azure-native.network.AzureFirewall

Azure Firewall resource. API Version: 2020-11-01.

Example Usage

Create Azure Firewall

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = "Https",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "Dnat",
                },
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_VNet",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        Zones = new[] {},
    });

});
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String("Https"),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
				{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Dnat"),
					},
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String("AZFW_VNet"),
				Tier: pulumi.String("Standard"),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .applicationRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "apprulecoll"),
                Map.entry("priority", 110),
                Map.entry("rules", Map.ofEntries(
                    Map.entry("description", "Deny inbound rule"),
                    Map.entry("name", "rule1"),
                    Map.entry("protocols", Map.ofEntries(
                        Map.entry("port", 443),
                        Map.entry("protocolType", "Https")
                    )),
                    Map.entry("sourceAddresses",                     
                        "216.58.216.164",
                        "10.0.0.0/24"),
                    Map.entry("targetFqdns", "www.test.com")
                ))
            ))
            .azureFirewallName("azurefirewall")
            .ipConfigurations(Map.ofEntries(
                Map.entry("name", "azureFirewallIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
            ))
            .location("West US")
            .natRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Dnat")),
                Map.entry("name", "natrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "443"),
                        Map.entry("name", "DNAT-HTTPS-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedAddress", "1.2.3.5"),
                        Map.entry("translatedPort", "8443")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "80"),
                        Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedFqdn", "internalhttpserver"),
                        Map.entry("translatedPort", "880")
                    ))
            ))
            .networkRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "netrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports"),
                        Map.entry("destinationAddresses", "*"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses",                         
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                        Map.entry("destinationFqdns", "www.amazon.com"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic-with-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                    ))
            ))
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_VNet"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                port=443,
                protocol_type="Https",
            )],
            "sourceAddresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "targetFqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "publicIPAddress": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        ),
        "subnet": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        ),
    }],
    location="West US",
    nat_rule_collections=[{
        "action": azure_native.network.AzureFirewallNatRCActionArgs(
            type="Dnat",
        ),
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all outbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["443"],
                name="DNAT-HTTPS-traffic",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_address="1.2.3.5",
                translated_port="8443",
            ),
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all inbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["80"],
                name="DNAT-HTTP-traffic-With-FQDN",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_fqdn="internalhttpserver",
                translated_port="880",
            ),
        ],
    }],
    network_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports",
                destination_addresses=["*"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic",
                protocols=["TCP"],
                source_addresses=[
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            ),
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports to amazon",
                destination_fqdns=["www.amazon.com"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic-with-FQDN",
                protocols=["TCP"],
                source_addresses=["10.2.4.12-10.2.4.255"],
            ),
        ],
    }],
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_VNet",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: "Https",
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: "Dnat",
        },
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: ["TCP"],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_VNet",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    zones: [],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []

Create Azure Firewall With Additional Properties

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        AdditionalProperties = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = "Https",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "Dnat",
                },
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_VNet",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        Zones = new[] {},
    });

});
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			AdditionalProperties: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String("Https"),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
				{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Dnat"),
					},
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String("AZFW_VNet"),
				Tier: pulumi.String("Standard"),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .additionalProperties(Map.ofEntries(
                Map.entry("key1", "value1"),
                Map.entry("key2", "value2")
            ))
            .applicationRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "apprulecoll"),
                Map.entry("priority", 110),
                Map.entry("rules", Map.ofEntries(
                    Map.entry("description", "Deny inbound rule"),
                    Map.entry("name", "rule1"),
                    Map.entry("protocols", Map.ofEntries(
                        Map.entry("port", 443),
                        Map.entry("protocolType", "Https")
                    )),
                    Map.entry("sourceAddresses",                     
                        "216.58.216.164",
                        "10.0.0.0/24"),
                    Map.entry("targetFqdns", "www.test.com")
                ))
            ))
            .azureFirewallName("azurefirewall")
            .ipConfigurations(Map.ofEntries(
                Map.entry("name", "azureFirewallIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
            ))
            .location("West US")
            .natRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Dnat")),
                Map.entry("name", "natrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "443"),
                        Map.entry("name", "DNAT-HTTPS-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedAddress", "1.2.3.5"),
                        Map.entry("translatedPort", "8443")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "80"),
                        Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedFqdn", "internalhttpserver"),
                        Map.entry("translatedPort", "880")
                    ))
            ))
            .networkRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "netrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports"),
                        Map.entry("destinationAddresses", "*"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses",                         
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                        Map.entry("destinationFqdns", "www.amazon.com"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic-with-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                    ))
            ))
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_VNet"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    additional_properties={
        "key1": "value1",
        "key2": "value2",
    },
    application_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                port=443,
                protocol_type="Https",
            )],
            "sourceAddresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "targetFqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "publicIPAddress": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        ),
        "subnet": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        ),
    }],
    location="West US",
    nat_rule_collections=[{
        "action": azure_native.network.AzureFirewallNatRCActionArgs(
            type="Dnat",
        ),
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all outbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["443"],
                name="DNAT-HTTPS-traffic",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_address="1.2.3.5",
                translated_port="8443",
            ),
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all inbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["80"],
                name="DNAT-HTTP-traffic-With-FQDN",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_fqdn="internalhttpserver",
                translated_port="880",
            ),
        ],
    }],
    network_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports",
                destination_addresses=["*"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic",
                protocols=["TCP"],
                source_addresses=[
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            ),
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports to amazon",
                destination_fqdns=["www.amazon.com"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic-with-FQDN",
                protocols=["TCP"],
                source_addresses=["10.2.4.12-10.2.4.255"],
            ),
        ],
    }],
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_VNet",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    additionalProperties: {
        key1: "value1",
        key2: "value2",
    },
    applicationRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: "Https",
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: "Dnat",
        },
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: ["TCP"],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_VNet",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    zones: [],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      additionalProperties:
        key1: value1
        key2: value2
      applicationRuleCollections:
        - action:
            type: Deny
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []

Create Azure Firewall With IpGroups

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = "Https",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "Dnat",
                },
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_VNet",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        Zones = new[] {},
    });

