azure-native.network.AzureFirewall
Azure Firewall resource. API Version: 2020-11-01.
Example Usage
Create Azure Firewall
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = "Https",
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "Dnat",
},
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_VNet",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
{
Port: pulumi.Int(443),
ProtocolType: pulumi.String("Https"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Dnat"),
},
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("AZFW_VNet"),
Tier: pulumi.String("Standard"),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "apprulecoll"),
Map.entry("priority", 110),
Map.entry("rules", Map.ofEntries(
Map.entry("description", "Deny inbound rule"),
Map.entry("name", "rule1"),
Map.entry("protocols", Map.ofEntries(
Map.entry("port", 443),
Map.entry("protocolType", "Https")
)),
Map.entry("sourceAddresses",
"216.58.216.164",
"10.0.0.0/24"),
Map.entry("targetFqdns", "www.test.com")
))
))
.azureFirewallName("azurefirewall")
.ipConfigurations(Map.ofEntries(
Map.entry("name", "azureFirewallIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
))
.location("West US")
.natRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Dnat")),
Map.entry("name", "natrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "D-NAT all outbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "443"),
Map.entry("name", "DNAT-HTTPS-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedAddress", "1.2.3.5"),
Map.entry("translatedPort", "8443")
),
Map.ofEntries(
Map.entry("description", "D-NAT all inbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "80"),
Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedFqdn", "internalhttpserver"),
Map.entry("translatedPort", "880")
))
))
.networkRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "netrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports"),
Map.entry("destinationAddresses", "*"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses",
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
),
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
Map.entry("destinationFqdns", "www.amazon.com"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic-with-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
))
))
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_VNet"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"targetFqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"publicIPAddress": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
"subnet": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
}],
location="West US",
nat_rule_collections=[{
"action": azure_native.network.AzureFirewallNatRCActionArgs(
type="Dnat",
),
"name": "natrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
}],
network_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "netrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
}],
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: "Deny",
},
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: "Https",
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: "Dnat",
},
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: "Deny",
},
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: ["TCP"],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: ["TCP"],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: "AZFW_VNet",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With Additional Properties
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
AdditionalProperties =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = "Https",
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "Dnat",
},
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_VNet",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
AdditionalProperties: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
{
Port: pulumi.Int(443),
ProtocolType: pulumi.String("Https"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Dnat"),
},
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("AZFW_VNet"),
Tier: pulumi.String("Standard"),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.additionalProperties(Map.ofEntries(
Map.entry("key1", "value1"),
Map.entry("key2", "value2")
))
.applicationRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "apprulecoll"),
Map.entry("priority", 110),
Map.entry("rules", Map.ofEntries(
Map.entry("description", "Deny inbound rule"),
Map.entry("name", "rule1"),
Map.entry("protocols", Map.ofEntries(
Map.entry("port", 443),
Map.entry("protocolType", "Https")
)),
Map.entry("sourceAddresses",
"216.58.216.164",
"10.0.0.0/24"),
Map.entry("targetFqdns", "www.test.com")
))
))
.azureFirewallName("azurefirewall")
.ipConfigurations(Map.ofEntries(
Map.entry("name", "azureFirewallIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
))
.location("West US")
.natRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Dnat")),
Map.entry("name", "natrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "D-NAT all outbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "443"),
Map.entry("name", "DNAT-HTTPS-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedAddress", "1.2.3.5"),
Map.entry("translatedPort", "8443")
),
Map.ofEntries(
Map.entry("description", "D-NAT all inbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "80"),
Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedFqdn", "internalhttpserver"),
Map.entry("translatedPort", "880")
))
))
.networkRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "netrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports"),
Map.entry("destinationAddresses", "*"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses",
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
),
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
Map.entry("destinationFqdns", "www.amazon.com"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic-with-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
))
))
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_VNet"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
additional_properties={
"key1": "value1",
"key2": "value2",
},
application_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"targetFqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"publicIPAddress": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
"subnet": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
}],
location="West US",
nat_rule_collections=[{
"action": azure_native.network.AzureFirewallNatRCActionArgs(
type="Dnat",
),
"name": "natrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
}],
network_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "netrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
}],
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
additionalProperties: {
key1: "value1",
key2: "value2",
},
applicationRuleCollections: [{
action: {
type: "Deny",
},
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: "Https",
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: "Dnat",
},
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: "Deny",
},
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: ["TCP"],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: ["TCP"],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: "AZFW_VNet",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
additionalProperties:
key1: value1
key2: value2
applicationRuleCollections:
- action:
type: Deny
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With IpGroups
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = "Https",
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "Dnat",
},
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_VNet",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
{
Port: pulumi.Int(443),
ProtocolType: pulumi.String("Https"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Dnat"),
},
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("AZFW_VNet"),
Tier: pulumi.String("Standard"),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "apprulecoll"),
Map.entry("priority", 110),
Map.entry("rules", Map.ofEntries(
Map.entry("description", "Deny inbound rule"),
Map.entry("name", "rule1"),
Map.entry("protocols", Map.ofEntries(
Map.entry("port", 443),
Map.entry("protocolType", "Https")
)),
Map.entry("sourceAddresses",
"216.58.216.164",
"10.0.0.0/24"),
Map.entry("targetFqdns", "www.test.com")
))
))
.azureFirewallName("azurefirewall")
.ipConfigurations(Map.ofEntries(
Map.entry("name", "azureFirewallIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
))
.location("West US")
.natRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Dnat")),
Map.entry("name", "natrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "D-NAT all outbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "443"),
Map.entry("name", "DNAT-HTTPS-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedAddress", "1.2.3.5"),
Map.entry("translatedPort", "8443")
),
Map.ofEntries(
Map.entry("description", "D-NAT all inbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "80"),
Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedFqdn", "internalhttpserver"),
