1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. AzureFirewall
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

azure-native.network.AzureFirewall

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.9.0 published on Wednesday, Sep 27, 2023 by Pulumi

    Azure Firewall resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01

    Example Usage

    Create Azure Firewall

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Additional Properties

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AdditionalProperties = 
            {
                { "key1", "value1" },
                { "key2", "value2" },
            },
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			AdditionalProperties: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    				"key2": pulumi.String("value2"),
    			},
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .additionalProperties(Map.ofEntries(
                    Map.entry("key1", "value1"),
                    Map.entry("key2", "value2")
                ))
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        additional_properties={
            "key1": "value1",
            "key2": "value2",
        },
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        additionalProperties: {
            key1: "value1",
            key2: "value2",
        },
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          additionalProperties:
            key1: value1
            key2: value2
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With IpGroups

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Zones

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US 2",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[]
            {
                "1",
                "2",
                "3",
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US 2"),
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones: pulumi.StringArray{
    				pulumi.String("1"),
    				pulumi.String("2"),
    				pulumi.String("3"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US 2")
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones(            
                    "1",
                    "2",
                    "3")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US 2",
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[
            "1",
            "2",
            "3",
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US 2",
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [
            "1",
            "2",
            "3",
        ],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US 2
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones:
            - '1'
            - '2'
            - '3'
    

    Create Azure Firewall With management subnet

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = "Https",
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallMgmtIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
                },
            },
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = "Dnat",
                    },
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = "Deny",
                    },
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                "TCP",
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_VNet",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String("Https"),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
    				{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: {
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			ManagementIpConfiguration: network.AzureFirewallIPConfigurationResponse{
    				Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
    				PublicIPAddress: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
    				},
    				Subnet: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
    				},
    			},
    			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Dnat"),
    					},
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
    				{
    					Action: {
    						Type: pulumi.String("Deny"),
    					},
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String("TCP"),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String("AZFW_VNet"),
    				Tier: pulumi.String("Standard"),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String("Alert"),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .applicationRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "apprulecoll"),
                    Map.entry("priority", 110),
                    Map.entry("rules", Map.ofEntries(
                        Map.entry("description", "Deny inbound rule"),
                        Map.entry("name", "rule1"),
                        Map.entry("protocols", Map.ofEntries(
                            Map.entry("port", 443),
                            Map.entry("protocolType", "Https")
                        )),
                        Map.entry("sourceAddresses",                     
                            "216.58.216.164",
                            "10.0.0.0/24"),
                        Map.entry("targetFqdns", "www.test.com")
                    ))
                ))
                .azureFirewallName("azurefirewall")
                .ipConfigurations(Map.ofEntries(
                    Map.entry("name", "azureFirewallIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
                ))
                .location("West US")
                .managementIpConfiguration(Map.ofEntries(
                    Map.entry("name", "azureFirewallMgmtIpConfiguration"),
                    Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")),
                    Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"))
                ))
                .natRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Dnat")),
                    Map.entry("name", "natrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "443"),
                            Map.entry("name", "DNAT-HTTPS-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedAddress", "1.2.3.5"),
                            Map.entry("translatedPort", "8443")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                            Map.entry("destinationAddresses", "1.2.3.4"),
                            Map.entry("destinationPorts", "80"),
                            Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "*"),
                            Map.entry("translatedFqdn", "internalhttpserver"),
                            Map.entry("translatedPort", "880")
                        ))
                ))
                .networkRuleCollections(Map.ofEntries(
                    Map.entry("action", Map.of("type", "Deny")),
                    Map.entry("name", "netrulecoll"),
                    Map.entry("priority", 112),
                    Map.entry("rules",                 
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports"),
                            Map.entry("destinationAddresses", "*"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses",                         
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                        ),
                        Map.ofEntries(
                            Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                            Map.entry("destinationFqdns", "www.amazon.com"),
                            Map.entry("destinationPorts",                         
                                "443-444",
                                "8443"),
                            Map.entry("name", "L4-traffic-with-FQDN"),
                            Map.entry("protocols", "TCP"),
                            Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                        ))
                ))
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_VNet"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                    port=443,
                    protocol_type="Https",
                )],
                "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "targetFqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "publicIPAddress": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            ),
            "subnet": azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            ),
        }],
        location="West US",
        management_ip_configuration=azure_native.network.AzureFirewallIPConfigurationResponseArgs(
            name="azureFirewallMgmtIpConfiguration",
            public_ip_address=azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            ),
            subnet=azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            ),
        ),
        nat_rule_collections=[{
            "action": azure_native.network.AzureFirewallNatRCActionArgs(
                type="Dnat",
            ),
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all outbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["443"],
                    name="DNAT-HTTPS-traffic",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_address="1.2.3.5",
                    translated_port="8443",
                ),
                azure_native.network.AzureFirewallNatRuleArgs(
                    description="D-NAT all inbound web traffic for inspection",
                    destination_addresses=["1.2.3.4"],
                    destination_ports=["80"],
                    name="DNAT-HTTP-traffic-With-FQDN",
                    protocols=["TCP"],
                    source_addresses=["*"],
                    translated_fqdn="internalhttpserver",
                    translated_port="880",
                ),
            ],
        }],
        network_rule_collections=[{
            "action": azure_native.network.AzureFirewallRCActionArgs(
                type="Deny",
            ),
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports",
                    destination_addresses=["*"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic",
                    protocols=["TCP"],
                    source_addresses=[
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                ),
                azure_native.network.AzureFirewallNetworkRuleArgs(
                    description="Block traffic based on source IPs and ports to amazon",
                    destination_fqdns=["www.amazon.com"],
                    destination_ports=[
                        "443-444",
                        "8443",
                    ],
                    name="L4-traffic-with-FQDN",
                    protocols=["TCP"],
                    source_addresses=["10.2.4.12-10.2.4.255"],
                ),
            ],
        }],
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_VNet",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: "Https",
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        managementIpConfiguration: {
            name: "azureFirewallMgmtIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        natRuleCollections: [{
            action: {
                type: "Dnat",
            },
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: "Deny",
            },
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: ["TCP"],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: ["TCP"],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_VNet",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          managementIpConfiguration:
            name: azureFirewallMgmtIpConfiguration
            publicIPAddress:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
            subnet:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
          natRuleCollections:
            - action:
                type: Dnat
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall in virtual Hub