});
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String("Https"),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
				{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Dnat"),
					},
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String("AZFW_VNet"),
				Tier: pulumi.String("Standard"),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .applicationRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "apprulecoll"),
                Map.entry("priority", 110),
                Map.entry("rules", Map.ofEntries(
                    Map.entry("description", "Deny inbound rule"),
                    Map.entry("name", "rule1"),
                    Map.entry("protocols", Map.ofEntries(
                        Map.entry("port", 443),
                        Map.entry("protocolType", "Https")
                    )),
                    Map.entry("sourceAddresses",                     
                        "216.58.216.164",
                        "10.0.0.0/24"),
                    Map.entry("targetFqdns", "www.test.com")
                ))
            ))
            .azureFirewallName("azurefirewall")
            .ipConfigurations(Map.ofEntries(
                Map.entry("name", "azureFirewallIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
            ))
            .location("West US")
            .natRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Dnat")),
                Map.entry("name", "natrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "443"),
                        Map.entry("name", "DNAT-HTTPS-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedAddress", "1.2.3.5"),
                        Map.entry("translatedPort", "8443")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "80"),
                        Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedFqdn", "internalhttpserver"),
                        Map.entry("translatedPort", "880")
                    ))
            ))
            .networkRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "netrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports"),
                        Map.entry("destinationAddresses", "*"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses",                         
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                        Map.entry("destinationFqdns", "www.amazon.com"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic-with-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                    ))
            ))
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_VNet"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                port=443,
                protocol_type="Https",
            )],
            "sourceAddresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "targetFqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "publicIPAddress": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        ),
        "subnet": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        ),
    }],
    location="West US",
    nat_rule_collections=[{
        "action": azure_native.network.AzureFirewallNatRCActionArgs(
            type="Dnat",
        ),
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all outbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["443"],
                name="DNAT-HTTPS-traffic",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_address="1.2.3.5",
                translated_port="8443",
            ),
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all inbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["80"],
                name="DNAT-HTTP-traffic-With-FQDN",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_fqdn="internalhttpserver",
                translated_port="880",
            ),
        ],
    }],
    network_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports",
                destination_addresses=["*"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic",
                protocols=["TCP"],
                source_addresses=[
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            ),
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports to amazon",
                destination_fqdns=["www.amazon.com"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic-with-FQDN",
                protocols=["TCP"],
                source_addresses=["10.2.4.12-10.2.4.255"],
            ),
        ],
    }],
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_VNet",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: "Https",
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: "Dnat",
        },
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: ["TCP"],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_VNet",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    zones: [],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []

Create Azure Firewall With Zones

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = "Https",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US 2",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "Dnat",
                },
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_VNet",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        Zones = new[]
        {
            "1",
            "2",
            "3",
        },
    });

});
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String("Https"),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
				{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US 2"),
			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Dnat"),
					},
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String("AZFW_VNet"),
				Tier: pulumi.String("Standard"),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			Zones: pulumi.StringArray{
				pulumi.String("1"),
				pulumi.String("2"),
				pulumi.String("3"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .applicationRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "apprulecoll"),
                Map.entry("priority", 110),
                Map.entry("rules", Map.ofEntries(
                    Map.entry("description", "Deny inbound rule"),
                    Map.entry("name", "rule1"),
                    Map.entry("protocols", Map.ofEntries(
                        Map.entry("port", 443),
                        Map.entry("protocolType", "Https")
                    )),
                    Map.entry("sourceAddresses",                     
                        "216.58.216.164",
                        "10.0.0.0/24"),
                    Map.entry("targetFqdns", "www.test.com")
                ))
            ))
            .azureFirewallName("azurefirewall")
            .ipConfigurations(Map.ofEntries(
                Map.entry("name", "azureFirewallIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
            ))
            .location("West US 2")
            .natRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Dnat")),
                Map.entry("name", "natrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "443"),
                        Map.entry("name", "DNAT-HTTPS-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedAddress", "1.2.3.5"),
                        Map.entry("translatedPort", "8443")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "80"),
                        Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedFqdn", "internalhttpserver"),
                        Map.entry("translatedPort", "880")
                    ))
            ))
            .networkRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "netrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports"),
                        Map.entry("destinationAddresses", "*"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses",                         
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                        Map.entry("destinationFqdns", "www.amazon.com"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic-with-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                    ))
            ))
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_VNet"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones(            
                "1",
                "2",
                "3")
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                port=443,
                protocol_type="Https",
            )],
            "sourceAddresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "targetFqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "publicIPAddress": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        ),
        "subnet": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        ),
    }],
    location="West US 2",
    nat_rule_collections=[{
        "action": azure_native.network.AzureFirewallNatRCActionArgs(
            type="Dnat",
        ),
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all outbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["443"],
                name="DNAT-HTTPS-traffic",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_address="1.2.3.5",
                translated_port="8443",
            ),
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all inbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["80"],
                name="DNAT-HTTP-traffic-With-FQDN",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_fqdn="internalhttpserver",
                translated_port="880",
            ),
        ],
    }],
    network_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports",
                destination_addresses=["*"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic",
                protocols=["TCP"],
                source_addresses=[
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            ),
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports to amazon",
                destination_fqdns=["www.amazon.com"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic-with-FQDN",
                protocols=["TCP"],
                source_addresses=["10.2.4.12-10.2.4.255"],
            ),
        ],
    }],
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_VNet",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    zones=[
        "1",
        "2",
        "3",
    ])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: "Https",
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US 2",
    natRuleCollections: [{
        action: {
            type: "Dnat",
        },
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: ["TCP"],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_VNet",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    zones: [
        "1",
        "2",
        "3",
    ],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US 2
      natRuleCollections:
        - action:
            type: Dnat
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones:
        - '1'
        - '2'
        - '3'

Create Azure Firewall With management subnet

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = "Https",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
        {
            Name = "azureFirewallMgmtIpConfiguration",
            PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            Subnet = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "Dnat",
                },
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "Deny",
                },
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            "TCP",
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_VNet",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        Zones = new[] {},
    });