Map.entry("translatedPort", "880")
))
))
.networkRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "netrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports"),
Map.entry("destinationAddresses", "*"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses",
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
),
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
Map.entry("destinationFqdns", "www.amazon.com"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic-with-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
))
))
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_VNet"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"targetFqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"publicIPAddress": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
"subnet": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
}],
location="West US",
nat_rule_collections=[{
"action": azure_native.network.AzureFirewallNatRCActionArgs(
type="Dnat",
),
"name": "natrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
}],
network_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "netrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
}],
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: "Deny",
},
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: "Https",
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: "Dnat",
},
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: "Deny",
},
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: ["TCP"],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: ["TCP"],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: "AZFW_VNet",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With Zones
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = "Https",
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US 2",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "Dnat",
},
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_VNet",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
Zones = new[]
{
"1",
"2",
"3",
},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
{
Port: pulumi.Int(443),
ProtocolType: pulumi.String("Https"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US 2"),
NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Dnat"),
},
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("AZFW_VNet"),
Tier: pulumi.String("Standard"),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
Zones: pulumi.StringArray{
pulumi.String("1"),
pulumi.String("2"),
pulumi.String("3"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "apprulecoll"),
Map.entry("priority", 110),
Map.entry("rules", Map.ofEntries(
Map.entry("description", "Deny inbound rule"),
Map.entry("name", "rule1"),
Map.entry("protocols", Map.ofEntries(
Map.entry("port", 443),
Map.entry("protocolType", "Https")
)),
Map.entry("sourceAddresses",
"216.58.216.164",
"10.0.0.0/24"),
Map.entry("targetFqdns", "www.test.com")
))
))
.azureFirewallName("azurefirewall")
.ipConfigurations(Map.ofEntries(
Map.entry("name", "azureFirewallIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
))
.location("West US 2")
.natRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Dnat")),
Map.entry("name", "natrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "D-NAT all outbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "443"),
Map.entry("name", "DNAT-HTTPS-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedAddress", "1.2.3.5"),
Map.entry("translatedPort", "8443")
),
Map.ofEntries(
Map.entry("description", "D-NAT all inbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "80"),
Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedFqdn", "internalhttpserver"),
Map.entry("translatedPort", "880")
))
))
.networkRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "netrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports"),
Map.entry("destinationAddresses", "*"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses",
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
),
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
Map.entry("destinationFqdns", "www.amazon.com"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic-with-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
))
))
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_VNet"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones(
"1",
"2",
"3")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"targetFqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"publicIPAddress": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
"subnet": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
}],
location="West US 2",
nat_rule_collections=[{
"action": azure_native.network.AzureFirewallNatRCActionArgs(
type="Dnat",
),
"name": "natrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
}],
network_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "netrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
}],
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[
"1",
"2",
"3",
])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: "Deny",
},
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: "Https",
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US 2",
natRuleCollections: [{
action: {
type: "Dnat",
},
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: "Deny",
},
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: ["TCP"],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: ["TCP"],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: "AZFW_VNet",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
zones: [
"1",
"2",
"3",
],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US 2
natRuleCollections:
- action:
type: Dnat
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones:
- '1'
- '2'
- '3'
Create Azure Firewall With management subnet
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = "Https",
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallMgmtIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
},
},
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "Dnat",
},
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "Deny",
},
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
"TCP",
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_VNet",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: []network.AzureFirewallApplicationRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
{
Port: pulumi.Int(443),
ProtocolType: pulumi.String("Https"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: []network.AzureFirewallIPConfigurationArgs{
{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: {
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
ManagementIpConfiguration: network.AzureFirewallIPConfigurationResponse{
Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
},
},
NatRuleCollections: []network.AzureFirewallNatRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Dnat"),
},
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: []network.AzureFirewallNetworkRuleCollectionArgs{
{
Action: {
Type: pulumi.String("Deny"),
},
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String("TCP"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("AZFW_VNet"),
Tier: pulumi.String("Standard"),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "apprulecoll"),
Map.entry("priority", 110),
Map.entry("rules", Map.ofEntries(
Map.entry("description", "Deny inbound rule"),
Map.entry("name", "rule1"),
Map.entry("protocols", Map.ofEntries(
Map.entry("port", 443),
Map.entry("protocolType", "Https")
)),
Map.entry("sourceAddresses",
"216.58.216.164",
"10.0.0.0/24"),
Map.entry("targetFqdns", "www.test.com")
))
))
.azureFirewallName("azurefirewall")
.ipConfigurations(Map.ofEntries(
Map.entry("name", "azureFirewallIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"))
))
.location("West US")
.managementIpConfiguration(Map.ofEntries(
Map.entry("name", "azureFirewallMgmtIpConfiguration"),
Map.entry("publicIPAddress", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")),
Map.entry("subnet", Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"))
))
.natRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Dnat")),
Map.entry("name", "natrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "D-NAT all outbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "443"),
Map.entry("name", "DNAT-HTTPS-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedAddress", "1.2.3.5"),
Map.entry("translatedPort", "8443")
),
Map.ofEntries(
Map.entry("description", "D-NAT all inbound web traffic for inspection"),
Map.entry("destinationAddresses", "1.2.3.4"),
Map.entry("destinationPorts", "80"),
Map.entry("name", "DNAT-HTTP-traffic-With-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "*"),
Map.entry("translatedFqdn", "internalhttpserver"),
Map.entry("translatedPort", "880")
))
))
.networkRuleCollections(Map.ofEntries(
Map.entry("action", Map.of("type", "Deny")),
Map.entry("name", "netrulecoll"),
Map.entry("priority", 112),
Map.entry("rules",
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports"),
Map.entry("destinationAddresses", "*"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses",
