    				},
    				Subnet: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
    				},
    			},
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .managementIpConfiguration(Map.ofEntries(
                    Map.entry("name", "azureFirewallMgmtIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"))
                ))
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        management_ip_configuration=azure_native.network.AzureFirewallIPConfigurationResponseArgs(
            name="azureFirewallMgmtIpConfiguration",
            public_ip_address=azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            ),
            subnet=azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            ),
        ),
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        managementIpConfiguration: {
            name: "azureFirewallMgmtIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          managementIpConfiguration:
            name: azureFirewallMgmtIpConfiguration
            publicIPAddress:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
            subnet:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall in virtual Hub

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AzureFirewallName = "azurefirewall",
            FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
            },
            HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
            {
                PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
                {
                    Addresses = new[] {},
                    Count = 1,
                },
            },
            Location = "West US",
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_Hub",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
            },
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    _, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    AzureFirewallName: pulumi.String("azurefirewall"),
    FirewallPolicy: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"),
    },
    HubIPAddresses: network.HubIPAddressesResponse{
    PublicIPs: interface{}{
    Addresses: network.AzureFirewallPublicIPAddressArray{
    },
    Count: pulumi.Int(1),
    },
    },
    Location: pulumi.String("West US"),
    ResourceGroupName: pulumi.String("rg1"),
    Sku: &network.AzureFirewallSkuArgs{
    Name: pulumi.String("AZFW_Hub"),
    Tier: pulumi.String("Standard"),
    },
    Tags: pulumi.StringMap{
    "key1": pulumi.String("value1"),
    },
    ThreatIntelMode: pulumi.String("Alert"),
    VirtualHub: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"),
    },
    Zones: pulumi.StringArray{
    },
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .azureFirewallName("azurefirewall")
                .firewallPolicy(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"))
                .hubIPAddresses(Map.of("publicIPs", Map.ofEntries(
                    Map.entry("addresses", ),
                    Map.entry("count", 1)
                )))
                .location("West US")
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_Hub"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .virtualHub(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"))
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        azure_firewall_name="azurefirewall",
        firewall_policy=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        ),
        hub_ip_addresses=azure_native.network.HubIPAddressesResponseArgs(
            public_ips={
                "addresses": [],
                "count": 1,
            },
        ),
        location="West US",
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_Hub",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        virtual_hub=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        ),
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        azureFirewallName: "azurefirewall",
        firewallPolicy: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        hubIPAddresses: {
            publicIPs: {
                addresses: [],
                count: 1,
            },
        },
        location: "West US",
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_Hub",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        virtualHub: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          azureFirewallName: azurefirewall
          firewallPolicy:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
          hubIPAddresses:
            publicIPs:
              addresses: []
              count: 1
          location: West US
          resourceGroupName: rg1
          sku:
            name: AZFW_Hub
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          virtualHub:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
          zones: []
    

    Create AzureFirewall Resource

    new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);
    @overload
    def AzureFirewall(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      additional_properties: Optional[Mapping[str, str]] = None,
                      application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
                      azure_firewall_name: Optional[str] = None,
                      firewall_policy: Optional[SubResourceArgs] = None,
                      hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
                      id: Optional[str] = None,
                      ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
                      location: Optional[str] = None,
                      management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
                      nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
                      network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
                      resource_group_name: Optional[str] = None,
                      sku: Optional[AzureFirewallSkuArgs] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                      virtual_hub: Optional[SubResourceArgs] = None,
                      zones: Optional[Sequence[str]] = None)
    @overload
    def AzureFirewall(resource_name: str,
                      args: AzureFirewallArgs,
                      opts: Optional[ResourceOptions] = None)
    func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)
    public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
    public AzureFirewall(String name, AzureFirewallArgs args)
    public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
    