});
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String("Https"),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
				{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: {
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			ManagementIpConfiguration: network.AzureFirewallIPConfigurationResponse{
				Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
				PublicIPAddress: &network.SubResourceArgs{
					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
				},
				Subnet: &network.SubResourceArgs{
					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
				},
			},
			NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Dnat"),
					},
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
				{
					Action: {
						Type: pulumi.String("Deny"),
					},
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String("TCP"),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String("AZFW_VNet"),
				Tier: pulumi.String("Standard"),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .applicationRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "apprulecoll"),
                Map.entry("priority", 110),
                Map.entry("rules", Map.ofEntries(
                    Map.entry("description", "Deny inbound rule"),
                    Map.entry("name", "rule1"),
                    Map.entry("protocols", Map.ofEntries(
                        Map.entry("port", 443),
                        Map.entry("protocolType", "Https")
                    )),
                    Map.entry("sourceAddresses",                     
                        "216.58.216.164",
                        "10.0.0.0/24"),
                    Map.entry("targetFqdns", "www.test.com")
                ))
            ))
            .azureFirewallName("azurefirewall")
            .ipConfigurations(Map.ofEntries(
                Map.entry("name", "azureFirewallIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
            ))
            .location("West US")
            .managementIpConfiguration(Map.ofEntries(
                Map.entry("name", "azureFirewallMgmtIpConfiguration"),
                Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")),
                Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"))
            ))
            .natRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Dnat")),
                Map.entry("name", "natrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all outbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "443"),
                        Map.entry("name", "DNAT-HTTPS-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedAddress", "1.2.3.5"),
                        Map.entry("translatedPort", "8443")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "D-NAT all inbound web traffic for inspection"),
                        Map.entry("destinationAddresses", "1.2.3.4"),
                        Map.entry("destinationPorts", "80"),
                        Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "*"),
                        Map.entry("translatedFqdn", "internalhttpserver"),
                        Map.entry("translatedPort", "880")
                    ))
            ))
            .networkRuleCollections(Map.ofEntries(
                Map.entry("action", Map.of("type", "Deny")),
                Map.entry("name", "netrulecoll"),
                Map.entry("priority", 112),
                Map.entry("rules",                 
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports"),
                        Map.entry("destinationAddresses", "*"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses",                         
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                    ),
                    Map.ofEntries(
                        Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
                        Map.entry("destinationFqdns", "www.amazon.com"),
                        Map.entry("destinationPorts",                         
                            "443-444",
                            "8443"),
                        Map.entry("name", "L4-traffic-with-FQDN"),
                        Map.entry("protocols", "TCP"),
                        Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
                    ))
            ))
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_VNet"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
                port=443,
                protocol_type="Https",
            )],
            "sourceAddresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "targetFqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "publicIPAddress": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        ),
        "subnet": azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        ),
    }],
    location="West US",
    management_ip_configuration=azure_native.network.AzureFirewallIPConfigurationResponseArgs(
        name="azureFirewallMgmtIpConfiguration",
        public_ip_address=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
        ),
        subnet=azure_native.network.SubResourceArgs(
            id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
        ),
    ),
    nat_rule_collections=[{
        "action": azure_native.network.AzureFirewallNatRCActionArgs(
            type="Dnat",
        ),
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all outbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["443"],
                name="DNAT-HTTPS-traffic",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_address="1.2.3.5",
                translated_port="8443",
            ),
            azure_native.network.AzureFirewallNatRuleArgs(
                description="D-NAT all inbound web traffic for inspection",
                destination_addresses=["1.2.3.4"],
                destination_ports=["80"],
                name="DNAT-HTTP-traffic-With-FQDN",
                protocols=["TCP"],
                source_addresses=["*"],
                translated_fqdn="internalhttpserver",
                translated_port="880",
            ),
        ],
    }],
    network_rule_collections=[{
        "action": azure_native.network.AzureFirewallRCActionArgs(
            type="Deny",
        ),
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports",
                destination_addresses=["*"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic",
                protocols=["TCP"],
                source_addresses=[
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            ),
            azure_native.network.AzureFirewallNetworkRuleArgs(
                description="Block traffic based on source IPs and ports to amazon",
                destination_fqdns=["www.amazon.com"],
                destination_ports=[
                    "443-444",
                    "8443",
                ],
                name="L4-traffic-with-FQDN",
                protocols=["TCP"],
                source_addresses=["10.2.4.12-10.2.4.255"],
            ),
        ],
    }],
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_VNet",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: "Https",
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    managementIpConfiguration: {
        name: "azureFirewallMgmtIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
        },
    },
    natRuleCollections: [{
        action: {
            type: "Dnat",
        },
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: "Deny",
        },
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: ["TCP"],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: ["TCP"],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_VNet",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    zones: [],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      managementIpConfiguration:
        name: azureFirewallMgmtIpConfiguration
        publicIPAddress:
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
        subnet:
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
      natRuleCollections:
        - action:
            type: Dnat
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []

Create Azure Firewall in virtual Hub

using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        AzureFirewallName = "azurefirewall",
        FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
        {
            PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
            {
                Addresses = new[] {},
                Count = 1,
            },
        },
        Location = "West US",
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "AZFW_Hub",
            Tier = "Standard",
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = "Alert",
        VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        Zones = new[] {},
    });

});

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()        
            .azureFirewallName("azurefirewall")
            .firewallPolicy(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"))
            .hubIPAddresses(Map.of("publicIPs", Map.ofEntries(
                Map.entry("addresses", ),
                Map.entry("count", 1)
            )))
            .location("West US")
            .resourceGroupName("rg1")
            .sku(Map.ofEntries(
                Map.entry("name", "AZFW_Hub"),
                Map.entry("tier", "Standard")
            ))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .virtualHub(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"))
            .zones()
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    azure_firewall_name="azurefirewall",
    firewall_policy=azure_native.network.SubResourceArgs(
        id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
    ),
    hub_ip_addresses=azure_native.network.HubIPAddressesResponseArgs(
        public_ips={
            "addresses": [],
            "count": 1,
        },
    ),
    location="West US",
    resource_group_name="rg1",
    sku=azure_native.network.AzureFirewallSkuArgs(
        name="AZFW_Hub",
        tier="Standard",
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    virtual_hub=azure_native.network.SubResourceArgs(
        id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
    ),
    zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    azureFirewallName: "azurefirewall",
    firewallPolicy: {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
    },
    hubIPAddresses: {
        publicIPs: {
            addresses: [],
            count: 1,
        },
    },
    location: "West US",
    resourceGroupName: "rg1",
    sku: {
        name: "AZFW_Hub",
        tier: "Standard",
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    virtualHub: {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
    },
    zones: [],
});
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      azureFirewallName: azurefirewall
      firewallPolicy:
        id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
      hubIPAddresses:
        publicIPs:
          addresses: []
          count: 1
      location: West US
      resourceGroupName: rg1
      sku:
        name: AZFW_Hub
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      virtualHub:
        id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
      zones: []

Create AzureFirewall Resource

new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);
@overload
def AzureFirewall(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  additional_properties: Optional[Mapping[str, str]] = None,
                  application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
                  azure_firewall_name: Optional[str] = None,
                  firewall_policy: Optional[SubResourceArgs] = None,
                  hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
                  id: Optional[str] = None,
                  ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
                  location: Optional[str] = None,
                  management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
                  nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
                  network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
                  resource_group_name: Optional[str] = None,
                  sku: Optional[AzureFirewallSkuArgs] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                  virtual_hub: Optional[SubResourceArgs] = None,
                  zones: Optional[Sequence[str]] = None)
@overload
def AzureFirewall(resource_name: str,
                  args: AzureFirewallArgs,
                  opts: Optional[ResourceOptions] = None)
func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)
public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
public AzureFirewall(String name, AzureFirewallArgs args)
public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
type: azure-native:network:AzureFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args AzureFirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args AzureFirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args AzureFirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args AzureFirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args AzureFirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

AzureFirewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The AzureFirewall resource accepts the following input properties:

ResourceGroupName string

The name of the resource group.