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
),
Map.ofEntries(
Map.entry("description", "Block traffic based on source IPs and ports to amazon"),
Map.entry("destinationFqdns", "www.amazon.com"),
Map.entry("destinationPorts",
"443-444",
"8443"),
Map.entry("name", "L4-traffic-with-FQDN"),
Map.entry("protocols", "TCP"),
Map.entry("sourceAddresses", "10.2.4.12-10.2.4.255")
))
))
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_VNet"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [azure_native.network.AzureFirewallApplicationRuleProtocolArgs(
port=443,
protocol_type="Https",
)],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"targetFqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"publicIPAddress": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
),
"subnet": azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
),
}],
location="West US",
management_ip_configuration=azure_native.network.AzureFirewallIPConfigurationResponseArgs(
name="azureFirewallMgmtIpConfiguration",
public_ip_address=azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
),
subnet=azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
),
),
nat_rule_collections=[{
"action": azure_native.network.AzureFirewallNatRCActionArgs(
type="Dnat",
),
"name": "natrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all outbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["443"],
name="DNAT-HTTPS-traffic",
protocols=["TCP"],
source_addresses=["*"],
translated_address="1.2.3.5",
translated_port="8443",
),
azure_native.network.AzureFirewallNatRuleArgs(
description="D-NAT all inbound web traffic for inspection",
destination_addresses=["1.2.3.4"],
destination_ports=["80"],
name="DNAT-HTTP-traffic-With-FQDN",
protocols=["TCP"],
source_addresses=["*"],
translated_fqdn="internalhttpserver",
translated_port="880",
),
],
}],
network_rule_collections=[{
"action": azure_native.network.AzureFirewallRCActionArgs(
type="Deny",
),
"name": "netrulecoll",
"priority": 112,
"rules": [
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports",
destination_addresses=["*"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic",
protocols=["TCP"],
source_addresses=[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
),
azure_native.network.AzureFirewallNetworkRuleArgs(
description="Block traffic based on source IPs and ports to amazon",
destination_fqdns=["www.amazon.com"],
destination_ports=[
"443-444",
"8443",
],
name="L4-traffic-with-FQDN",
protocols=["TCP"],
source_addresses=["10.2.4.12-10.2.4.255"],
),
],
}],
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_VNet",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: "Deny",
},
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: "Https",
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
managementIpConfiguration: {
name: "azureFirewallMgmtIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
},
},
natRuleCollections: [{
action: {
type: "Dnat",
},
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: ["TCP"],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: "Deny",
},
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: ["TCP"],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: ["TCP"],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: "AZFW_VNet",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
managementIpConfiguration:
name: azureFirewallMgmtIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
natRuleCollections:
- action:
type: Dnat
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall in virtual Hub
using System.Collections.Generic;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
AzureFirewallName = "azurefirewall",
FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
},
HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
{
PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
{
Addresses = new[] {},
Count = 1,
},
},
Location = "West US",
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "AZFW_Hub",
Tier = "Standard",
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
},
Zones = new[] {},
});
});
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.azureFirewallName("azurefirewall")
.firewallPolicy(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"))
.hubIPAddresses(Map.of("publicIPs", Map.ofEntries(
Map.entry("addresses", ),
Map.entry("count", 1)
)))
.location("West US")
.resourceGroupName("rg1")
.sku(Map.ofEntries(
Map.entry("name", "AZFW_Hub"),
Map.entry("tier", "Standard")
))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.virtualHub(Map.of("id", "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"))
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
azure_firewall_name="azurefirewall",
firewall_policy=azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
),
hub_ip_addresses=azure_native.network.HubIPAddressesResponseArgs(
public_ips={
"addresses": [],
"count": 1,
},
),
location="West US",
resource_group_name="rg1",
sku=azure_native.network.AzureFirewallSkuArgs(
name="AZFW_Hub",
tier="Standard",
),
tags={
"key1": "value1",
},
threat_intel_mode="Alert",
virtual_hub=azure_native.network.SubResourceArgs(
id="/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
),
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
azureFirewallName: "azurefirewall",
firewallPolicy: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
},
hubIPAddresses: {
publicIPs: {
addresses: [],
count: 1,
},
},
location: "West US",
resourceGroupName: "rg1",
sku: {
name: "AZFW_Hub",
tier: "Standard",
},
tags: {
key1: "value1",
},
threatIntelMode: "Alert",
virtualHub: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
},
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
azureFirewallName: azurefirewall
firewallPolicy:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
hubIPAddresses:
publicIPs:
addresses: []
count: 1
location: West US
resourceGroupName: rg1
sku:
name: AZFW_Hub
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
virtualHub:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
zones: []
Create AzureFirewall Resource
new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);@overload
def AzureFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
additional_properties: Optional[Mapping[str, str]] = None,
application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
azure_firewall_name: Optional[str] = None,
firewall_policy: Optional[SubResourceArgs] = None,
hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
id: Optional[str] = None,
ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
location: Optional[str] = None,
management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
resource_group_name: Optional[str] = None,
sku: Optional[AzureFirewallSkuArgs] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
virtual_hub: Optional[SubResourceArgs] = None,
zones: Optional[Sequence[str]] = None)
@overload
def AzureFirewall(resource_name: str,
args: AzureFirewallArgs,
opts: Optional[ResourceOptions] = None)func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
public AzureFirewall(String name, AzureFirewallArgs args)
public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
type: azure-native:network:AzureFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
AzureFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The AzureFirewall resource accepts the following input properties:
- Resource
Group stringName The name of the resource group.
- Additional
Properties Dictionary<string, string> The additional properties used to further config this azure firewall.
- Application
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Application Rule Collection Args> Collection of application rule collections used by Azure Firewall.
- Azure
Firewall stringName The name of the Azure Firewall.
- Firewall
Policy Pulumi.Azure Native. Network. Inputs. Sub Resource Args The firewallPolicy associated with this azure firewall.
- Hub
IPAddresses Pulumi.Azure Native. Network. Inputs. Hub IPAddresses Args IP addresses associated with AzureFirewall.
- Id string
Resource ID.
- Ip
Configurations List<Pulumi.Azure Native. Network. Inputs. Azure Firewall IPConfiguration Args> IP configuration of the Azure Firewall resource.
- Location string
Resource location.
- Management
Ip Pulumi.Configuration Azure Native. Network. Inputs. Azure Firewall IPConfiguration Args IP configuration of the Azure Firewall used for management traffic.
- Nat
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Nat Rule Collection Args> Collection of NAT rule collections used by Azure Firewall.
- Network
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Network Rule Collection Args> Collection of network rule collections used by Azure Firewall.
- Sku
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Sku Args The Azure Firewall Resource SKU.
- Dictionary<string, string>
Resource tags.
- Threat
Intel string | Pulumi.Mode Azure Native. Network. Azure Firewall Threat Intel Mode The operation mode for Threat Intelligence.
- Virtual
Hub Pulumi.Azure Native. Network. Inputs. Sub Resource Args The virtualHub to which the firewall belongs.