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AzureFirewallName = "azurefirewall",
            FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
            },
            HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
            {
                PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
                {
                    Addresses = new[] {},
                    Count = 1,
                },
            },
            Location = "West US",
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = "AZFW_Hub",
                Tier = "Standard",
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
            },
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    _, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    AzureFirewallName: pulumi.String("azurefirewall"),
    FirewallPolicy: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"),
    },
    HubIPAddresses: network.HubIPAddressesResponse{
    PublicIPs: interface{}{
    Addresses: network.AzureFirewallPublicIPAddressArray{
    },
    Count: pulumi.Int(1),
    },
    },
    Location: pulumi.String("West US"),
    ResourceGroupName: pulumi.String("rg1"),
    Sku: &network.AzureFirewallSkuArgs{
    Name: pulumi.String("AZFW_Hub"),
    Tier: pulumi.String("Standard"),
    },
    Tags: pulumi.StringMap{
    "key1": pulumi.String("value1"),
    },
    ThreatIntelMode: pulumi.String("Alert"),
    VirtualHub: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"),
    },
    Zones: pulumi.StringArray{
    },
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
                .azureFirewallName("azurefirewall")
                .firewallPolicy(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"))
                .hubIPAddresses(Map.of("publicIPs", Map.ofEntries(
                    Map.entry("addresses", ),
                    Map.entry("count", 1)
                )))
                .location("West US")
                .resourceGroupName("rg1")
                .sku(Map.ofEntries(
                    Map.entry("name", "AZFW_Hub"),
                    Map.entry("tier", "Standard")
                ))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .virtualHub(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"))
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        azure_firewall_name="azurefirewall",
        firewall_policy=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        ),
        hub_ip_addresses=azure_native.network.HubIPAddressesResponseArgs(
            public_ips={
                "addresses": [],
                "count": 1,
            },
        ),
        location="West US",
        resource_group_name="rg1",
        sku=azure_native.network.AzureFirewallSkuArgs(
            name="AZFW_Hub",
            tier="Standard",
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        virtual_hub=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        ),
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        azureFirewallName: "azurefirewall",
        firewallPolicy: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        hubIPAddresses: {
            publicIPs: {
                addresses: [],
                count: 1,
            },
        },
        location: "West US",
        resourceGroupName: "rg1",
        sku: {
            name: "AZFW_Hub",
            tier: "Standard",
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        virtualHub: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          azureFirewallName: azurefirewall
          firewallPolicy:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
          hubIPAddresses:
            publicIPs:
              addresses: []
              count: 1
          location: West US
          resourceGroupName: rg1
          sku:
            name: AZFW_Hub
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          virtualHub:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
          zones: []
    

    Create AzureFirewall Resource

    new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);
    @overload
    def AzureFirewall(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      additional_properties: Optional[Mapping[str, str]] = None,
                      application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
                      azure_firewall_name: Optional[str] = None,
                      firewall_policy: Optional[SubResourceArgs] = None,
                      hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
                      id: Optional[str] = None,
                      ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
                      location: Optional[str] = None,
                      management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
                      nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
                      network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
                      resource_group_name: Optional[str] = None,
                      sku: Optional[AzureFirewallSkuArgs] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                      virtual_hub: Optional[SubResourceArgs] = None,
                      zones: Optional[Sequence[str]] = None)
    @overload
    def AzureFirewall(resource_name: str,
                      args: AzureFirewallArgs,
                      opts: Optional[ResourceOptions] = None)
    func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)
    public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
    public AzureFirewall(String name, AzureFirewallArgs args)
    public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
    
    type: azure-native:network:AzureFirewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    AzureFirewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AzureFirewall resource accepts the following input properties:

    ResourceGroupName string

    The name of the resource group.

    AdditionalProperties Dictionary<string, string>

    The additional properties used to further config this azure firewall.

    ApplicationRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollection>

    Collection of application rule collections used by Azure Firewall.

    AzureFirewallName string

    The name of the Azure Firewall.

    FirewallPolicy Pulumi.AzureNative.Network.Inputs.SubResource

    The firewallPolicy associated with this azure firewall.

    HubIPAddresses Pulumi.AzureNative.Network.Inputs.HubIPAddresses

    IP addresses associated with AzureFirewall.

    Id string

    Resource ID.

    IpConfigurations List<Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration>

    IP configuration of the Azure Firewall resource.

    Location string

    Resource location.

    ManagementIpConfiguration Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration

    IP configuration of the Azure Firewall used for management traffic.

    NatRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleCollection>

    Collection of NAT rule collections used by Azure Firewall.

    NetworkRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollection>

    Collection of network rule collections used by Azure Firewall.

    Sku Pulumi.AzureNative.Network.Inputs.AzureFirewallSku

    The Azure Firewall Resource SKU.

    Tags Dictionary<string, string>

    Resource tags.

    ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    VirtualHub Pulumi.AzureNative.Network.Inputs.SubResource

    The virtualHub to which the firewall belongs.

    Zones List<string>

    A list of availability zones denoting where the resource needs to come from.

    ResourceGroupName string

    The name of the resource group.

    AdditionalProperties map[string]string

    The additional properties used to further config this azure firewall.

    ApplicationRuleCollections []AzureFirewallApplicationRuleCollectionArgs

    Collection of application rule collections used by Azure Firewall.

    AzureFirewallName string

    The name of the Azure Firewall.

    FirewallPolicy SubResourceArgs

    The firewallPolicy associated with this azure firewall.

    HubIPAddresses HubIPAddressesArgs

    IP addresses associated with AzureFirewall.

    Id string

    Resource ID.

    IpConfigurations []AzureFirewallIPConfigurationArgs

    IP configuration of the Azure Firewall resource.

    Location string

    Resource location.

    ManagementIpConfiguration AzureFirewallIPConfigurationArgs

    IP configuration of the Azure Firewall used for management traffic.

    NatRuleCollections []AzureFirewallNatRuleCollectionArgs

    Collection of NAT rule collections used by Azure Firewall.

    NetworkRuleCollections []AzureFirewallNetworkRuleCollectionArgs

    Collection of network rule collections used by Azure Firewall.

    Sku AzureFirewallSkuArgs

    The Azure Firewall Resource SKU.

    Tags map[string]string

    Resource tags.

    ThreatIntelMode string | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    VirtualHub SubResourceArgs

    The virtualHub to which the firewall belongs.

    Zones []string

    A list of availability zones denoting where the resource needs to come from.

    resourceGroupName String

    The name of the resource group.

    additionalProperties Map<String,String>

    The additional properties used to further config this azure firewall.

    applicationRuleCollections List<AzureFirewallApplicationRuleCollection>

    Collection of application rule collections used by Azure Firewall.

    azureFirewallName String

    The name of the Azure Firewall.

    firewallPolicy SubResource

    The firewallPolicy associated with this azure firewall.

    hubIPAddresses HubIPAddresses

    IP addresses associated with AzureFirewall.

    id String

    Resource ID.

    ipConfigurations List<AzureFirewallIPConfiguration>

    IP configuration of the Azure Firewall resource.

    location String

    Resource location.

    managementIpConfiguration AzureFirewallIPConfiguration

    IP configuration of the Azure Firewall used for management traffic.

    natRuleCollections List<AzureFirewallNatRuleCollection>

    Collection of NAT rule collections used by Azure Firewall.

    networkRuleCollections List<AzureFirewallNetworkRuleCollection>

    Collection of network rule collections used by Azure Firewall.

    sku AzureFirewallSku

    The Azure Firewall Resource SKU.

    tags Map<String,String>

    Resource tags.

    threatIntelMode String | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    virtualHub SubResource

    The virtualHub to which the firewall belongs.

    zones List<String>

    A list of availability zones denoting where the resource needs to come from.

    resourceGroupName string

    The name of the resource group.

    additionalProperties {[key: string]: string}

    The additional properties used to further config this azure firewall.

    applicationRuleCollections AzureFirewallApplicationRuleCollection[]

    Collection of application rule collections used by Azure Firewall.

    azureFirewallName string

    The name of the Azure Firewall.

    firewallPolicy SubResource

    The firewallPolicy associated with this azure firewall.

    hubIPAddresses HubIPAddresses

    IP addresses associated with AzureFirewall.

    id string

    Resource ID.

    ipConfigurations AzureFirewallIPConfiguration[]

    IP configuration of the Azure Firewall resource.

    location string

    Resource location.

    managementIpConfiguration AzureFirewallIPConfiguration

    IP configuration of the Azure Firewall used for management traffic.

    natRuleCollections AzureFirewallNatRuleCollection[]

    Collection of NAT rule collections used by Azure Firewall.

    networkRuleCollections AzureFirewallNetworkRuleCollection[]

    Collection of network rule collections used by Azure Firewall.

    sku AzureFirewallSku

    The Azure Firewall Resource SKU.

    tags {[key: string]: string}

    Resource tags.

    threatIntelMode string | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    virtualHub SubResource

    The virtualHub to which the firewall belongs.

    zones string[]

    A list of availability zones denoting where the resource needs to come from.

    resource_group_name str

    The name of the resource group.

    additional_properties Mapping[str, str]

    The additional properties used to further config this azure firewall.

    application_rule_collections Sequence[AzureFirewallApplicationRuleCollectionArgs]

    Collection of application rule collections used by Azure Firewall.

    azure_firewall_name str

    The name of the Azure Firewall.

    firewall_policy SubResourceArgs

    The firewallPolicy associated with this azure firewall.

    hub_ip_addresses HubIPAddressesArgs

    IP addresses associated with AzureFirewall.

    id str

    Resource ID.

    ip_configurations Sequence[AzureFirewallIPConfigurationArgs]

    IP configuration of the Azure Firewall resource.

    location str

    Resource location.

    management_ip_configuration AzureFirewallIPConfigurationArgs

    IP configuration of the Azure Firewall used for management traffic.

    nat_rule_collections Sequence[AzureFirewallNatRuleCollectionArgs]

    Collection of NAT rule collections used by Azure Firewall.

    network_rule_collections Sequence[AzureFirewallNetworkRuleCollectionArgs]

    Collection of network rule collections used by Azure Firewall.

    sku AzureFirewallSkuArgs

    The Azure Firewall Resource SKU.

    tags Mapping[str, str]

    Resource tags.