AdditionalProperties Dictionary<string, string>

The additional properties used to further config this azure firewall.

ApplicationRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs>

Collection of application rule collections used by Azure Firewall.

AzureFirewallName string

The name of the Azure Firewall.

FirewallPolicy Pulumi.AzureNative.Network.Inputs.SubResourceArgs

The firewallPolicy associated with this azure firewall.

HubIPAddresses Pulumi.AzureNative.Network.Inputs.HubIPAddressesArgs

IP addresses associated with AzureFirewall.

Id string

Resource ID.

IpConfigurations List<Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs>

IP configuration of the Azure Firewall resource.

Location string

Resource location.

ManagementIpConfiguration Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall used for management traffic.

NatRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs>

Collection of NAT rule collections used by Azure Firewall.

NetworkRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs>

Collection of network rule collections used by Azure Firewall.

Sku Pulumi.AzureNative.Network.Inputs.AzureFirewallSkuArgs

The Azure Firewall Resource SKU.

Tags Dictionary<string, string>

Resource tags.

ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

VirtualHub Pulumi.AzureNative.Network.Inputs.SubResourceArgs

The virtualHub to which the firewall belongs.

Zones List<string>

A list of availability zones denoting where the resource needs to come from.

ResourceGroupName string

The name of the resource group.

AdditionalProperties map[string]string

The additional properties used to further config this azure firewall.

ApplicationRuleCollections []AzureFirewallApplicationRuleCollectionArgs

Collection of application rule collections used by Azure Firewall.

AzureFirewallName string

The name of the Azure Firewall.

FirewallPolicy SubResourceArgs

The firewallPolicy associated with this azure firewall.

HubIPAddresses HubIPAddressesArgs

IP addresses associated with AzureFirewall.

Id string

Resource ID.

IpConfigurations []AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall resource.

Location string

Resource location.

ManagementIpConfiguration AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall used for management traffic.

NatRuleCollections []AzureFirewallNatRuleCollectionArgs

Collection of NAT rule collections used by Azure Firewall.

NetworkRuleCollections []AzureFirewallNetworkRuleCollectionArgs

Collection of network rule collections used by Azure Firewall.

Sku AzureFirewallSkuArgs

The Azure Firewall Resource SKU.

Tags map[string]string

Resource tags.

ThreatIntelMode string | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

VirtualHub SubResourceArgs

The virtualHub to which the firewall belongs.

Zones []string

A list of availability zones denoting where the resource needs to come from.

resourceGroupName String

The name of the resource group.

additionalProperties Map<String,String>

The additional properties used to further config this azure firewall.

applicationRuleCollections List<AzureFirewallApplicationRuleCollectionArgs>

Collection of application rule collections used by Azure Firewall.

azureFirewallName String

The name of the Azure Firewall.

firewallPolicy SubResourceArgs

The firewallPolicy associated with this azure firewall.

hubIPAddresses HubIPAddressesArgs

IP addresses associated with AzureFirewall.

id String

Resource ID.

ipConfigurations List<AzureFirewallIPConfigurationArgs>

IP configuration of the Azure Firewall resource.

location String

Resource location.

managementIpConfiguration AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall used for management traffic.

natRuleCollections List<AzureFirewallNatRuleCollectionArgs>

Collection of NAT rule collections used by Azure Firewall.

networkRuleCollections List<AzureFirewallNetworkRuleCollectionArgs>

Collection of network rule collections used by Azure Firewall.

sku AzureFirewallSkuArgs

The Azure Firewall Resource SKU.

tags Map<String,String>

Resource tags.

threatIntelMode String | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

virtualHub SubResourceArgs

The virtualHub to which the firewall belongs.

zones List<String>

A list of availability zones denoting where the resource needs to come from.

resourceGroupName string

The name of the resource group.

additionalProperties {[key: string]: string}

The additional properties used to further config this azure firewall.

applicationRuleCollections AzureFirewallApplicationRuleCollectionArgs[]

Collection of application rule collections used by Azure Firewall.

azureFirewallName string

The name of the Azure Firewall.

firewallPolicy SubResourceArgs

The firewallPolicy associated with this azure firewall.

hubIPAddresses HubIPAddressesArgs

IP addresses associated with AzureFirewall.

id string

Resource ID.

ipConfigurations AzureFirewallIPConfigurationArgs[]

IP configuration of the Azure Firewall resource.

location string

Resource location.

managementIpConfiguration AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall used for management traffic.

natRuleCollections AzureFirewallNatRuleCollectionArgs[]

Collection of NAT rule collections used by Azure Firewall.

networkRuleCollections AzureFirewallNetworkRuleCollectionArgs[]

Collection of network rule collections used by Azure Firewall.

sku AzureFirewallSkuArgs

The Azure Firewall Resource SKU.

tags {[key: string]: string}

Resource tags.

threatIntelMode string | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

virtualHub SubResourceArgs

The virtualHub to which the firewall belongs.

zones string[]

A list of availability zones denoting where the resource needs to come from.

resource_group_name str

The name of the resource group.

additional_properties Mapping[str, str]

The additional properties used to further config this azure firewall.

application_rule_collections Sequence[AzureFirewallApplicationRuleCollectionArgs]

Collection of application rule collections used by Azure Firewall.

azure_firewall_name str

The name of the Azure Firewall.

firewall_policy SubResourceArgs

The firewallPolicy associated with this azure firewall.

hub_ip_addresses HubIPAddressesArgs

IP addresses associated with AzureFirewall.

id str

Resource ID.

ip_configurations Sequence[AzureFirewallIPConfigurationArgs]

IP configuration of the Azure Firewall resource.

location str

Resource location.

management_ip_configuration AzureFirewallIPConfigurationArgs

IP configuration of the Azure Firewall used for management traffic.

nat_rule_collections Sequence[AzureFirewallNatRuleCollectionArgs]

Collection of NAT rule collections used by Azure Firewall.

network_rule_collections Sequence[AzureFirewallNetworkRuleCollectionArgs]

Collection of network rule collections used by Azure Firewall.

sku AzureFirewallSkuArgs

The Azure Firewall Resource SKU.

tags Mapping[str, str]

Resource tags.

threat_intel_mode str | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

virtual_hub SubResourceArgs

The virtualHub to which the firewall belongs.

zones Sequence[str]

A list of availability zones denoting where the resource needs to come from.

resourceGroupName String

The name of the resource group.

additionalProperties Map<String>

The additional properties used to further config this azure firewall.

applicationRuleCollections List<Property Map>

Collection of application rule collections used by Azure Firewall.

azureFirewallName String

The name of the Azure Firewall.

firewallPolicy Property Map

The firewallPolicy associated with this azure firewall.

hubIPAddresses Property Map

IP addresses associated with AzureFirewall.

id String

Resource ID.

ipConfigurations List<Property Map>

IP configuration of the Azure Firewall resource.

location String

Resource location.

managementIpConfiguration Property Map

IP configuration of the Azure Firewall used for management traffic.

natRuleCollections List<Property Map>

Collection of NAT rule collections used by Azure Firewall.

networkRuleCollections List<Property Map>

Collection of network rule collections used by Azure Firewall.

sku Property Map

The Azure Firewall Resource SKU.

tags Map<String>

Resource tags.

threatIntelMode String | "Alert" | "Deny" | "Off"

The operation mode for Threat Intelligence.

virtualHub Property Map

The virtualHub to which the firewall belongs.

zones List<String>

A list of availability zones denoting where the resource needs to come from.