- Zones List<string>
A list of availability zones denoting where the resource needs to come from.
- Resource
Group stringName The name of the resource group.
- Additional
Properties map[string]string The additional properties used to further config this azure firewall.
- Application
Rule []AzureCollections Firewall Application Rule Collection Args Collection of application rule collections used by Azure Firewall.
- Azure
Firewall stringName The name of the Azure Firewall.
- Firewall
Policy SubResource Args The firewallPolicy associated with this azure firewall.
- Hub
IPAddresses HubIPAddresses Args IP addresses associated with AzureFirewall.
- Id string
Resource ID.
- Ip
Configurations []AzureFirewall IPConfiguration Args IP configuration of the Azure Firewall resource.
- Location string
Resource location.
- Management
Ip AzureConfiguration Firewall IPConfiguration Args IP configuration of the Azure Firewall used for management traffic.
- Nat
Rule []AzureCollections Firewall Nat Rule Collection Args Collection of NAT rule collections used by Azure Firewall.
- Network
Rule []AzureCollections Firewall Network Rule Collection Args Collection of network rule collections used by Azure Firewall.
- Sku
Azure
Firewall Sku Args The Azure Firewall Resource SKU.
- map[string]string
Resource tags.
- Threat
Intel string | AzureMode Firewall Threat Intel Mode The operation mode for Threat Intelligence.
- Virtual
Hub SubResource Args The virtualHub to which the firewall belongs.
- Zones []string
A list of availability zones denoting where the resource needs to come from.
- resource
Group StringName The name of the resource group.
- additional
Properties Map<String,String> The additional properties used to further config this azure firewall.
- application
Rule List<AzureCollections Firewall Application Rule Collection Args> Collection of application rule collections used by Azure Firewall.
- azure
Firewall StringName The name of the Azure Firewall.
- firewall
Policy SubResource Args The firewallPolicy associated with this azure firewall.
- hub
IPAddresses HubIPAddresses Args IP addresses associated with AzureFirewall.
- id String
Resource ID.
- ip
Configurations List<AzureFirewall IPConfiguration Args> IP configuration of the Azure Firewall resource.
- location String
Resource location.
- management
Ip AzureConfiguration Firewall IPConfiguration Args IP configuration of the Azure Firewall used for management traffic.
- nat
Rule List<AzureCollections Firewall Nat Rule Collection Args> Collection of NAT rule collections used by Azure Firewall.
- network
Rule List<AzureCollections Firewall Network Rule Collection Args> Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku Args The Azure Firewall Resource SKU.
- Map<String,String>
Resource tags.
- threat
Intel String | AzureMode Firewall Threat Intel Mode The operation mode for Threat Intelligence.
- virtual
Hub SubResource Args The virtualHub to which the firewall belongs.
- zones List<String>
A list of availability zones denoting where the resource needs to come from.
- resource
Group stringName The name of the resource group.
- additional
Properties {[key: string]: string} The additional properties used to further config this azure firewall.
- application
Rule AzureCollections Firewall Application Rule Collection Args[] Collection of application rule collections used by Azure Firewall.
- azure
Firewall stringName The name of the Azure Firewall.
- firewall
Policy SubResource Args The firewallPolicy associated with this azure firewall.
- hub
IPAddresses HubIPAddresses Args IP addresses associated with AzureFirewall.
- id string
Resource ID.
- ip
Configurations AzureFirewall IPConfiguration Args[] IP configuration of the Azure Firewall resource.
- location string
Resource location.
- management
Ip AzureConfiguration Firewall IPConfiguration Args IP configuration of the Azure Firewall used for management traffic.
- nat
Rule AzureCollections Firewall Nat Rule Collection Args[] Collection of NAT rule collections used by Azure Firewall.
- network
Rule AzureCollections Firewall Network Rule Collection Args[] Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku Args The Azure Firewall Resource SKU.
- {[key: string]: string}
Resource tags.
- threat
Intel string | AzureMode Firewall Threat Intel Mode The operation mode for Threat Intelligence.
- virtual
Hub SubResource Args The virtualHub to which the firewall belongs.
- zones string[]
A list of availability zones denoting where the resource needs to come from.
- resource_
group_ strname The name of the resource group.
- additional_
properties Mapping[str, str] The additional properties used to further config this azure firewall.
- application_
rule_ Sequence[Azurecollections Firewall Application Rule Collection Args] Collection of application rule collections used by Azure Firewall.
- azure_
firewall_ strname The name of the Azure Firewall.
- firewall_
policy SubResource Args The firewallPolicy associated with this azure firewall.
- hub_
ip_ Hubaddresses IPAddresses Args IP addresses associated with AzureFirewall.
- id str
Resource ID.
- ip_
configurations Sequence[AzureFirewall IPConfiguration Args] IP configuration of the Azure Firewall resource.
- location str
Resource location.
- management_
ip_ Azureconfiguration Firewall IPConfiguration Args IP configuration of the Azure Firewall used for management traffic.
- nat_
rule_ Sequence[Azurecollections Firewall Nat Rule Collection Args] Collection of NAT rule collections used by Azure Firewall.
- network_
rule_ Sequence[Azurecollections Firewall Network Rule Collection Args] Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku Args The Azure Firewall Resource SKU.
- Mapping[str, str]
Resource tags.
- threat_
intel_ str | Azuremode Firewall Threat Intel Mode The operation mode for Threat Intelligence.
- virtual_
hub SubResource Args The virtualHub to which the firewall belongs.
- zones Sequence[str]
A list of availability zones denoting where the resource needs to come from.
- resource
Group StringName The name of the resource group.
- additional
Properties Map<String> The additional properties used to further config this azure firewall.
- application
Rule List<Property Map>Collections Collection of application rule collections used by Azure Firewall.
- azure
Firewall StringName The name of the Azure Firewall.
- firewall
Policy Property Map The firewallPolicy associated with this azure firewall.
- hub
IPAddresses Property Map IP addresses associated with AzureFirewall.
- id String
Resource ID.
- ip
Configurations List<Property Map> IP configuration of the Azure Firewall resource.
- location String
Resource location.