    type: azure-native:network:AzureFirewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AzureFirewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AzureFirewall resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group.
    AdditionalProperties Dictionary<string, string>
    The additional properties used to further config this azure firewall.
    ApplicationRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollection>
    Collection of application rule collections used by Azure Firewall.
    AzureFirewallName string
    The name of the Azure Firewall.
    FirewallPolicy Pulumi.AzureNative.Network.Inputs.SubResource
    The firewallPolicy associated with this azure firewall.
    HubIPAddresses Pulumi.AzureNative.Network.Inputs.HubIPAddresses
    IP addresses associated with AzureFirewall.
    Id string
    Resource ID.
    IpConfigurations List<Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration>
    IP configuration of the Azure Firewall resource.
    Location string
    Resource location.
    ManagementIpConfiguration Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    NatRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleCollection>
    Collection of NAT rule collections used by Azure Firewall.
    NetworkRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollection>
    Collection of network rule collections used by Azure Firewall.
    Sku Pulumi.AzureNative.Network.Inputs.AzureFirewallSku
    The Azure Firewall Resource SKU.
    Tags Dictionary<string, string>
    Resource tags.
    ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    VirtualHub Pulumi.AzureNative.Network.Inputs.SubResource
    The virtualHub to which the firewall belongs.
    Zones List<string>
    A list of availability zones denoting where the resource needs to come from.
    ResourceGroupName string
    The name of the resource group.
    AdditionalProperties map[string]string
    The additional properties used to further config this azure firewall.
    ApplicationRuleCollections []AzureFirewallApplicationRuleCollectionArgs
    Collection of application rule collections used by Azure Firewall.
    AzureFirewallName string
    The name of the Azure Firewall.
    FirewallPolicy SubResourceArgs
    The firewallPolicy associated with this azure firewall.
    HubIPAddresses HubIPAddressesArgs
    IP addresses associated with AzureFirewall.
    Id string
    Resource ID.
    IpConfigurations []AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall resource.
    Location string
    Resource location.
    ManagementIpConfiguration AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall used for management traffic.
    NatRuleCollections []AzureFirewallNatRuleCollectionArgs
    Collection of NAT rule collections used by Azure Firewall.
    NetworkRuleCollections []AzureFirewallNetworkRuleCollectionArgs
    Collection of network rule collections used by Azure Firewall.
    Sku AzureFirewallSkuArgs
    The Azure Firewall Resource SKU.
    Tags map[string]string
    Resource tags.
    ThreatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    VirtualHub SubResourceArgs
    The virtualHub to which the firewall belongs.
    Zones []string
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName String
    The name of the resource group.
    additionalProperties Map<String,String>
    The additional properties used to further config this azure firewall.
    applicationRuleCollections List<AzureFirewallApplicationRuleCollection>
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName String
    The name of the Azure Firewall.
    firewallPolicy SubResource
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses HubIPAddresses
    IP addresses associated with AzureFirewall.
    id String
    Resource ID.
    ipConfigurations List<AzureFirewallIPConfiguration>
    IP configuration of the Azure Firewall resource.
    location String
    Resource location.
    managementIpConfiguration AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections List<AzureFirewallNatRuleCollection>
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections List<AzureFirewallNetworkRuleCollection>
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSku
    The Azure Firewall Resource SKU.
    tags Map<String,String>
    Resource tags.
    threatIntelMode String | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtualHub SubResource
    The virtualHub to which the firewall belongs.
    zones List<String>
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName string
    The name of the resource group.
    additionalProperties {[key: string]: string}
    The additional properties used to further config this azure firewall.
    applicationRuleCollections AzureFirewallApplicationRuleCollection[]
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName string
    The name of the Azure Firewall.
    firewallPolicy SubResource
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses HubIPAddresses
    IP addresses associated with AzureFirewall.
    id string
    Resource ID.
    ipConfigurations AzureFirewallIPConfiguration[]
    IP configuration of the Azure Firewall resource.
    location string
    Resource location.
    managementIpConfiguration AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections AzureFirewallNatRuleCollection[]