    threat_intel_mode str | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    virtual_hub SubResourceArgs

    The virtualHub to which the firewall belongs.

    zones Sequence[str]

    A list of availability zones denoting where the resource needs to come from.

    resourceGroupName String

    The name of the resource group.

    additionalProperties Map<String>

    The additional properties used to further config this azure firewall.

    applicationRuleCollections List<Property Map>

    Collection of application rule collections used by Azure Firewall.

    azureFirewallName String

    The name of the Azure Firewall.

    firewallPolicy Property Map

    The firewallPolicy associated with this azure firewall.

    hubIPAddresses Property Map

    IP addresses associated with AzureFirewall.

    id String

    Resource ID.

    ipConfigurations List<Property Map>

    IP configuration of the Azure Firewall resource.

    location String

    Resource location.

    managementIpConfiguration Property Map

    IP configuration of the Azure Firewall used for management traffic.

    natRuleCollections List<Property Map>

    Collection of NAT rule collections used by Azure Firewall.

    networkRuleCollections List<Property Map>

    Collection of network rule collections used by Azure Firewall.

    sku Property Map

    The Azure Firewall Resource SKU.

    tags Map<String>

    Resource tags.

    threatIntelMode String | "Alert" | "Deny" | "Off"

    The operation mode for Threat Intelligence.

    virtualHub Property Map

    The virtualHub to which the firewall belongs.

    zones List<String>

    A list of availability zones denoting where the resource needs to come from.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    Id string

    The provider-assigned unique ID for this managed resource.

    IpGroups List<Pulumi.AzureNative.Network.Outputs.AzureFirewallIpGroupsResponse>

    IpGroups associated with AzureFirewall.

    Name string

    Resource name.

    ProvisioningState string

    The provisioning state of the Azure firewall resource.

    Type string

    Resource type.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    Id string

    The provider-assigned unique ID for this managed resource.

    IpGroups []AzureFirewallIpGroupsResponse

    IpGroups associated with AzureFirewall.

    Name string

    Resource name.

    ProvisioningState string

    The provisioning state of the Azure firewall resource.

    Type string

    Resource type.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    id String

    The provider-assigned unique ID for this managed resource.

    ipGroups List<AzureFirewallIpGroupsResponse>

    IpGroups associated with AzureFirewall.

    name String

    Resource name.

    provisioningState String

    The provisioning state of the Azure firewall resource.

    type String

    Resource type.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    id string

    The provider-assigned unique ID for this managed resource.

    ipGroups AzureFirewallIpGroupsResponse[]

    IpGroups associated with AzureFirewall.

    name string

    Resource name.

    provisioningState string

    The provisioning state of the Azure firewall resource.

    type string

    Resource type.

    etag str

    A unique read-only string that changes whenever the resource is updated.

    id str

    The provider-assigned unique ID for this managed resource.

    ip_groups Sequence[AzureFirewallIpGroupsResponse]

    IpGroups associated with AzureFirewall.

    name str

    Resource name.

    provisioning_state str

    The provisioning state of the Azure firewall resource.

    type str

    Resource type.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    id String

    The provider-assigned unique ID for this managed resource.

    ipGroups List<Property Map>

    IpGroups associated with AzureFirewall.

    name String

    Resource name.

    provisioningState String

    The provisioning state of the Azure firewall resource.

    type String

    Resource type.

    Supporting Types

    AzureFirewallApplicationRule, AzureFirewallApplicationRuleArgs

    Description string

    Description of the rule.

    FqdnTags List<string>

    List of FQDN Tags for this rule.

    Name string

    Name of the application rule.

    Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocol>

    Array of ApplicationRuleProtocols.

    SourceAddresses List<string>

    List of source IP addresses for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    TargetFqdns List<string>

    List of FQDNs for this rule.

    Description string

    Description of the rule.

    FqdnTags []string

    List of FQDN Tags for this rule.

    Name string

    Name of the application rule.

    Protocols []AzureFirewallApplicationRuleProtocol

    Array of ApplicationRuleProtocols.

    SourceAddresses []string

    List of source IP addresses for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    TargetFqdns []string

    List of FQDNs for this rule.

    description String

    Description of the rule.

    fqdnTags List<String>

    List of FQDN Tags for this rule.

    name String

    Name of the application rule.

    protocols List<AzureFirewallApplicationRuleProtocol>

    Array of ApplicationRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    targetFqdns List<String>

    List of FQDNs for this rule.

    description string

    Description of the rule.

    fqdnTags string[]

    List of FQDN Tags for this rule.

    name string

    Name of the application rule.

    protocols AzureFirewallApplicationRuleProtocol[]

    Array of ApplicationRuleProtocols.

    sourceAddresses string[]

    List of source IP addresses for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    targetFqdns string[]

    List of FQDNs for this rule.

    description str

    Description of the rule.

    fqdn_tags Sequence[str]

    List of FQDN Tags for this rule.

    name str

    Name of the application rule.

    protocols Sequence[AzureFirewallApplicationRuleProtocol]

    Array of ApplicationRuleProtocols.

    source_addresses Sequence[str]

    List of source IP addresses for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    target_fqdns Sequence[str]

    List of FQDNs for this rule.

    description String

    Description of the rule.

    fqdnTags List<String>

    List of FQDN Tags for this rule.

    name String

    Name of the application rule.

    protocols List<Property Map>

    Array of ApplicationRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    targetFqdns List<String>

    List of FQDNs for this rule.

    AzureFirewallApplicationRuleCollection, AzureFirewallApplicationRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the application rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRule>

    Collection of rules used by a application rule collection.

    Action AzureFirewallRCAction

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the application rule collection resource.