- management
Ip Property MapConfiguration IP configuration of the Azure Firewall used for management traffic.
- nat
Rule List<Property Map>Collections Collection of NAT rule collections used by Azure Firewall.
- network
Rule List<Property Map>Collections Collection of network rule collections used by Azure Firewall.
- sku Property Map
The Azure Firewall Resource SKU.
- Map<String>
Resource tags.
- threat
Intel String | "Alert" | "Deny" | "Off"Mode The operation mode for Threat Intelligence.
- virtual
Hub Property Map The virtualHub to which the firewall belongs.
- zones List<String>
A list of availability zones denoting where the resource needs to come from.
Outputs
All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Id string
The provider-assigned unique ID for this managed resource.
- Ip
Groups List<Pulumi.Azure Native. Network. Outputs. Azure Firewall Ip Groups Response> IpGroups associated with AzureFirewall.
- Name string
Resource name.
- Provisioning
State string The provisioning state of the Azure firewall resource.
- Type string
Resource type.
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Id string
The provider-assigned unique ID for this managed resource.
- Ip
Groups []AzureFirewall Ip Groups Response IpGroups associated with AzureFirewall.
- Name string
Resource name.
- Provisioning
State string The provisioning state of the Azure firewall resource.
- Type string
Resource type.
- etag String
A unique read-only string that changes whenever the resource is updated.
- id String
The provider-assigned unique ID for this managed resource.
- ip
Groups List<AzureFirewall Ip Groups Response> IpGroups associated with AzureFirewall.
- name String
Resource name.
- provisioning
State String The provisioning state of the Azure firewall resource.
- type String
Resource type.
- etag string
A unique read-only string that changes whenever the resource is updated.
- id string
The provider-assigned unique ID for this managed resource.
- ip
Groups AzureFirewall Ip Groups Response[] IpGroups associated with AzureFirewall.
- name string
Resource name.
- provisioning
State string The provisioning state of the Azure firewall resource.
- type string
Resource type.
- etag str
A unique read-only string that changes whenever the resource is updated.
- id str
The provider-assigned unique ID for this managed resource.
- ip_
groups Sequence[AzureFirewall Ip Groups Response] IpGroups associated with AzureFirewall.
- name str
Resource name.
- provisioning_
state str The provisioning state of the Azure firewall resource.
- type str
Resource type.
- etag String
A unique read-only string that changes whenever the resource is updated.
- id String
The provider-assigned unique ID for this managed resource.
- ip
Groups List<Property Map> IpGroups associated with AzureFirewall.
- name String
Resource name.
- provisioning
State String The provisioning state of the Azure firewall resource.
- type String
Resource type.
Supporting Types
AzureFirewallApplicationRule
- Description string
Description of the rule.
- List<string>
List of FQDN Tags for this rule.
- Name string
Name of the application rule.
- Protocols
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol> Array of ApplicationRuleProtocols.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Target
Fqdns List<string> List of FQDNs for this rule.
- Description string
Description of the rule.
- []string
List of FQDN Tags for this rule.
- Name string
Name of the application rule.
- Protocols
[]Azure
Firewall Application Rule Protocol Array of ApplicationRuleProtocols.
- Source
Addresses []string List of source IP addresses for this rule.
- Source
Ip []stringGroups List of source IpGroups for this rule.
- Target
Fqdns []string List of FQDNs for this rule.
- description String
Description of the rule.
- List<String>
List of FQDN Tags for this rule.
- name String
Name of the application rule.
- protocols
List<Azure
Firewall Application Rule Protocol> Array of ApplicationRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- target
Fqdns List<String> List of FQDNs for this rule.
- description string
Description of the rule.
- string[]
List of FQDN Tags for this rule.
- name string
Name of the application rule.
- protocols
Azure
Firewall Application Rule Protocol[] Array of ApplicationRuleProtocols.
- source
Addresses string[] List of source IP addresses for this rule.
- source
Ip string[]Groups List of source IpGroups for this rule.
- target
Fqdns string[] List of FQDNs for this rule.
- description str
Description of the rule.
- Sequence[str]
List of FQDN Tags for this rule.
- name str
Name of the application rule.
- protocols
Sequence[Azure
Firewall Application Rule Protocol] Array of ApplicationRuleProtocols.
- source_
addresses Sequence[str] List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups List of source IpGroups for this rule.
- target_
fqdns Sequence[str] List of FQDNs for this rule.
- description String
Description of the rule.
- List<String>
List of FQDN Tags for this rule.
- name String
Name of the application rule.
- protocols List<Property Map>
Array of ApplicationRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- target
Fqdns List<String> List of FQDNs for this rule.
AzureFirewallApplicationRuleCollection
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the application rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule> Collection of rules used by a application rule collection.
- Action
Azure
Firewall RCAction The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the application rule collection resource.
- Rules
[]Azure
Firewall Application Rule Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the application rule collection resource.
- rules
List<Azure
Firewall Application Rule> Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the application rule collection resource.
- rules
Azure
Firewall Application Rule[] Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the application rule collection resource.
- rules
Sequence[Azure
Firewall Application Rule] Collection of rules used by a application rule collection.
- action Property Map
The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the application rule collection resource.
- rules List<Property Map>
Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleCollectionResponse
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the application rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction Response The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the application rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Response> Collection of rules used by a application rule collection.
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the application rule collection resource.
- Action
Azure
Firewall RCAction Response The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the application rule collection resource.
- Rules
[]Azure
Firewall Application Rule Response Collection of rules used by a application rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the application rule collection resource.
- rules
List<Azure
Firewall Application Rule Response> Collection of rules used by a application rule collection.
- etag string
A unique read-only string that changes whenever the resource is updated.
- provisioning
State string The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the application rule collection resource.
- rules
Azure
Firewall Application Rule Response[] Collection of rules used by a application rule collection.
- etag str
A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the application rule collection resource.
- rules
Sequence[Azure
Firewall Application Rule Response] Collection of rules used by a application rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the application rule collection resource.
- action Property Map
The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the application rule collection resource.
- rules List<Property Map>
Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleProtocol
- Port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string | Pulumi.Azure Native. Network. Azure Firewall Application Rule Protocol Type Protocol type.