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections AzureFirewallNetworkRuleCollection[]
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSku
    The Azure Firewall Resource SKU.
    tags {[key: string]: string}
    Resource tags.
    threatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtualHub SubResource
    The virtualHub to which the firewall belongs.
    zones string[]
    A list of availability zones denoting where the resource needs to come from.
    resource_group_name str
    The name of the resource group.
    additional_properties Mapping[str, str]
    The additional properties used to further config this azure firewall.
    application_rule_collections Sequence[AzureFirewallApplicationRuleCollectionArgs]
    Collection of application rule collections used by Azure Firewall.
    azure_firewall_name str
    The name of the Azure Firewall.
    firewall_policy SubResourceArgs
    The firewallPolicy associated with this azure firewall.
    hub_ip_addresses HubIPAddressesArgs
    IP addresses associated with AzureFirewall.
    id str
    Resource ID.
    ip_configurations Sequence[AzureFirewallIPConfigurationArgs]
    IP configuration of the Azure Firewall resource.
    location str
    Resource location.
    management_ip_configuration AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall used for management traffic.
    nat_rule_collections Sequence[AzureFirewallNatRuleCollectionArgs]
    Collection of NAT rule collections used by Azure Firewall.
    network_rule_collections Sequence[AzureFirewallNetworkRuleCollectionArgs]
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSkuArgs
    The Azure Firewall Resource SKU.
    tags Mapping[str, str]
    Resource tags.
    threat_intel_mode str | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtual_hub SubResourceArgs
    The virtualHub to which the firewall belongs.
    zones Sequence[str]
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName String
    The name of the resource group.
    additionalProperties Map<String>
    The additional properties used to further config this azure firewall.
    applicationRuleCollections List<Property Map>
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName String
    The name of the Azure Firewall.
    firewallPolicy Property Map
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses Property Map
    IP addresses associated with AzureFirewall.
    id String
    Resource ID.
    ipConfigurations List<Property Map>
    IP configuration of the Azure Firewall resource.
    location String
    Resource location.
    managementIpConfiguration Property Map
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections List<Property Map>
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections List<Property Map>
    Collection of network rule collections used by Azure Firewall.
    sku Property Map
    The Azure Firewall Resource SKU.
    tags Map<String>
    Resource tags.
    threatIntelMode String | "Alert" | "Deny" | "Off"
    The operation mode for Threat Intelligence.
    virtualHub Property Map
    The virtualHub to which the firewall belongs.
    zones List<String>
    A list of availability zones denoting where the resource needs to come from.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    IpGroups List<Pulumi.AzureNative.Network.Outputs.AzureFirewallIpGroupsResponse>
    IpGroups associated with AzureFirewall.
    Name string
    Resource name.
    ProvisioningState string
    The provisioning state of the Azure firewall resource.
    Type string
    Resource type.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    IpGroups []AzureFirewallIpGroupsResponse
    IpGroups associated with AzureFirewall.
    Name string
    Resource name.
    ProvisioningState string
    The provisioning state of the Azure firewall resource.
    Type string
    Resource type.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    id String
    The provider-assigned unique ID for this managed resource.
    ipGroups List<AzureFirewallIpGroupsResponse>
    IpGroups associated with AzureFirewall.
    name String
    Resource name.
    provisioningState String
    The provisioning state of the Azure firewall resource.
    type String
    Resource type.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    id string
    The provider-assigned unique ID for this managed resource.
    ipGroups AzureFirewallIpGroupsResponse[]
    IpGroups associated with AzureFirewall.
    name string
    Resource name.
    provisioningState string
    The provisioning state of the Azure firewall resource.
    type string
    Resource type.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    id str
    The provider-assigned unique ID for this managed resource.
    ip_groups Sequence[AzureFirewallIpGroupsResponse]
    IpGroups associated with AzureFirewall.
    name str
    Resource name.
    provisioning_state str
    The provisioning state of the Azure firewall resource.
    type str
    Resource type.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    id String
    The provider-assigned unique ID for this managed resource.
    ipGroups List<Property Map>
    IpGroups associated with AzureFirewall.
    name String
    Resource name.
    provisioningState String
    The provisioning state of the Azure firewall resource.
    type String
    Resource type.