    Rules []AzureFirewallApplicationRule

    Collection of rules used by a application rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the application rule collection resource.

    rules List<AzureFirewallApplicationRule>

    Collection of rules used by a application rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id string

    Resource ID.

    name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority number

    Priority of the application rule collection resource.

    rules AzureFirewallApplicationRule[]

    Collection of rules used by a application rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id str

    Resource ID.

    name str

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority int

    Priority of the application rule collection resource.

    rules Sequence[AzureFirewallApplicationRule]

    Collection of rules used by a application rule collection.

    action Property Map

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Number

    Priority of the application rule collection resource.

    rules List<Property Map>

    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleCollectionResponse, AzureFirewallApplicationRuleCollectionResponseArgs

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the application rule collection resource.

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the application rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleResponse>

    Collection of rules used by a application rule collection.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the application rule collection resource.

    Action AzureFirewallRCActionResponse

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the application rule collection resource.

    Rules []AzureFirewallApplicationRuleResponse

    Collection of rules used by a application rule collection.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    provisioningState String

    The provisioning state of the application rule collection resource.

    action AzureFirewallRCActionResponse

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the application rule collection resource.

    rules List<AzureFirewallApplicationRuleResponse>

    Collection of rules used by a application rule collection.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    provisioningState string

    The provisioning state of the application rule collection resource.

    action AzureFirewallRCActionResponse

    The action type of a rule collection.

    id string

    Resource ID.

    name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority number

    Priority of the application rule collection resource.

    rules AzureFirewallApplicationRuleResponse[]

    Collection of rules used by a application rule collection.

    etag str

    A unique read-only string that changes whenever the resource is updated.

    provisioning_state str

    The provisioning state of the application rule collection resource.

    action AzureFirewallRCActionResponse

    The action type of a rule collection.

    id str

    Resource ID.

    name str

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority int

    Priority of the application rule collection resource.

    rules Sequence[AzureFirewallApplicationRuleResponse]

    Collection of rules used by a application rule collection.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    provisioningState String

    The provisioning state of the application rule collection resource.

    action Property Map

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Number

    Priority of the application rule collection resource.

    rules List<Property Map>

    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleProtocol, AzureFirewallApplicationRuleProtocolArgs

    Port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    ProtocolType string | Pulumi.AzureNative.Network.AzureFirewallApplicationRuleProtocolType

    Protocol type.

    Port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    ProtocolType string | AzureFirewallApplicationRuleProtocolType

    Protocol type.

    port Integer

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType String | AzureFirewallApplicationRuleProtocolType

    Protocol type.

    port number

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType string | AzureFirewallApplicationRuleProtocolType

    Protocol type.

    port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocol_type str | AzureFirewallApplicationRuleProtocolType

    Protocol type.

    port Number

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType String | "Http" | "Https" | "Mssql"

    Protocol type.

    AzureFirewallApplicationRuleProtocolResponse, AzureFirewallApplicationRuleProtocolResponseArgs

    Port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    ProtocolType string

    Protocol type.

    Port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    ProtocolType string

    Protocol type.

    port Integer

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType String

    Protocol type.

    port number

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType string

    Protocol type.

    port int

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocol_type str

    Protocol type.

    port Number

    Port number for the protocol, cannot be greater than 64000. This field is optional.

    protocolType String

    Protocol type.

    AzureFirewallApplicationRuleProtocolType, AzureFirewallApplicationRuleProtocolTypeArgs

    Http
    Http
    Https
    Https
    Mssql
    Mssql
    AzureFirewallApplicationRuleProtocolTypeHttp
    Http
    AzureFirewallApplicationRuleProtocolTypeHttps
    Https
    AzureFirewallApplicationRuleProtocolTypeMssql
    Mssql
    Http
    Http
    Https
    Https
    Mssql
    Mssql
    Http
    Http
    Https
    Https
    Mssql
    Mssql
    HTTP
    Http
    HTTPS
    Https
    MSSQL
    Mssql
    "Http"
    Http
    "Https"
    Https
    "Mssql"
    Mssql

    AzureFirewallApplicationRuleResponse, AzureFirewallApplicationRuleResponseArgs

    Description string

    Description of the rule.

    FqdnTags List<string>

    List of FQDN Tags for this rule.

    Name string

    Name of the application rule.

    Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolResponse>

    Array of ApplicationRuleProtocols.

    SourceAddresses List<string>

    List of source IP addresses for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    TargetFqdns List<string>

    List of FQDNs for this rule.

    Description string

    Description of the rule.

    FqdnTags []string

    List of FQDN Tags for this rule.

    Name string

    Name of the application rule.

    Protocols []AzureFirewallApplicationRuleProtocolResponse

    Array of ApplicationRuleProtocols.

    SourceAddresses []string

    List of source IP addresses for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    TargetFqdns []string

    List of FQDNs for this rule.

    description String

    Description of the rule.

    fqdnTags List<String>

    List of FQDN Tags for this rule.

    name String

    Name of the application rule.

    protocols List<AzureFirewallApplicationRuleProtocolResponse>

    Array of ApplicationRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    targetFqdns List<String>

    List of FQDNs for this rule.

    description string

    Description of the rule.

    fqdnTags string[]

    List of FQDN Tags for this rule.

    name string

    Name of the application rule.

    protocols AzureFirewallApplicationRuleProtocolResponse[]

    Array of ApplicationRuleProtocols.

    sourceAddresses string[]

    List of source IP addresses for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    targetFqdns string[]

    List of FQDNs for this rule.

    description str

    Description of the rule.

    fqdn_tags Sequence[str]

    List of FQDN Tags for this rule.

    name str

    Name of the application rule.

    protocols Sequence[AzureFirewallApplicationRuleProtocolResponse]

    Array of ApplicationRuleProtocols.

    source_addresses Sequence[str]

    List of source IP addresses for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    target_fqdns Sequence[str]

    List of FQDNs for this rule.

    description String

    Description of the rule.

    fqdnTags List<String>

    List of FQDN Tags for this rule.

    name String

    Name of the application rule.

    protocols List<Property Map>

    Array of ApplicationRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    targetFqdns List<String>

    List of FQDNs for this rule.