- Port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string | AzureFirewall Application Rule Protocol Type Protocol type.
- port Integer
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String | AzureFirewall Application Rule Protocol Type Protocol type.
- port number
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type string | AzureFirewall Application Rule Protocol Type Protocol type.
- port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_
type str | AzureFirewall Application Rule Protocol Type Protocol type.
- port Number
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String | "Http" | "Https" | "Mssql" Protocol type.
AzureFirewallApplicationRuleProtocolResponse
- Port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string Protocol type.
- Port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string Protocol type.
- port Integer
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String Protocol type.
- port number
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type string Protocol type.
- port int
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_
type str Protocol type.
- port Number
Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String Protocol type.
AzureFirewallApplicationRuleProtocolType
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- Azure
Firewall Application Rule Protocol Type Http - Http
- Azure
Firewall Application Rule Protocol Type Https - Https
- Azure
Firewall Application Rule Protocol Type Mssql - Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- HTTP
- Http
- HTTPS
- Https
- MSSQL
- Mssql
- "Http"
- Http
- "Https"
- Https
- "Mssql"
- Mssql
AzureFirewallApplicationRuleResponse
- Description string
Description of the rule.
- List<string>
List of FQDN Tags for this rule.
- Name string
Name of the application rule.
- Protocols
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol Response> Array of ApplicationRuleProtocols.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Target
Fqdns List<string> List of FQDNs for this rule.
- Description string
Description of the rule.
- []string
List of FQDN Tags for this rule.
- Name string
Name of the application rule.
- Protocols
[]Azure
Firewall Application Rule Protocol Response Array of ApplicationRuleProtocols.
- Source
Addresses []string List of source IP addresses for this rule.
- Source
Ip []stringGroups List of source IpGroups for this rule.
- Target
Fqdns []string List of FQDNs for this rule.
- description String
Description of the rule.
- List<String>
List of FQDN Tags for this rule.
- name String
Name of the application rule.
- protocols
List<Azure
Firewall Application Rule Protocol Response> Array of ApplicationRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- target
Fqdns List<String> List of FQDNs for this rule.
- description string
Description of the rule.
- string[]
List of FQDN Tags for this rule.
- name string
Name of the application rule.
- protocols
Azure
Firewall Application Rule Protocol Response[] Array of ApplicationRuleProtocols.
- source
Addresses string[] List of source IP addresses for this rule.
- source
Ip string[]Groups List of source IpGroups for this rule.
- target
Fqdns string[] List of FQDNs for this rule.
- description str
Description of the rule.
- Sequence[str]
List of FQDN Tags for this rule.
- name str
Name of the application rule.
- protocols
Sequence[Azure
Firewall Application Rule Protocol Response] Array of ApplicationRuleProtocols.
- source_
addresses Sequence[str] List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups List of source IpGroups for this rule.
- target_
fqdns Sequence[str] List of FQDNs for this rule.
- description String
Description of the rule.
- List<String>
List of FQDN Tags for this rule.
- name String
Name of the application rule.
- protocols List<Property Map>
Array of ApplicationRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- target
Fqdns List<String> List of FQDNs for this rule.
AzureFirewallIPConfiguration
- Id string
Resource ID.
- Name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.
Azure Native. Network. Inputs. Sub Resource Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Id string
Resource ID.
- Name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress SubResource Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Sub
Resource Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
Resource ID.
- name String
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id string
Resource ID.
- name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id str
Resource ID.
- name str
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_
ip_ Subaddress Resource Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
Resource ID.
- name String
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress Property Map Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIPConfigurationResponse
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Private
IPAddress string The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- Provisioning
State string The provisioning state of the Azure firewall IP configuration resource.
- Type string
Type of the resource.
- Id string
Resource ID.
- Name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource Response Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.
Azure Native. Network. Inputs. Sub Resource Response Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Private
IPAddress string The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- Provisioning
State string The provisioning state of the Azure firewall IP configuration resource.
- Type string
Type of the resource.
- Id string
Resource ID.
- Name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress SubResource Response Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Sub
Resource Response Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
A unique read-only string that changes whenever the resource is updated.
- private
IPAddress String The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State String The provisioning state of the Azure firewall IP configuration resource.
- type String
Type of the resource.
- id String
Resource ID.
- name String
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Response Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag string
A unique read-only string that changes whenever the resource is updated.
- private
IPAddress string The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State string The provisioning state of the Azure firewall IP configuration resource.
- type string
Type of the resource.
- id string
Resource ID.
- name string
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Response Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag str
A unique read-only string that changes whenever the resource is updated.
- private_
ip_ straddress The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning_
state str The provisioning state of the Azure firewall IP configuration resource.
- type str
Type of the resource.
- id str
Resource ID.
- name str
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_
ip_ Subaddress Resource Response Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
A unique read-only string that changes whenever the resource is updated.
- private
IPAddress String The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State String The provisioning state of the Azure firewall IP configuration resource.
- type String
Type of the resource.
- id String
Resource ID.
- name String
Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress Property Map Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIpGroupsResponse
- Change
Number string The iteration number.
- Id string
Resource ID.
- Change
Number string The iteration number.
- Id string
Resource ID.
- change
Number String The iteration number.
- id String
Resource ID.
- change
Number string The iteration number.
- id string
Resource ID.
- change_
number str The iteration number.
- id str
Resource ID.
- change
Number String The iteration number.
- id String
Resource ID.
AzureFirewallNatRCAction
- Type
string | Pulumi.
Azure Native. Network. Azure Firewall Nat RCAction Type The type of action.
- Type
string | Azure
Firewall Nat RCAction Type The type of action.
- type
String | Azure
Firewall Nat RCAction Type The type of action.
- type
string | Azure
Firewall Nat RCAction Type The type of action.
- type
str | Azure
Firewall Nat RCAction Type The type of action.
- type String | "Snat" | "Dnat"
The type of action.
AzureFirewallNatRCActionResponse
- Type string
The type of action.
- Type string
The type of action.
- type String
The type of action.
- type string
The type of action.
- type str
The type of action.
- type String
The type of action.