    Supporting Types

    AzureFirewallApplicationRule, AzureFirewallApplicationRuleArgs

    Description string
    Description of the rule.
    FqdnTags List<string>
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocol>
    Array of ApplicationRuleProtocols.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    TargetFqdns List<string>
    List of FQDNs for this rule.
    Description string
    Description of the rule.
    FqdnTags []string
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols []AzureFirewallApplicationRuleProtocol
    Array of ApplicationRuleProtocols.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    TargetFqdns []string
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<AzureFirewallApplicationRuleProtocol>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.
    description string
    Description of the rule.
    fqdnTags string[]
    List of FQDN Tags for this rule.
    name string
    Name of the application rule.
    protocols AzureFirewallApplicationRuleProtocol[]
    Array of ApplicationRuleProtocols.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    targetFqdns string[]
    List of FQDNs for this rule.
    description str
    Description of the rule.
    fqdn_tags Sequence[str]
    List of FQDN Tags for this rule.
    name str
    Name of the application rule.
    protocols Sequence[AzureFirewallApplicationRuleProtocol]
    Array of ApplicationRuleProtocols.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    target_fqdns Sequence[str]
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<Property Map>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.

    AzureFirewallApplicationRuleCollection, AzureFirewallApplicationRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRule>
    Collection of rules used by a application rule collection.
    Action AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules []AzureFirewallApplicationRule
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the application rule collection resource.
    rules List<AzureFirewallApplicationRule>
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the application rule collection resource.
    rules AzureFirewallApplicationRule[]
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the application rule collection resource.
    rules Sequence[AzureFirewallApplicationRule]
    Collection of rules used by a application rule collection.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the application rule collection resource.
    rules List<Property Map>
    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleCollectionResponse, AzureFirewallApplicationRuleCollectionResponseArgs

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the application rule collection resource.
    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleResponse>
    Collection of rules used by a application rule collection.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the application rule collection resource.
    Action AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules []AzureFirewallApplicationRuleResponse
    Collection of rules used by a application rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the application rule collection resource.
    rules List<AzureFirewallApplicationRuleResponse>
    Collection of rules used by a application rule collection.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    provisioningState string
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the application rule collection resource.
    rules AzureFirewallApplicationRuleResponse[]
    Collection of rules used by a application rule collection.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    provisioning_state str
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the application rule collection resource.
    rules Sequence[AzureFirewallApplicationRuleResponse]
    Collection of rules used by a application rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the application rule collection resource.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the application rule collection resource.
    rules List<Property Map>
    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleProtocol, AzureFirewallApplicationRuleProtocolArgs

    Port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    ProtocolType string | Pulumi.AzureNative.Network.AzureFirewallApplicationRuleProtocolType
    Protocol type.
    Port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    ProtocolType string | AzureFirewallApplicationRuleProtocolType
    Protocol type.
    port Integer
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType String | AzureFirewallApplicationRuleProtocolType
    Protocol type.
    port number
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType string | AzureFirewallApplicationRuleProtocolType
    Protocol type.
    port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocol_type str | AzureFirewallApplicationRuleProtocolType
    Protocol type.
    port Number
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType String | "Http" | "Https" | "Mssql"
    Protocol type.

    AzureFirewallApplicationRuleProtocolResponse, AzureFirewallApplicationRuleProtocolResponseArgs

    Port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    ProtocolType string
    Protocol type.
    Port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    ProtocolType string
    Protocol type.
    port Integer
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType String
    Protocol type.
    port number
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType string
    Protocol type.
    port int
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocol_type str
    Protocol type.
    port Number
    Port number for the protocol, cannot be greater than 64000. This field is optional.
    protocolType String
    Protocol type.

    AzureFirewallApplicationRuleProtocolType, AzureFirewallApplicationRuleProtocolTypeArgs

    Http
    Http
    Https
    Https
    Mssql
    Mssql
    AzureFirewallApplicationRuleProtocolTypeHttp
    Http
    AzureFirewallApplicationRuleProtocolTypeHttps
    Https
    AzureFirewallApplicationRuleProtocolTypeMssql
    Mssql
    Http
    Http
    Https
    Https
    Mssql
    Mssql
    Http
    Http
    Https
    Https
    Mssql
    Mssql
    HTTP
    Http
    HTTPS
    Https
    MSSQL
    Mssql
    "Http"
    Http
    "Https"
    Https
    "Mssql"
    Mssql