Outputs

All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:

Etag string

A unique read-only string that changes whenever the resource is updated.

Id string

The provider-assigned unique ID for this managed resource.

IpGroups List<Pulumi.AzureNative.Network.Outputs.AzureFirewallIpGroupsResponse>

IpGroups associated with AzureFirewall.

Name string

Resource name.

ProvisioningState string

The provisioning state of the Azure firewall resource.

Type string

Resource type.

Etag string

A unique read-only string that changes whenever the resource is updated.

Id string

The provider-assigned unique ID for this managed resource.

IpGroups []AzureFirewallIpGroupsResponse

IpGroups associated with AzureFirewall.

Name string

Resource name.

ProvisioningState string

The provisioning state of the Azure firewall resource.

Type string

Resource type.

etag String

A unique read-only string that changes whenever the resource is updated.

id String

The provider-assigned unique ID for this managed resource.

ipGroups List<AzureFirewallIpGroupsResponse>

IpGroups associated with AzureFirewall.

name String

Resource name.

provisioningState String

The provisioning state of the Azure firewall resource.

type String

Resource type.

etag string

A unique read-only string that changes whenever the resource is updated.

id string

The provider-assigned unique ID for this managed resource.

ipGroups AzureFirewallIpGroupsResponse[]

IpGroups associated with AzureFirewall.

name string

Resource name.

provisioningState string

The provisioning state of the Azure firewall resource.

type string

Resource type.

etag str

A unique read-only string that changes whenever the resource is updated.

id str

The provider-assigned unique ID for this managed resource.

ip_groups Sequence[AzureFirewallIpGroupsResponse]

IpGroups associated with AzureFirewall.

name str

Resource name.

provisioning_state str

The provisioning state of the Azure firewall resource.

type str

Resource type.

etag String

A unique read-only string that changes whenever the resource is updated.

id String

The provider-assigned unique ID for this managed resource.

ipGroups List<Property Map>

IpGroups associated with AzureFirewall.

name String

Resource name.

provisioningState String

The provisioning state of the Azure firewall resource.

type String

Resource type.

Supporting Types

AzureFirewallApplicationRule

Description string

Description of the rule.

FqdnTags List<string>

List of FQDN Tags for this rule.

Name string

Name of the application rule.

Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocol>

Array of ApplicationRuleProtocols.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

TargetFqdns List<string>

List of FQDNs for this rule.

Description string

Description of the rule.

FqdnTags []string

List of FQDN Tags for this rule.

Name string

Name of the application rule.

Protocols []AzureFirewallApplicationRuleProtocol

Array of ApplicationRuleProtocols.

SourceAddresses []string

List of source IP addresses for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

TargetFqdns []string

List of FQDNs for this rule.

description String

Description of the rule.

fqdnTags List<String>

List of FQDN Tags for this rule.

name String

Name of the application rule.

protocols List<AzureFirewallApplicationRuleProtocol>

Array of ApplicationRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

targetFqdns List<String>

List of FQDNs for this rule.

description string

Description of the rule.

fqdnTags string[]

List of FQDN Tags for this rule.

name string

Name of the application rule.

protocols AzureFirewallApplicationRuleProtocol[]

Array of ApplicationRuleProtocols.

sourceAddresses string[]

List of source IP addresses for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

targetFqdns string[]

List of FQDNs for this rule.

description str

Description of the rule.

fqdn_tags Sequence[str]

List of FQDN Tags for this rule.

name str

Name of the application rule.

protocols Sequence[AzureFirewallApplicationRuleProtocol]

Array of ApplicationRuleProtocols.

source_addresses Sequence[str]

List of source IP addresses for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

target_fqdns Sequence[str]

List of FQDNs for this rule.

description String

Description of the rule.

fqdnTags List<String>

List of FQDN Tags for this rule.

name String

Name of the application rule.

protocols List<Property Map>

Array of ApplicationRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

targetFqdns List<String>

List of FQDNs for this rule.

AzureFirewallApplicationRuleCollection

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the application rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRule>

Collection of rules used by a application rule collection.

Action AzureFirewallRCAction

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the application rule collection resource.

Rules []AzureFirewallApplicationRule

Collection of rules used by a application rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the application rule collection resource.

rules List<AzureFirewallApplicationRule>

Collection of rules used by a application rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the application rule collection resource.

rules AzureFirewallApplicationRule[]

Collection of rules used by a application rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the application rule collection resource.

rules Sequence[AzureFirewallApplicationRule]

Collection of rules used by a application rule collection.

action Property Map

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the application rule collection resource.

rules List<Property Map>

Collection of rules used by a application rule collection.

AzureFirewallApplicationRuleCollectionResponse

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the application rule collection resource.

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the application rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleResponse>

Collection of rules used by a application rule collection.

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the application rule collection resource.

Action AzureFirewallRCActionResponse

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the application rule collection resource.

Rules []AzureFirewallApplicationRuleResponse

Collection of rules used by a application rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the application rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the application rule collection resource.

rules List<AzureFirewallApplicationRuleResponse>

Collection of rules used by a application rule collection.

etag string

A unique read-only string that changes whenever the resource is updated.

provisioningState string

The provisioning state of the application rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the application rule collection resource.

rules AzureFirewallApplicationRuleResponse[]

Collection of rules used by a application rule collection.

etag str

A unique read-only string that changes whenever the resource is updated.

provisioning_state str

The provisioning state of the application rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the application rule collection resource.

rules Sequence[AzureFirewallApplicationRuleResponse]

Collection of rules used by a application rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the application rule collection resource.

action Property Map

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the application rule collection resource.

rules List<Property Map>

Collection of rules used by a application rule collection.

AzureFirewallApplicationRuleProtocol

Port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

ProtocolType string | Pulumi.AzureNative.Network.AzureFirewallApplicationRuleProtocolType

Protocol type.