AzureFirewallNatRCActionType
- Snat
- Snat
- Dnat
- Dnat
- Azure
Firewall Nat RCAction Type Snat - Snat
- Azure
Firewall Nat RCAction Type Dnat - Dnat
- Snat
- Snat
- Dnat
- Dnat
- Snat
- Snat
- Dnat
- Dnat
- SNAT
- Snat
- DNAT
- Dnat
- "Snat"
- Snat
- "Dnat"
- Dnat
AzureFirewallNatRule
- Description string
Description of the rule.
- Destination
Addresses List<string> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports List<string> List of destination ports.
- Name string
Name of the NAT rule.
- Protocols
List<Union<string, Pulumi.
Azure Native. Network. Azure Firewall Network Rule Protocol>> Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Translated
Address string The translated address for this NAT rule.
- Translated
Fqdn string The translated FQDN for this NAT rule.
- Translated
Port string The translated port for this NAT rule.
- Description string
Description of the rule.
- Destination
Addresses []string List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports []string List of destination ports.
- Name string
Name of the NAT rule.
- Protocols []string
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses []string List of source IP addresses for this rule.
- Source
Ip []stringGroups List of source IpGroups for this rule.
- Translated
Address string The translated address for this NAT rule.
- Translated
Fqdn string The translated FQDN for this NAT rule.
- Translated
Port string The translated port for this NAT rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> List of destination ports.
- name String
Name of the NAT rule.
- protocols
List<Either<String,Azure
Firewall Network Rule Protocol>> Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- translated
Address String The translated address for this NAT rule.
- translated
Fqdn String The translated FQDN for this NAT rule.
- translated
Port String The translated port for this NAT rule.
- description string
Description of the rule.
- destination
Addresses string[] List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports string[] List of destination ports.
- name string
Name of the NAT rule.
- protocols
(string | Azure
Firewall Network Rule Protocol)[] Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses string[] List of source IP addresses for this rule.
- source
Ip string[]Groups List of source IpGroups for this rule.
- translated
Address string The translated address for this NAT rule.
- translated
Fqdn string The translated FQDN for this NAT rule.
- translated
Port string The translated port for this NAT rule.
- description str
Description of the rule.
- destination_
addresses Sequence[str] List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_
ports Sequence[str] List of destination ports.
- name str
Name of the NAT rule.
- protocols
Sequence[Union[str, Azure
Firewall Network Rule Protocol]] Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_
addresses Sequence[str] List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups List of source IpGroups for this rule.
- translated_
address str The translated address for this NAT rule.
- translated_
fqdn str The translated FQDN for this NAT rule.
- translated_
port str The translated port for this NAT rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> List of destination ports.
- name String
Name of the NAT rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- translated
Address String The translated address for this NAT rule.
- translated
Fqdn String The translated FQDN for this NAT rule.
- translated
Port String The translated port for this NAT rule.
AzureFirewallNatRuleCollection
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat RCAction The action type of a NAT rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the NAT rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat Rule> Collection of rules used by a NAT rule collection.
- Action
Azure
Firewall Nat RCAction The action type of a NAT rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the NAT rule collection resource.
- Rules
[]Azure
Firewall Nat Rule Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction The action type of a NAT rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the NAT rule collection resource.
- rules
List<Azure
Firewall Nat Rule> Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction The action type of a NAT rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the NAT rule collection resource.
- rules
Azure
Firewall Nat Rule[] Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction The action type of a NAT rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the NAT rule collection resource.
- rules
Sequence[Azure
Firewall Nat Rule] Collection of rules used by a NAT rule collection.
- action Property Map
The action type of a NAT rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the NAT rule collection resource.
- rules List<Property Map>
Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleCollectionResponse
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the NAT rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat RCAction Response The action type of a NAT rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the NAT rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat Rule Response> Collection of rules used by a NAT rule collection.
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the NAT rule collection resource.
- Action
Azure
Firewall Nat RCAction Response The action type of a NAT rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the NAT rule collection resource.
- Rules
[]Azure
Firewall Nat Rule Response Collection of rules used by a NAT rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response The action type of a NAT rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the NAT rule collection resource.
- rules
List<Azure
Firewall Nat Rule Response> Collection of rules used by a NAT rule collection.
- etag string
A unique read-only string that changes whenever the resource is updated.
- provisioning
State string The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response The action type of a NAT rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the NAT rule collection resource.
- rules
Azure
Firewall Nat Rule Response[] Collection of rules used by a NAT rule collection.
- etag str
A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response The action type of a NAT rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the NAT rule collection resource.
- rules
Sequence[Azure
Firewall Nat Rule Response] Collection of rules used by a NAT rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the NAT rule collection resource.
- action Property Map
The action type of a NAT rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the NAT rule collection resource.
- rules List<Property Map>
Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleResponse
- Description string
Description of the rule.
- Destination
Addresses List<string> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports List<string> List of destination ports.
- Name string
Name of the NAT rule.
- Protocols List<string>
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Translated
Address string The translated address for this NAT rule.
- Translated
Fqdn string The translated FQDN for this NAT rule.
- Translated
Port string The translated port for this NAT rule.
- Description string
Description of the rule.
- Destination
Addresses []string List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports []string List of destination ports.
- Name string
Name of the NAT rule.
- Protocols []string
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses []string List of source IP addresses for this rule.
- Source
Ip []stringGroups List of source IpGroups for this rule.
- Translated
Address string The translated address for this NAT rule.
- Translated
Fqdn string The translated FQDN for this NAT rule.
- Translated
Port string The translated port for this NAT rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> List of destination ports.
- name String
Name of the NAT rule.
- protocols List<String>
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- translated
Address String The translated address for this NAT rule.
- translated
Fqdn String The translated FQDN for this NAT rule.
- translated
Port String The translated port for this NAT rule.
- description string
Description of the rule.
- destination
Addresses string[] List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports string[] List of destination ports.
- name string
Name of the NAT rule.
- protocols string[]
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses string[] List of source IP addresses for this rule.
- source
Ip string[]Groups List of source IpGroups for this rule.
- translated
Address string The translated address for this NAT rule.
- translated
Fqdn string The translated FQDN for this NAT rule.
- translated
Port string The translated port for this NAT rule.
- description str
Description of the rule.