    AzureFirewallApplicationRuleResponse, AzureFirewallApplicationRuleResponseArgs

    Description string
    Description of the rule.
    FqdnTags List<string>
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolResponse>
    Array of ApplicationRuleProtocols.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    TargetFqdns List<string>
    List of FQDNs for this rule.
    Description string
    Description of the rule.
    FqdnTags []string
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols []AzureFirewallApplicationRuleProtocolResponse
    Array of ApplicationRuleProtocols.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    TargetFqdns []string
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<AzureFirewallApplicationRuleProtocolResponse>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.
    description string
    Description of the rule.
    fqdnTags string[]
    List of FQDN Tags for this rule.
    name string
    Name of the application rule.
    protocols AzureFirewallApplicationRuleProtocolResponse[]
    Array of ApplicationRuleProtocols.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    targetFqdns string[]
    List of FQDNs for this rule.
    description str
    Description of the rule.
    fqdn_tags Sequence[str]
    List of FQDN Tags for this rule.
    name str
    Name of the application rule.
    protocols Sequence[AzureFirewallApplicationRuleProtocolResponse]
    Array of ApplicationRuleProtocols.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    target_fqdns Sequence[str]
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<Property Map>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.

    AzureFirewallIPConfiguration, AzureFirewallIPConfigurationArgs

    Id string
    Resource ID.
    Name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResource
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    Subnet Pulumi.AzureNative.Network.Inputs.SubResource
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    Id string
    Resource ID.
    Name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    PublicIPAddress SubResource
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    Subnet SubResource
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    id String
    Resource ID.
    name String
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress SubResource
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResource
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    id string
    Resource ID.
    name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress SubResource
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResource
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    id str
    Resource ID.
    name str
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    public_ip_address SubResource
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResource
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    id String
    Resource ID.
    name String
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress Property Map
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet Property Map
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    AzureFirewallIPConfigurationResponse, AzureFirewallIPConfigurationResponseArgs

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    PrivateIPAddress string
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    ProvisioningState string
    The provisioning state of the Azure firewall IP configuration resource.
    Type string
    Type of the resource.
    Id string
    Resource ID.
    Name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResourceResponse
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    Subnet Pulumi.AzureNative.Network.Inputs.SubResourceResponse
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    PrivateIPAddress string
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    ProvisioningState string
    The provisioning state of the Azure firewall IP configuration resource.
    Type string
    Type of the resource.
    Id string
    Resource ID.
    Name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    PublicIPAddress SubResourceResponse
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    Subnet SubResourceResponse
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    privateIPAddress String
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    provisioningState String
    The provisioning state of the Azure firewall IP configuration resource.
    type String
    Type of the resource.
    id String
    Resource ID.
    name String
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress SubResourceResponse
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResourceResponse
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    privateIPAddress string
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    provisioningState string
    The provisioning state of the Azure firewall IP configuration resource.
    type string
    Type of the resource.
    id string
    Resource ID.
    name string
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress SubResourceResponse
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResourceResponse
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    private_ip_address str
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    provisioning_state str
    The provisioning state of the Azure firewall IP configuration resource.
    type str
    Type of the resource.
    id str
    Resource ID.
    name str
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    public_ip_address SubResourceResponse
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet SubResourceResponse
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    privateIPAddress String
    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
    provisioningState String
    The provisioning state of the Azure firewall IP configuration resource.
    type String
    Type of the resource.
    id String
    Resource ID.
    name String
    Name of the resource that is unique within a resource group. This name can be used to access the resource.
    publicIPAddress Property Map
    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
    subnet Property Map
    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    AzureFirewallIpGroupsResponse, AzureFirewallIpGroupsResponseArgs

    ChangeNumber string
    The iteration number.
    Id string
    Resource ID.
    ChangeNumber string
    The iteration number.
    Id string
    Resource ID.
    changeNumber String
    The iteration number.
    id String
    Resource ID.
    changeNumber string
    The iteration number.
    id string
    Resource ID.
    change_number str
    The iteration number.
    id str
    Resource ID.
    changeNumber String
    The iteration number.
    id String
    Resource ID.