Port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

ProtocolType string | AzureFirewallApplicationRuleProtocolType

Protocol type.

port Integer

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType String | AzureFirewallApplicationRuleProtocolType

Protocol type.

port number

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType string | AzureFirewallApplicationRuleProtocolType

Protocol type.

port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocol_type str | AzureFirewallApplicationRuleProtocolType

Protocol type.

port Number

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType String | "Http" | "Https" | "Mssql"

Protocol type.

AzureFirewallApplicationRuleProtocolResponse

Port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

ProtocolType string

Protocol type.

Port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

ProtocolType string

Protocol type.

port Integer

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType String

Protocol type.

port number

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType string

Protocol type.

port int

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocol_type str

Protocol type.

port Number

Port number for the protocol, cannot be greater than 64000. This field is optional.

protocolType String

Protocol type.

AzureFirewallApplicationRuleProtocolType

Http
Http
Https
Https
Mssql
Mssql
AzureFirewallApplicationRuleProtocolTypeHttp
Http
AzureFirewallApplicationRuleProtocolTypeHttps
Https
AzureFirewallApplicationRuleProtocolTypeMssql
Mssql
Http
Http
Https
Https
Mssql
Mssql
Http
Http
Https
Https
Mssql
Mssql
HTTP
Http
HTTPS
Https
MSSQL
Mssql
"Http"
Http
"Https"
Https
"Mssql"
Mssql

AzureFirewallApplicationRuleResponse

Description string

Description of the rule.

FqdnTags List<string>

List of FQDN Tags for this rule.

Name string

Name of the application rule.

Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolResponse>

Array of ApplicationRuleProtocols.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

TargetFqdns List<string>

List of FQDNs for this rule.

Description string

Description of the rule.

FqdnTags []string

List of FQDN Tags for this rule.

Name string

Name of the application rule.

Protocols []AzureFirewallApplicationRuleProtocolResponse

Array of ApplicationRuleProtocols.

SourceAddresses []string

List of source IP addresses for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

TargetFqdns []string

List of FQDNs for this rule.

description String

Description of the rule.

fqdnTags List<String>

List of FQDN Tags for this rule.

name String

Name of the application rule.

protocols List<AzureFirewallApplicationRuleProtocolResponse>

Array of ApplicationRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

targetFqdns List<String>

List of FQDNs for this rule.

description string

Description of the rule.

fqdnTags string[]

List of FQDN Tags for this rule.

name string

Name of the application rule.

protocols AzureFirewallApplicationRuleProtocolResponse[]

Array of ApplicationRuleProtocols.

sourceAddresses string[]

List of source IP addresses for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

targetFqdns string[]

List of FQDNs for this rule.

description str

Description of the rule.

fqdn_tags Sequence[str]

List of FQDN Tags for this rule.

name str

Name of the application rule.

protocols Sequence[AzureFirewallApplicationRuleProtocolResponse]

Array of ApplicationRuleProtocols.

source_addresses Sequence[str]

List of source IP addresses for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

target_fqdns Sequence[str]

List of FQDNs for this rule.

description String

Description of the rule.

fqdnTags List<String>

List of FQDN Tags for this rule.

name String

Name of the application rule.

protocols List<Property Map>

Array of ApplicationRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

targetFqdns List<String>

List of FQDNs for this rule.

AzureFirewallIPConfiguration

Id string

Resource ID.

Name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResource

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

Subnet Pulumi.AzureNative.Network.Inputs.SubResource

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

Id string

Resource ID.

Name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

PublicIPAddress SubResource

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

Subnet SubResource

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

id String

Resource ID.

name String

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress SubResource

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResource

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

id string

Resource ID.

name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress SubResource

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResource

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

id str

Resource ID.

name str

Name of the resource that is unique within a resource group. This name can be used to access the resource.

public_ip_address SubResource

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResource

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

id String

Resource ID.

name String

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress Property Map

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet Property Map

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

AzureFirewallIPConfigurationResponse

Etag string

A unique read-only string that changes whenever the resource is updated.

PrivateIPAddress string

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

ProvisioningState string

The provisioning state of the Azure firewall IP configuration resource.

Type string

Type of the resource.

Id string

Resource ID.

Name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

PublicIPAddress Pulumi.AzureNative.Network.Inputs.SubResourceResponse

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

Subnet Pulumi.AzureNative.Network.Inputs.SubResourceResponse

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

Etag string

A unique read-only string that changes whenever the resource is updated.

PrivateIPAddress string

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

ProvisioningState string

The provisioning state of the Azure firewall IP configuration resource.

Type string

Type of the resource.

Id string

Resource ID.

Name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

PublicIPAddress SubResourceResponse

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

Subnet SubResourceResponse

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

etag String

A unique read-only string that changes whenever the resource is updated.

privateIPAddress String

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

provisioningState String

The provisioning state of the Azure firewall IP configuration resource.

type String

Type of the resource.

id String

Resource ID.

name String

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress SubResourceResponse

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResourceResponse

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

etag string

A unique read-only string that changes whenever the resource is updated.

privateIPAddress string

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

provisioningState string

The provisioning state of the Azure firewall IP configuration resource.

type string

Type of the resource.

id string

Resource ID.

name string

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress SubResourceResponse

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResourceResponse

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

etag str

A unique read-only string that changes whenever the resource is updated.

private_ip_address str

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

provisioning_state str

The provisioning state of the Azure firewall IP configuration resource.

type str

Type of the resource.

id str

Resource ID.

name str

Name of the resource that is unique within a resource group. This name can be used to access the resource.

public_ip_address SubResourceResponse

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet SubResourceResponse

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

etag String

A unique read-only string that changes whenever the resource is updated.

privateIPAddress String

The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.

provisioningState String

The provisioning state of the Azure firewall IP configuration resource.

type String

Type of the resource.

id String

Resource ID.

name String

Name of the resource that is unique within a resource group. This name can be used to access the resource.

publicIPAddress Property Map

Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.

subnet Property Map

Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.

AzureFirewallIpGroupsResponse

ChangeNumber string

The iteration number.

Id string

Resource ID.

ChangeNumber string

The iteration number.

Id string

Resource ID.

changeNumber String

The iteration number.

id String

Resource ID.

changeNumber string

The iteration number.

id string

Resource ID.

change_number str

The iteration number.

id str

Resource ID.

changeNumber String

The iteration number.

id String

Resource ID.

AzureFirewallNatRCAction

Type string | AzureFirewallNatRCActionType

The type of action.

type String | AzureFirewallNatRCActionType

The type of action.

type string | AzureFirewallNatRCActionType

The type of action.

type str | AzureFirewallNatRCActionType

The type of action.

type String | "Snat" | "Dnat"

The type of action.