- destination_
addresses Sequence[str] List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_
ports Sequence[str] List of destination ports.
- name str
Name of the NAT rule.
- protocols Sequence[str]
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_
addresses Sequence[str] List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups List of source IpGroups for this rule.
- translated_
address str The translated address for this NAT rule.
- translated_
fqdn str The translated FQDN for this NAT rule.
- translated_
port str The translated port for this NAT rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> List of destination ports.
- name String
Name of the NAT rule.
- protocols List<String>
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- translated
Address String The translated address for this NAT rule.
- translated
Fqdn String The translated FQDN for this NAT rule.
- translated
Port String The translated port for this NAT rule.
AzureFirewallNetworkRule
- Description string
Description of the rule.
- Destination
Addresses List<string> List of destination IP addresses.
- Destination
Fqdns List<string> List of destination FQDNs.
- Destination
Ip List<string>Groups List of destination IpGroups for this rule.
- Destination
Ports List<string> List of destination ports.
- Name string
Name of the network rule.
- Protocols
List<Union<string, Pulumi.
Azure Native. Network. Azure Firewall Network Rule Protocol>> Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Description string
Description of the rule.
- Destination
Addresses []string List of destination IP addresses.
- Destination
Fqdns []string List of destination FQDNs.
- Destination
Ip []stringGroups List of destination IpGroups for this rule.
- Destination
Ports []string List of destination ports.
- Name string
Name of the network rule.
- Protocols []string
Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses []string List of source IP addresses for this rule.
- Source
Ip []stringGroups List of source IpGroups for this rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses.
- destination
Fqdns List<String> List of destination FQDNs.
- destination
Ip List<String>Groups List of destination IpGroups for this rule.
- destination
Ports List<String> List of destination ports.
- name String
Name of the network rule.
- protocols
List<Either<String,Azure
Firewall Network Rule Protocol>> Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
- description string
Description of the rule.
- destination
Addresses string[] List of destination IP addresses.
- destination
Fqdns string[] List of destination FQDNs.
- destination
Ip string[]Groups List of destination IpGroups for this rule.
- destination
Ports string[] List of destination ports.
- name string
Name of the network rule.
- protocols
(string | Azure
Firewall Network Rule Protocol)[] Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses string[] List of source IP addresses for this rule.
- source
Ip string[]Groups List of source IpGroups for this rule.
- description str
Description of the rule.
- destination_
addresses Sequence[str] List of destination IP addresses.
- destination_
fqdns Sequence[str] List of destination FQDNs.
- destination_
ip_ Sequence[str]groups List of destination IpGroups for this rule.
- destination_
ports Sequence[str] List of destination ports.
- name str
Name of the network rule.
- protocols
Sequence[Union[str, Azure
Firewall Network Rule Protocol]] Array of AzureFirewallNetworkRuleProtocols.
- source_
addresses Sequence[str] List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups List of source IpGroups for this rule.
- description String
Description of the rule.
- destination
Addresses List<String> List of destination IP addresses.
- destination
Fqdns List<String> List of destination FQDNs.
- destination
Ip List<String>Groups List of destination IpGroups for this rule.
- destination
Ports List<String> List of destination ports.
- name String
Name of the network rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> List of source IP addresses for this rule.
- source
Ip List<String>Groups List of source IpGroups for this rule.
AzureFirewallNetworkRuleCollection
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the network rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Network Rule> Collection of rules used by a network rule collection.
- Action
Azure
Firewall RCAction The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the network rule collection resource.
- Rules
[]Azure
Firewall Network Rule Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the network rule collection resource.
- rules
List<Azure
Firewall Network Rule> Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the network rule collection resource.
- rules
Azure
Firewall Network Rule[] Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction The action type of a rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the network rule collection resource.
- rules
Sequence[Azure
Firewall Network Rule] Collection of rules used by a network rule collection.
- action Property Map
The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the network rule collection resource.
- rules List<Property Map>
Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleCollectionResponse
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the network rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction Response The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the network rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Network Rule Response> Collection of rules used by a network rule collection.
- Etag string
A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string The provisioning state of the network rule collection resource.
- Action
Azure
Firewall RCAction Response The action type of a rule collection.
- Id string
Resource ID.
- Name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
Priority of the network rule collection resource.
- Rules
[]Azure
Firewall Network Rule Response Collection of rules used by a network rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
Priority of the network rule collection resource.
- rules
List<Azure
Firewall Network Rule Response> Collection of rules used by a network rule collection.
- etag string
A unique read-only string that changes whenever the resource is updated.
- provisioning
State string The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id string
Resource ID.
- name string
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
Priority of the network rule collection resource.
- rules
Azure
Firewall Network Rule Response[] Collection of rules used by a network rule collection.
- etag str
A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response The action type of a rule collection.
- id str
Resource ID.
- name str
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
Priority of the network rule collection resource.
- rules
Sequence[Azure
Firewall Network Rule Response] Collection of rules used by a network rule collection.
- etag String
A unique read-only string that changes whenever the resource is updated.
- provisioning
State String The provisioning state of the network rule collection resource.
- action Property Map
The action type of a rule collection.
- id String
Resource ID.
- name String
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
Priority of the network rule collection resource.
- rules List<Property Map>
Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleProtocol
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- Azure
Firewall Network Rule Protocol TCP - TCP
- Azure
Firewall Network Rule Protocol UDP - UDP
- Azure
Firewall Network Rule Protocol Any - Any
- Azure
Firewall Network Rule Protocol ICMP - ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- ANY
- Any
- ICMP
- ICMP
- "TCP"
- TCP
- "UDP"
- UDP
- "Any"
- Any
- "ICMP"
- ICMP
AzureFirewallNetworkRuleResponse
- Description string
Description of the rule.
- Destination
Addresses List<string> List of destination IP addresses.
- Destination
Fqdns List<string> List of destination FQDNs.
- Destination
Ip List<string>Groups List of destination IpGroups for this rule.
- Destination
Ports List<string> List of destination ports.
- Name string
Name of the network rule.
- Protocols List<string>
Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses List<string> List of source IP addresses for this rule.
- Source
Ip List<string>Groups List of source IpGroups for this rule.
- Description string
Description of the rule.