    AzureFirewallNatRCAction, AzureFirewallNatRCActionArgs

    Type string | AzureFirewallNatRCActionType
    The type of action.
    type String | AzureFirewallNatRCActionType
    The type of action.
    type string | AzureFirewallNatRCActionType
    The type of action.
    type str | AzureFirewallNatRCActionType
    The type of action.
    type String | "Snat" | "Dnat"
    The type of action.

    AzureFirewallNatRCActionResponse, AzureFirewallNatRCActionResponseArgs

    Type string
    The type of action.
    Type string
    The type of action.
    type String
    The type of action.
    type string
    The type of action.
    type str
    The type of action.
    type String
    The type of action.

    AzureFirewallNatRCActionType, AzureFirewallNatRCActionTypeArgs

    Snat
    Snat
    Dnat
    Dnat
    AzureFirewallNatRCActionTypeSnat
    Snat
    AzureFirewallNatRCActionTypeDnat
    Dnat
    Snat
    Snat
    Dnat
    Dnat
    Snat
    Snat
    Dnat
    Dnat
    SNAT
    Snat
    DNAT
    Dnat
    "Snat"
    Snat
    "Dnat"
    Dnat

    AzureFirewallNatRule, AzureFirewallNatRuleArgs

    Description string
    Description of the rule.
    DestinationAddresses List<string>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    DestinationPorts List<string>
    List of destination ports.
    Name string
    Name of the NAT rule.
    Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    TranslatedAddress string
    The translated address for this NAT rule.
    TranslatedFqdn string
    The translated FQDN for this NAT rule.
    TranslatedPort string
    The translated port for this NAT rule.
    Description string
    Description of the rule.
    DestinationAddresses []string
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    DestinationPorts []string
    List of destination ports.
    Name string
    Name of the NAT rule.
    Protocols []string
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    TranslatedAddress string
    The translated address for this NAT rule.
    TranslatedFqdn string
    The translated FQDN for this NAT rule.
    TranslatedPort string
    The translated port for this NAT rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the NAT rule.
    protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    translatedAddress String
    The translated address for this NAT rule.
    translatedFqdn String
    The translated FQDN for this NAT rule.
    translatedPort String
    The translated port for this NAT rule.
    description string
    Description of the rule.
    destinationAddresses string[]
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts string[]
    List of destination ports.
    name string
    Name of the NAT rule.
    protocols (string | AzureFirewallNetworkRuleProtocol)[]
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    translatedAddress string
    The translated address for this NAT rule.
    translatedFqdn string
    The translated FQDN for this NAT rule.
    translatedPort string
    The translated port for this NAT rule.
    description str
    Description of the rule.
    destination_addresses Sequence[str]
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destination_ports Sequence[str]
    List of destination ports.
    name str
    Name of the NAT rule.
    protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    translated_address str
    The translated address for this NAT rule.
    translated_fqdn str
    The translated FQDN for this NAT rule.
    translated_port str
    The translated port for this NAT rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the NAT rule.
    protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    translatedAddress String
    The translated address for this NAT rule.
    translatedFqdn String
    The translated FQDN for this NAT rule.
    translatedPort String
    The translated port for this NAT rule.

    AzureFirewallNatRuleCollection, AzureFirewallNatRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCAction
    The action type of a NAT rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the NAT rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRule>
    Collection of rules used by a NAT rule collection.
    Action AzureFirewallNatRCAction
    The action type of a NAT rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the NAT rule collection resource.
    Rules []AzureFirewallNatRule
    Collection of rules used by a NAT rule collection.
    action AzureFirewallNatRCAction
    The action type of a NAT rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the NAT rule collection resource.
    rules List<AzureFirewallNatRule>
    Collection of rules used by a NAT rule collection.
    action AzureFirewallNatRCAction
    The action type of a NAT rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the NAT rule collection resource.
    rules AzureFirewallNatRule[]
    Collection of rules used by a NAT rule collection.
    action AzureFirewallNatRCAction
    The action type of a NAT rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the NAT rule collection resource.
    rules Sequence[AzureFirewallNatRule]
    Collection of rules used by a NAT rule collection.
    action Property Map
    The action type of a NAT rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the NAT rule collection resource.
    rules List<Property Map>
    Collection of rules used by a NAT rule collection.