    AzureFirewallIPConfiguration, AzureFirewallIPConfigurationArgs

    Id string

    Resource ID.

    Name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResource

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    Subnet Pulumi.AzureNative.Network.Inputs.SubResource

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    Id string

    Resource ID.

    Name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    PublicIPAddress SubResource

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    Subnet SubResource

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    id String

    Resource ID.

    name String

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress SubResource

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResource

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    id string

    Resource ID.

    name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress SubResource

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResource

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    id str

    Resource ID.

    name str

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    public_ip_address SubResource

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResource

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    id String

    Resource ID.

    name String

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress Property Map

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet Property Map

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    AzureFirewallIPConfigurationResponse, AzureFirewallIPConfigurationResponseArgs

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    PrivateIPAddress string

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    ProvisioningState string

    The provisioning state of the Azure firewall IP configuration resource.

    Type string

    Type of the resource.

    Id string

    Resource ID.

    Name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResourceResponse

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    Subnet Pulumi.AzureNative.Network.Inputs.SubResourceResponse

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    PrivateIPAddress string

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    ProvisioningState string

    The provisioning state of the Azure firewall IP configuration resource.

    Type string

    Type of the resource.

    Id string

    Resource ID.

    Name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    PublicIPAddress SubResourceResponse

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    Subnet SubResourceResponse

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    privateIPAddress String

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    provisioningState String

    The provisioning state of the Azure firewall IP configuration resource.

    type String

    Type of the resource.

    id String

    Resource ID.

    name String

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress SubResourceResponse

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResourceResponse

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    privateIPAddress string

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    provisioningState string

    The provisioning state of the Azure firewall IP configuration resource.

    type string

    Type of the resource.

    id string

    Resource ID.

    name string

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress SubResourceResponse

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResourceResponse

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    etag str

    A unique read-only string that changes whenever the resource is updated.

    private_ip_address str

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    provisioning_state str

    The provisioning state of the Azure firewall IP configuration resource.

    type str

    Type of the resource.

    id str

    Resource ID.

    name str

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    public_ip_address SubResourceResponse

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet SubResourceResponse

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    privateIPAddress String

    The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

    provisioningState String

    The provisioning state of the Azure firewall IP configuration resource.

    type String

    Type of the resource.

    id String

    Resource ID.

    name String

    Name of the resource that is unique within a resource group. This name can be used to access the resource.

    publicIPAddress Property Map

    Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

    subnet Property Map

    Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

    AzureFirewallIpGroupsResponse, AzureFirewallIpGroupsResponseArgs

    ChangeNumber string

    The iteration number.

    Id string

    Resource ID.

    ChangeNumber string

    The iteration number.

    Id string

    Resource ID.

    changeNumber String

    The iteration number.

    id String

    Resource ID.

    changeNumber string

    The iteration number.

    id string

    Resource ID.

    change_number str

    The iteration number.

    id str

    Resource ID.

    changeNumber String

    The iteration number.

    id String

    Resource ID.

    AzureFirewallNatRCAction, AzureFirewallNatRCActionArgs

    Type string | AzureFirewallNatRCActionType

    The type of action.

    type String | AzureFirewallNatRCActionType

    The type of action.

    type string | AzureFirewallNatRCActionType

    The type of action.

    type str | AzureFirewallNatRCActionType

    The type of action.

    type String | "Snat" | "Dnat"

    The type of action.

    AzureFirewallNatRCActionResponse, AzureFirewallNatRCActionResponseArgs

    Type string

    The type of action.

    Type string

    The type of action.

    type String

    The type of action.

    type string

    The type of action.

    type str

    The type of action.

    type String

    The type of action.

    AzureFirewallNatRCActionType, AzureFirewallNatRCActionTypeArgs

    Snat
    Snat
    Dnat
    Dnat
    AzureFirewallNatRCActionTypeSnat
    Snat
    AzureFirewallNatRCActionTypeDnat
    Dnat
    Snat
    Snat
    Dnat
    Dnat
    Snat
    Snat
    Dnat
    Dnat
    SNAT
    Snat
    DNAT
    Dnat
    "Snat"
    Snat
    "Dnat"
    Dnat

    AzureFirewallNatRule, AzureFirewallNatRuleArgs

    Description string

    Description of the rule.

    DestinationAddresses List<string>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    DestinationPorts List<string>

    List of destination ports.

    Name string

    Name of the NAT rule.

    Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    SourceAddresses List<string>

    List of source IP addresses for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    TranslatedAddress string

    The translated address for this NAT rule.

    TranslatedFqdn string

    The translated FQDN for this NAT rule.

    TranslatedPort string

    The translated port for this NAT rule.

    Description string

    Description of the rule.

    DestinationAddresses []string

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    DestinationPorts []string

    List of destination ports.

    Name string

    Name of the NAT rule.

    Protocols []string

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    SourceAddresses []string

    List of source IP addresses for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    TranslatedAddress string

    The translated address for this NAT rule.