AzureFirewallNatRCActionResponse

Type string

The type of action.

Type string

The type of action.

type String

The type of action.

type string

The type of action.

type str

The type of action.

type String

The type of action.

AzureFirewallNatRCActionType

Snat
Snat
Dnat
Dnat
AzureFirewallNatRCActionTypeSnat
Snat
AzureFirewallNatRCActionTypeDnat
Dnat
Snat
Snat
Dnat
Dnat
Snat
Snat
Dnat
Dnat
SNAT
Snat
DNAT
Dnat
"Snat"
Snat
"Dnat"
Dnat

AzureFirewallNatRule

Description string

Description of the rule.

DestinationAddresses List<string>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

DestinationPorts List<string>

List of destination ports.

Name string

Name of the NAT rule.

Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

TranslatedAddress string

The translated address for this NAT rule.

TranslatedFqdn string

The translated FQDN for this NAT rule.

TranslatedPort string

The translated port for this NAT rule.

Description string

Description of the rule.

DestinationAddresses []string

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

DestinationPorts []string

List of destination ports.

Name string

Name of the NAT rule.

Protocols []string

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

SourceAddresses []string

List of source IP addresses for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

TranslatedAddress string

The translated address for this NAT rule.

TranslatedFqdn string

The translated FQDN for this NAT rule.

TranslatedPort string

The translated port for this NAT rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts List<String>

List of destination ports.

name String

Name of the NAT rule.

protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

translatedAddress String

The translated address for this NAT rule.

translatedFqdn String

The translated FQDN for this NAT rule.

translatedPort String

The translated port for this NAT rule.

description string

Description of the rule.

destinationAddresses string[]

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts string[]

List of destination ports.

name string

Name of the NAT rule.

protocols (string | AzureFirewallNetworkRuleProtocol)[]

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses string[]

List of source IP addresses for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

translatedAddress string

The translated address for this NAT rule.

translatedFqdn string

The translated FQDN for this NAT rule.

translatedPort string

The translated port for this NAT rule.

description str

Description of the rule.

destination_addresses Sequence[str]

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destination_ports Sequence[str]

List of destination ports.

name str

Name of the NAT rule.

protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

source_addresses Sequence[str]

List of source IP addresses for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

translated_address str

The translated address for this NAT rule.

translated_fqdn str

The translated FQDN for this NAT rule.

translated_port str

The translated port for this NAT rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts List<String>

List of destination ports.

name String

Name of the NAT rule.

protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

translatedAddress String

The translated address for this NAT rule.

translatedFqdn String

The translated FQDN for this NAT rule.

translatedPort String

The translated port for this NAT rule.

AzureFirewallNatRuleCollection

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCAction

The action type of a NAT rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the NAT rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRule>

Collection of rules used by a NAT rule collection.

Action AzureFirewallNatRCAction

The action type of a NAT rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the NAT rule collection resource.

Rules []AzureFirewallNatRule

Collection of rules used by a NAT rule collection.

action AzureFirewallNatRCAction

The action type of a NAT rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the NAT rule collection resource.

rules List<AzureFirewallNatRule>

Collection of rules used by a NAT rule collection.

action AzureFirewallNatRCAction

The action type of a NAT rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the NAT rule collection resource.

rules AzureFirewallNatRule[]

Collection of rules used by a NAT rule collection.

action AzureFirewallNatRCAction

The action type of a NAT rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the NAT rule collection resource.

rules Sequence[AzureFirewallNatRule]

Collection of rules used by a NAT rule collection.

action Property Map

The action type of a NAT rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the NAT rule collection resource.

rules List<Property Map>

Collection of rules used by a NAT rule collection.

AzureFirewallNatRuleCollectionResponse

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the NAT rule collection resource.

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRCActionResponse

The action type of a NAT rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the NAT rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleResponse>

Collection of rules used by a NAT rule collection.

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the NAT rule collection resource.

Action AzureFirewallNatRCActionResponse

The action type of a NAT rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the NAT rule collection resource.

Rules []AzureFirewallNatRuleResponse

Collection of rules used by a NAT rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the NAT rule collection resource.

action AzureFirewallNatRCActionResponse

The action type of a NAT rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the NAT rule collection resource.

rules List<AzureFirewallNatRuleResponse>

Collection of rules used by a NAT rule collection.

etag string

A unique read-only string that changes whenever the resource is updated.

provisioningState string

The provisioning state of the NAT rule collection resource.

action AzureFirewallNatRCActionResponse

The action type of a NAT rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the NAT rule collection resource.

rules AzureFirewallNatRuleResponse[]

Collection of rules used by a NAT rule collection.

etag str

A unique read-only string that changes whenever the resource is updated.

provisioning_state str

The provisioning state of the NAT rule collection resource.

action AzureFirewallNatRCActionResponse

The action type of a NAT rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the NAT rule collection resource.

rules Sequence[AzureFirewallNatRuleResponse]

Collection of rules used by a NAT rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the NAT rule collection resource.

action Property Map

The action type of a NAT rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the NAT rule collection resource.

rules List<Property Map>

Collection of rules used by a NAT rule collection.

AzureFirewallNatRuleResponse

Description string

Description of the rule.

DestinationAddresses List<string>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

DestinationPorts List<string>

List of destination ports.

Name string

Name of the NAT rule.

Protocols List<string>

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

TranslatedAddress string

The translated address for this NAT rule.

TranslatedFqdn string

The translated FQDN for this NAT rule.

TranslatedPort string

The translated port for this NAT rule.

Description string

Description of the rule.

DestinationAddresses []string

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

DestinationPorts []string

List of destination ports.

Name string

Name of the NAT rule.

Protocols []string

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

SourceAddresses []string

List of source IP addresses for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

TranslatedAddress string

The translated address for this NAT rule.

TranslatedFqdn string

The translated FQDN for this NAT rule.

TranslatedPort string

The translated port for this NAT rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts List<String>

List of destination ports.

name String

Name of the NAT rule.

protocols List<String>

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

translatedAddress String

The translated address for this NAT rule.

translatedFqdn String

The translated FQDN for this NAT rule.

translatedPort String

The translated port for this NAT rule.

description string

Description of the rule.

destinationAddresses string[]

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts string[]

List of destination ports.

name string

Name of the NAT rule.

protocols string[]

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses string[]

List of source IP addresses for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

translatedAddress string

The translated address for this NAT rule.

translatedFqdn string

The translated FQDN for this NAT rule.

translatedPort string

The translated port for this NAT rule.

description str

Description of the rule.

destination_addresses Sequence[str]

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destination_ports Sequence[str]

List of destination ports.

name str

Name of the NAT rule.

protocols Sequence[str]

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

source_addresses Sequence[str]

List of source IP addresses for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

translated_address str

The translated address for this NAT rule.

translated_fqdn str

The translated FQDN for this NAT rule.

translated_port str

The translated port for this NAT rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.

destinationPorts List<String>

List of destination ports.

name String

Name of the NAT rule.

protocols List<String>

Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

translatedAddress String

The translated address for this NAT rule.

translatedFqdn String

The translated FQDN for this NAT rule.

translatedPort String

The translated port for this NAT rule.