    AzureFirewallNatRuleCollectionResponse, AzureFirewallNatRuleCollectionResponseArgs

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the NAT rule collection resource.
    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCActionResponse
    The action type of a NAT rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the NAT rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleResponse>
    Collection of rules used by a NAT rule collection.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the NAT rule collection resource.
    Action AzureFirewallNatRCActionResponse
    The action type of a NAT rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the NAT rule collection resource.
    Rules []AzureFirewallNatRuleResponse
    Collection of rules used by a NAT rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the NAT rule collection resource.
    action AzureFirewallNatRCActionResponse
    The action type of a NAT rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the NAT rule collection resource.
    rules List<AzureFirewallNatRuleResponse>
    Collection of rules used by a NAT rule collection.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    provisioningState string
    The provisioning state of the NAT rule collection resource.
    action AzureFirewallNatRCActionResponse
    The action type of a NAT rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the NAT rule collection resource.
    rules AzureFirewallNatRuleResponse[]
    Collection of rules used by a NAT rule collection.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    provisioning_state str
    The provisioning state of the NAT rule collection resource.
    action AzureFirewallNatRCActionResponse
    The action type of a NAT rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the NAT rule collection resource.
    rules Sequence[AzureFirewallNatRuleResponse]
    Collection of rules used by a NAT rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the NAT rule collection resource.
    action Property Map
    The action type of a NAT rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the NAT rule collection resource.
    rules List<Property Map>
    Collection of rules used by a NAT rule collection.

    AzureFirewallNatRuleResponse, AzureFirewallNatRuleResponseArgs

    Description string
    Description of the rule.
    DestinationAddresses List<string>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    DestinationPorts List<string>
    List of destination ports.
    Name string
    Name of the NAT rule.
    Protocols List<string>
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    TranslatedAddress string
    The translated address for this NAT rule.
    TranslatedFqdn string
    The translated FQDN for this NAT rule.
    TranslatedPort string
    The translated port for this NAT rule.
    Description string
    Description of the rule.
    DestinationAddresses []string
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    DestinationPorts []string
    List of destination ports.
    Name string
    Name of the NAT rule.
    Protocols []string
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    TranslatedAddress string
    The translated address for this NAT rule.
    TranslatedFqdn string
    The translated FQDN for this NAT rule.
    TranslatedPort string
    The translated port for this NAT rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the NAT rule.
    protocols List<String>
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    translatedAddress String
    The translated address for this NAT rule.
    translatedFqdn String
    The translated FQDN for this NAT rule.
    translatedPort String
    The translated port for this NAT rule.
    description string
    Description of the rule.
    destinationAddresses string[]
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts string[]
    List of destination ports.
    name string
    Name of the NAT rule.
    protocols string[]
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    translatedAddress string
    The translated address for this NAT rule.
    translatedFqdn string
    The translated FQDN for this NAT rule.
    translatedPort string
    The translated port for this NAT rule.
    description str
    Description of the rule.
    destination_addresses Sequence[str]
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destination_ports Sequence[str]
    List of destination ports.
    name str
    Name of the NAT rule.
    protocols Sequence[str]
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    translated_address str
    The translated address for this NAT rule.
    translated_fqdn str
    The translated FQDN for this NAT rule.
    translated_port str
    The translated port for this NAT rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the NAT rule.
    protocols List<String>
    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    translatedAddress String
    The translated address for this NAT rule.
    translatedFqdn String
    The translated FQDN for this NAT rule.
    translatedPort String
    The translated port for this NAT rule.