    TranslatedFqdn string

    The translated FQDN for this NAT rule.

    TranslatedPort string

    The translated port for this NAT rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the NAT rule.

    protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    translatedAddress String

    The translated address for this NAT rule.

    translatedFqdn String

    The translated FQDN for this NAT rule.

    translatedPort String

    The translated port for this NAT rule.

    description string

    Description of the rule.

    destinationAddresses string[]

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts string[]

    List of destination ports.

    name string

    Name of the NAT rule.

    protocols (string | AzureFirewallNetworkRuleProtocol)[]

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses string[]

    List of source IP addresses for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    translatedAddress string

    The translated address for this NAT rule.

    translatedFqdn string

    The translated FQDN for this NAT rule.

    translatedPort string

    The translated port for this NAT rule.

    description str

    Description of the rule.

    destination_addresses Sequence[str]

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destination_ports Sequence[str]

    List of destination ports.

    name str

    Name of the NAT rule.

    protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    source_addresses Sequence[str]

    List of source IP addresses for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    translated_address str

    The translated address for this NAT rule.

    translated_fqdn str

    The translated FQDN for this NAT rule.

    translated_port str

    The translated port for this NAT rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the NAT rule.

    protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    translatedAddress String

    The translated address for this NAT rule.

    translatedFqdn String

    The translated FQDN for this NAT rule.

    translatedPort String

    The translated port for this NAT rule.

    AzureFirewallNatRuleCollection, AzureFirewallNatRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCAction

    The action type of a NAT rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the NAT rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRule>

    Collection of rules used by a NAT rule collection.

    Action AzureFirewallNatRCAction

    The action type of a NAT rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the NAT rule collection resource.

    Rules []AzureFirewallNatRule

    Collection of rules used by a NAT rule collection.

    action AzureFirewallNatRCAction

    The action type of a NAT rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the NAT rule collection resource.

    rules List<AzureFirewallNatRule>

    Collection of rules used by a NAT rule collection.

    action AzureFirewallNatRCAction

    The action type of a NAT rule collection.

    id string

    Resource ID.

    name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority number

    Priority of the NAT rule collection resource.

    rules AzureFirewallNatRule[]

    Collection of rules used by a NAT rule collection.

    action AzureFirewallNatRCAction

    The action type of a NAT rule collection.

    id str

    Resource ID.

    name str

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority int

    Priority of the NAT rule collection resource.

    rules Sequence[AzureFirewallNatRule]

    Collection of rules used by a NAT rule collection.

    action Property Map

    The action type of a NAT rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Number

    Priority of the NAT rule collection resource.

    rules List<Property Map>

    Collection of rules used by a NAT rule collection.

    AzureFirewallNatRuleCollectionResponse, AzureFirewallNatRuleCollectionResponseArgs

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the NAT rule collection resource.

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCActionResponse

    The action type of a NAT rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the NAT rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleResponse>

    Collection of rules used by a NAT rule collection.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the NAT rule collection resource.

    Action AzureFirewallNatRCActionResponse

    The action type of a NAT rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the NAT rule collection resource.

    Rules []AzureFirewallNatRuleResponse

    Collection of rules used by a NAT rule collection.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    provisioningState String

    The provisioning state of the NAT rule collection resource.

    action AzureFirewallNatRCActionResponse

    The action type of a NAT rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the NAT rule collection resource.

    rules List<AzureFirewallNatRuleResponse>

    Collection of rules used by a NAT rule collection.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    provisioningState string

    The provisioning state of the NAT rule collection resource.

    action AzureFirewallNatRCActionResponse

    The action type of a NAT rule collection.

    id string

    Resource ID.

    name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority number

    Priority of the NAT rule collection resource.

    rules AzureFirewallNatRuleResponse[]

    Collection of rules used by a NAT rule collection.

    etag str

    A unique read-only string that changes whenever the resource is updated.

    provisioning_state str

    The provisioning state of the NAT rule collection resource.

    action AzureFirewallNatRCActionResponse

    The action type of a NAT rule collection.

    id str

    Resource ID.

    name str

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority int

    Priority of the NAT rule collection resource.

    rules Sequence[AzureFirewallNatRuleResponse]

    Collection of rules used by a NAT rule collection.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    provisioningState String

    The provisioning state of the NAT rule collection resource.

    action Property Map

    The action type of a NAT rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Number

    Priority of the NAT rule collection resource.

    rules List<Property Map>

    Collection of rules used by a NAT rule collection.

    AzureFirewallNatRuleResponse, AzureFirewallNatRuleResponseArgs

    Description string

    Description of the rule.

    DestinationAddresses List<string>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    DestinationPorts List<string>

    List of destination ports.

    Name string

    Name of the NAT rule.

    Protocols List<string>

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    SourceAddresses List<string>

    List of source IP addresses for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    TranslatedAddress string

    The translated address for this NAT rule.

    TranslatedFqdn string

    The translated FQDN for this NAT rule.

    TranslatedPort string

    The translated port for this NAT rule.

    Description string

    Description of the rule.

    DestinationAddresses []string

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    DestinationPorts []string

    List of destination ports.

    Name string

    Name of the NAT rule.

    Protocols []string

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    SourceAddresses []string

    List of source IP addresses for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    TranslatedAddress string

    The translated address for this NAT rule.

    TranslatedFqdn string

    The translated FQDN for this NAT rule.