AzureFirewallNetworkRule

Description string

Description of the rule.

DestinationAddresses List<string>

List of destination IP addresses.

DestinationFqdns List<string>

List of destination FQDNs.

DestinationIpGroups List<string>

List of destination IpGroups for this rule.

DestinationPorts List<string>

List of destination ports.

Name string

Name of the network rule.

Protocols List<Union<string, Pulumi.AzureNative.Network.AzureFirewallNetworkRuleProtocol>>

Array of AzureFirewallNetworkRuleProtocols.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

Description string

Description of the rule.

DestinationAddresses []string

List of destination IP addresses.

DestinationFqdns []string

List of destination FQDNs.

DestinationIpGroups []string

List of destination IpGroups for this rule.

DestinationPorts []string

List of destination ports.

Name string

Name of the network rule.

Protocols []string

Array of AzureFirewallNetworkRuleProtocols.

SourceAddresses []string

List of source IP addresses for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses.

destinationFqdns List<String>

List of destination FQDNs.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports.

name String

Name of the network rule.

protocols List<Either<String,AzureFirewallNetworkRuleProtocol>>

Array of AzureFirewallNetworkRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

description string

Description of the rule.

destinationAddresses string[]

List of destination IP addresses.

destinationFqdns string[]

List of destination FQDNs.

destinationIpGroups string[]

List of destination IpGroups for this rule.

destinationPorts string[]

List of destination ports.

name string

Name of the network rule.

protocols (string | AzureFirewallNetworkRuleProtocol)[]

Array of AzureFirewallNetworkRuleProtocols.

sourceAddresses string[]

List of source IP addresses for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

description str

Description of the rule.

destination_addresses Sequence[str]

List of destination IP addresses.

destination_fqdns Sequence[str]

List of destination FQDNs.

destination_ip_groups Sequence[str]

List of destination IpGroups for this rule.

destination_ports Sequence[str]

List of destination ports.

name str

Name of the network rule.

protocols Sequence[Union[str, AzureFirewallNetworkRuleProtocol]]

Array of AzureFirewallNetworkRuleProtocols.

source_addresses Sequence[str]

List of source IP addresses for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

description String

Description of the rule.

destinationAddresses List<String>

List of destination IP addresses.

destinationFqdns List<String>

List of destination FQDNs.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports.

name String

Name of the network rule.

protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">

Array of AzureFirewallNetworkRuleProtocols.

sourceAddresses List<String>

List of source IP addresses for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

AzureFirewallNetworkRuleCollection

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the network rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRule>

Collection of rules used by a network rule collection.

Action AzureFirewallRCAction

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the network rule collection resource.

Rules []AzureFirewallNetworkRule

Collection of rules used by a network rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the network rule collection resource.

rules List<AzureFirewallNetworkRule>

Collection of rules used by a network rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the network rule collection resource.

rules AzureFirewallNetworkRule[]

Collection of rules used by a network rule collection.

action AzureFirewallRCAction

The action type of a rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the network rule collection resource.

rules Sequence[AzureFirewallNetworkRule]

Collection of rules used by a network rule collection.

action Property Map

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the network rule collection resource.

rules List<Property Map>

Collection of rules used by a network rule collection.

AzureFirewallNetworkRuleCollectionResponse

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the network rule collection resource.

Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the network rule collection resource.

Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleResponse>

Collection of rules used by a network rule collection.

Etag string

A unique read-only string that changes whenever the resource is updated.

ProvisioningState string

The provisioning state of the network rule collection resource.

Action AzureFirewallRCActionResponse

The action type of a rule collection.

Id string

Resource ID.

Name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

Priority int

Priority of the network rule collection resource.

Rules []AzureFirewallNetworkRuleResponse

Collection of rules used by a network rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the network rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Integer

Priority of the network rule collection resource.

rules List<AzureFirewallNetworkRuleResponse>

Collection of rules used by a network rule collection.

etag string

A unique read-only string that changes whenever the resource is updated.

provisioningState string

The provisioning state of the network rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id string

Resource ID.

name string

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority number

Priority of the network rule collection resource.

rules AzureFirewallNetworkRuleResponse[]

Collection of rules used by a network rule collection.

etag str

A unique read-only string that changes whenever the resource is updated.

provisioning_state str

The provisioning state of the network rule collection resource.

action AzureFirewallRCActionResponse

The action type of a rule collection.

id str

Resource ID.

name str

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority int

Priority of the network rule collection resource.

rules Sequence[AzureFirewallNetworkRuleResponse]

Collection of rules used by a network rule collection.

etag String

A unique read-only string that changes whenever the resource is updated.

provisioningState String

The provisioning state of the network rule collection resource.

action Property Map

The action type of a rule collection.

id String

Resource ID.

name String

The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.

priority Number

Priority of the network rule collection resource.

rules List<Property Map>

Collection of rules used by a network rule collection.

AzureFirewallNetworkRuleProtocol

TCP
TCP
UDP
UDP
Any
Any
ICMP
ICMP
AzureFirewallNetworkRuleProtocolTCP
TCP
AzureFirewallNetworkRuleProtocolUDP
UDP
AzureFirewallNetworkRuleProtocolAny
Any
AzureFirewallNetworkRuleProtocolICMP
ICMP
TCP
TCP
UDP
UDP
Any
Any
ICMP
ICMP
TCP
TCP
UDP
UDP
Any
Any
ICMP
ICMP
TCP
TCP
UDP
UDP
ANY
Any
ICMP
ICMP
"TCP"
TCP
"UDP"
UDP
"Any"
Any
"ICMP"
ICMP

AzureFirewallNetworkRuleResponse

Description string

Description of the rule.

DestinationAddresses List<string>

List of destination IP addresses.

DestinationFqdns List<string>

List of destination FQDNs.

DestinationIpGroups List<string>

List of destination IpGroups for this rule.

DestinationPorts List<string>

List of destination ports.

Name string

Name of the network rule.

Protocols List<string>

Array of AzureFirewallNetworkRuleProtocols.

SourceAddresses List<string>

List of source IP addresses for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

Description string

Description of the rule.