    AzureFirewallNetworkRule, AzureFirewallNetworkRuleArgs

    Description string
    Description of the rule.
    DestinationAddresses List<string>
    List of destination IP addresses.
    DestinationFqdns List<string>
    List of destination FQDNs.
    DestinationIpGroups List<string>
    List of destination IpGroups for this rule.
    DestinationPorts List<string>
    List of destination ports.
    Name string
    Name of the network rule.
    Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>
    Array of AzureFirewallNetworkRuleProtocols.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    Description string
    Description of the rule.
    DestinationAddresses []string
    List of destination IP addresses.
    DestinationFqdns []string
    List of destination FQDNs.
    DestinationIpGroups []string
    List of destination IpGroups for this rule.
    DestinationPorts []string
    List of destination ports.
    Name string
    Name of the network rule.
    Protocols []string
    Array of AzureFirewallNetworkRuleProtocols.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses.
    destinationFqdns List<String>
    List of destination FQDNs.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the network rule.
    protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>
    Array of AzureFirewallNetworkRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    description string
    Description of the rule.
    destinationAddresses string[]
    List of destination IP addresses.
    destinationFqdns string[]
    List of destination FQDNs.
    destinationIpGroups string[]
    List of destination IpGroups for this rule.
    destinationPorts string[]
    List of destination ports.
    name string
    Name of the network rule.
    protocols (string | AzureFirewallNetworkRuleProtocol)[]
    Array of AzureFirewallNetworkRuleProtocols.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    description str
    Description of the rule.
    destination_addresses Sequence[str]
    List of destination IP addresses.
    destination_fqdns Sequence[str]
    List of destination FQDNs.
    destination_ip_groups Sequence[str]
    List of destination IpGroups for this rule.
    destination_ports Sequence[str]
    List of destination ports.
    name str
    Name of the network rule.
    protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]
    Array of AzureFirewallNetworkRuleProtocols.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    description String
    Description of the rule.
    destinationAddresses List<String>
    List of destination IP addresses.
    destinationFqdns List<String>
    List of destination FQDNs.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports.
    name String
    Name of the network rule.
    protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
    Array of AzureFirewallNetworkRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.

    AzureFirewallNetworkRuleCollection, AzureFirewallNetworkRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the network rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRule>
    Collection of rules used by a network rule collection.
    Action AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the network rule collection resource.
    Rules []AzureFirewallNetworkRule
    Collection of rules used by a network rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the network rule collection resource.
    rules List<AzureFirewallNetworkRule>
    Collection of rules used by a network rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the network rule collection resource.
    rules AzureFirewallNetworkRule[]
    Collection of rules used by a network rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the network rule collection resource.
    rules Sequence[AzureFirewallNetworkRule]
    Collection of rules used by a network rule collection.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the network rule collection resource.
    rules List<Property Map>
    Collection of rules used by a network rule collection.

    AzureFirewallNetworkRuleCollectionResponse, AzureFirewallNetworkRuleCollectionResponseArgs

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the network rule collection resource.
    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the network rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleResponse>
    Collection of rules used by a network rule collection.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the network rule collection resource.
    Action AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the network rule collection resource.
    Rules []AzureFirewallNetworkRuleResponse
    Collection of rules used by a network rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the network rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the network rule collection resource.
    rules List<AzureFirewallNetworkRuleResponse>
    Collection of rules used by a network rule collection.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    provisioningState string
    The provisioning state of the network rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the network rule collection resource.
    rules AzureFirewallNetworkRuleResponse[]
    Collection of rules used by a network rule collection.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    provisioning_state str
    The provisioning state of the network rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the network rule collection resource.
    rules Sequence[AzureFirewallNetworkRuleResponse]
    Collection of rules used by a network rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the network rule collection resource.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the network rule collection resource.
    rules List<Property Map>
    Collection of rules used by a network rule collection.

    AzureFirewallNetworkRuleProtocol, AzureFirewallNetworkRuleProtocolArgs

    TCP
    TCP
    UDP
    UDP
    Any
    Any
    ICMP
    ICMP
    AzureFirewallNetworkRuleProtocolTCP
    TCP
    AzureFirewallNetworkRuleProtocolUDP
    UDP
    AzureFirewallNetworkRuleProtocolAny
    Any
    AzureFirewallNetworkRuleProtocolICMP
    ICMP
    TCP
    TCP
    UDP
    UDP
    Any
    Any
    ICMP
    ICMP
    TCP
    TCP
    UDP
    UDP
    Any
    Any
    ICMP
    ICMP
    TCP
    TCP
    UDP
    UDP
    ANY
    Any
    ICMP
    ICMP
    "TCP"
    TCP
    "UDP"
    UDP
    "Any"
    Any
    "ICMP"
    ICMP

    AzureFirewallNetworkRuleResponse, AzureFirewallNetworkRuleResponseArgs