    TranslatedPort string

    The translated port for this NAT rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the NAT rule.

    protocols List<String>

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    translatedAddress String

    The translated address for this NAT rule.

    translatedFqdn String

    The translated FQDN for this NAT rule.

    translatedPort String

    The translated port for this NAT rule.

    description string

    Description of the rule.

    destinationAddresses string[]

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts string[]

    List of destination ports.

    name string

    Name of the NAT rule.

    protocols string[]

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses string[]

    List of source IP addresses for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    translatedAddress string

    The translated address for this NAT rule.

    translatedFqdn string

    The translated FQDN for this NAT rule.

    translatedPort string

    The translated port for this NAT rule.

    description str

    Description of the rule.

    destination_addresses Sequence[str]

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destination_ports Sequence[str]

    List of destination ports.

    name str

    Name of the NAT rule.

    protocols Sequence[str]

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    source_addresses Sequence[str]

    List of source IP addresses for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    translated_address str

    The translated address for this NAT rule.

    translated_fqdn str

    The translated FQDN for this NAT rule.

    translated_port str

    The translated port for this NAT rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the NAT rule.

    protocols List<String>

    Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    translatedAddress String

    The translated address for this NAT rule.

    translatedFqdn String

    The translated FQDN for this NAT rule.

    translatedPort String

    The translated port for this NAT rule.

    AzureFirewallNetworkRule, AzureFirewallNetworkRuleArgs

    Description string

    Description of the rule.

    DestinationAddresses List<string>

    List of destination IP addresses.

    DestinationFqdns List<string>

    List of destination FQDNs.

    DestinationIpGroups List<string>

    List of destination IpGroups for this rule.

    DestinationPorts List<string>

    List of destination ports.

    Name string

    Name of the network rule.

    Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>

    Array of AzureFirewallNetworkRuleProtocols.

    SourceAddresses List<string>

    List of source IP addresses for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    Description string

    Description of the rule.

    DestinationAddresses []string

    List of destination IP addresses.

    DestinationFqdns []string

    List of destination FQDNs.

    DestinationIpGroups []string

    List of destination IpGroups for this rule.

    DestinationPorts []string

    List of destination ports.

    Name string

    Name of the network rule.

    Protocols []string

    Array of AzureFirewallNetworkRuleProtocols.

    SourceAddresses []string

    List of source IP addresses for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses.

    destinationFqdns List<String>

    List of destination FQDNs.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the network rule.

    protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>

    Array of AzureFirewallNetworkRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    description string

    Description of the rule.

    destinationAddresses string[]

    List of destination IP addresses.

    destinationFqdns string[]

    List of destination FQDNs.

    destinationIpGroups string[]

    List of destination IpGroups for this rule.

    destinationPorts string[]

    List of destination ports.

    name string

    Name of the network rule.

    protocols (string | AzureFirewallNetworkRuleProtocol)[]

    Array of AzureFirewallNetworkRuleProtocols.

    sourceAddresses string[]

    List of source IP addresses for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    description str

    Description of the rule.

    destination_addresses Sequence[str]

    List of destination IP addresses.

    destination_fqdns Sequence[str]

    List of destination FQDNs.

    destination_ip_groups Sequence[str]

    List of destination IpGroups for this rule.

    destination_ports Sequence[str]

    List of destination ports.

    name str

    Name of the network rule.

    protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]

    Array of AzureFirewallNetworkRuleProtocols.

    source_addresses Sequence[str]

    List of source IP addresses for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    description String

    Description of the rule.

    destinationAddresses List<String>

    List of destination IP addresses.

    destinationFqdns List<String>

    List of destination FQDNs.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports.

    name String

    Name of the network rule.

    protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">

    Array of AzureFirewallNetworkRuleProtocols.

    sourceAddresses List<String>

    List of source IP addresses for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    AzureFirewallNetworkRuleCollection, AzureFirewallNetworkRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the network rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRule>

    Collection of rules used by a network rule collection.

    Action AzureFirewallRCAction

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the network rule collection resource.

    Rules []AzureFirewallNetworkRule

    Collection of rules used by a network rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the network rule collection resource.

    rules List<AzureFirewallNetworkRule>

    Collection of rules used by a network rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id string

    Resource ID.

    name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority number

    Priority of the network rule collection resource.

    rules AzureFirewallNetworkRule[]

    Collection of rules used by a network rule collection.

    action AzureFirewallRCAction

    The action type of a rule collection.

    id str

    Resource ID.

    name str

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority int

    Priority of the network rule collection resource.

    rules Sequence[AzureFirewallNetworkRule]

    Collection of rules used by a network rule collection.

    action Property Map

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Number

    Priority of the network rule collection resource.

    rules List<Property Map>

    Collection of rules used by a network rule collection.

    AzureFirewallNetworkRuleCollectionResponse, AzureFirewallNetworkRuleCollectionResponseArgs

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the network rule collection resource.

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the network rule collection resource.

    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleResponse>

    Collection of rules used by a network rule collection.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    ProvisioningState string

    The provisioning state of the network rule collection resource.

    Action AzureFirewallRCActionResponse

    The action type of a rule collection.

    Id string

    Resource ID.

    Name string

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    Priority int

    Priority of the network rule collection resource.

    Rules []AzureFirewallNetworkRuleResponse

    Collection of rules used by a network rule collection.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    provisioningState String

    The provisioning state of the network rule collection resource.

    action AzureFirewallRCActionResponse

    The action type of a rule collection.

    id String

    Resource ID.

    name String

    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

    priority Integer

    Priority of the network rule collection resource.

    rules List<AzureFirewallNetworkRuleResponse>

    Collection of rules used by a network rule collection.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    provisioningState string

    The provisioning state of the network rule collection resource.

    action AzureFirewallRCActionResponse

    The action type of a rule collection.

    id string

    Resource ID.