1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. AzureFirewall
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.60.0 published on Monday, Sep 9, 2024 by Pulumi

azure-native.network.AzureFirewall

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.60.0 published on Monday, Sep 9, 2024 by Pulumi

    Azure Firewall resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01.

    Other available API versions: 2020-04-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01.

    Example Usage

    Create Azure Firewall

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    				&network.AzureFirewallApplicationRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						&network.AzureFirewallApplicationRuleArgs{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								&network.AzureFirewallApplicationRuleProtocolArgs{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: network.AzureFirewallIPConfigurationArray{
    				&network.AzureFirewallIPConfigurationArgs{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    				&network.AzureFirewallNatRuleCollectionArgs{
    					Action: &network.AzureFirewallNatRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    				&network.AzureFirewallNetworkRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                    .name("apprulecoll")
                    .priority(110)
                    .rules(AzureFirewallApplicationRuleArgs.builder()
                        .description("Deny inbound rule")
                        .name("rule1")
                        .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                            .port(443)
                            .protocolType("Https")
                            .build())
                        .sourceAddresses(                    
                            "216.58.216.164",
                            "10.0.0.0/24")
                        .targetFqdns("www.test.com")
                        .build())
                    .build())
                .azureFirewallName("azurefirewall")
                .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                        .build())
                    .build())
                .location("West US")
                .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                    .action(AzureFirewallNatRCActionArgs.builder()
                        .type("Dnat")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                    .name("natrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all outbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("443")
                            .name("DNAT-HTTPS-traffic")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedAddress("1.2.3.5")
                            .translatedPort("8443")
                            .build(),
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all inbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("80")
                            .name("DNAT-HTTP-traffic-With-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedFqdn("internalhttpserver")
                            .translatedPort("880")
                            .build())
                    .build())
                .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                    .name("netrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports")
                            .destinationAddresses("*")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic")
                            .protocols("TCP")
                            .sourceAddresses(                        
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                            .build(),
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports to amazon")
                            .destinationFqdns("www.amazon.com")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic-with-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("10.2.4.12-10.2.4.255")
                            .build())
                    .build())
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_VNet")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [{
                    "port": 443,
                    "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
                }],
                "source_addresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "target_fqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location="West US",
        nat_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "D-NAT all outbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["443"],
                    "name": "DNAT-HTTPS-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_address": "1.2.3.5",
                    "translated_port": "8443",
                },
                {
                    "description": "D-NAT all inbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["80"],
                    "name": "DNAT-HTTP-traffic-With-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_fqdn": "internalhttpserver",
                    "translated_port": "880",
                },
            ],
        }],
        network_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "Block traffic based on source IPs and ports",
                    "destination_addresses": ["*"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    "description": "Block traffic based on source IPs and ports to amazon",
                    "destination_fqdns": ["www.amazon.com"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic-with-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Additional Properties

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AdditionalProperties = 
            {
                { "key1", "value1" },
                { "key2", "value2" },
            },
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			AdditionalProperties: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    				"key2": pulumi.String("value2"),
    			},
    			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    				&network.AzureFirewallApplicationRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						&network.AzureFirewallApplicationRuleArgs{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								&network.AzureFirewallApplicationRuleProtocolArgs{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: network.AzureFirewallIPConfigurationArray{
    				&network.AzureFirewallIPConfigurationArgs{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    				&network.AzureFirewallNatRuleCollectionArgs{
    					Action: &network.AzureFirewallNatRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    				&network.AzureFirewallNetworkRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .additionalProperties(Map.ofEntries(
                    Map.entry("key1", "value1"),
                    Map.entry("key2", "value2")
                ))
                .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                    .name("apprulecoll")
                    .priority(110)
                    .rules(AzureFirewallApplicationRuleArgs.builder()
                        .description("Deny inbound rule")
                        .name("rule1")
                        .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                            .port(443)
                            .protocolType("Https")
                            .build())
                        .sourceAddresses(                    
                            "216.58.216.164",
                            "10.0.0.0/24")
                        .targetFqdns("www.test.com")
                        .build())
                    .build())
                .azureFirewallName("azurefirewall")
                .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                        .build())
                    .build())
                .location("West US")
                .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                    .action(AzureFirewallNatRCActionArgs.builder()
                        .type("Dnat")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                    .name("natrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all outbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("443")
                            .name("DNAT-HTTPS-traffic")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedAddress("1.2.3.5")
                            .translatedPort("8443")
                            .build(),
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all inbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("80")
                            .name("DNAT-HTTP-traffic-With-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedFqdn("internalhttpserver")
                            .translatedPort("880")
                            .build())
                    .build())
                .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                    .name("netrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports")
                            .destinationAddresses("*")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic")
                            .protocols("TCP")
                            .sourceAddresses(                        
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                            .build(),
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports to amazon")
                            .destinationFqdns("www.amazon.com")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic-with-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("10.2.4.12-10.2.4.255")
                            .build())
                    .build())
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_VNet")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        additional_properties={
            "key1": "value1",
            "key2": "value2",
        },
        application_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [{
                    "port": 443,
                    "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
                }],
                "source_addresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "target_fqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location="West US",
        nat_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "D-NAT all outbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["443"],
                    "name": "DNAT-HTTPS-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_address": "1.2.3.5",
                    "translated_port": "8443",
                },
                {
                    "description": "D-NAT all inbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["80"],
                    "name": "DNAT-HTTP-traffic-With-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_fqdn": "internalhttpserver",
                    "translated_port": "880",
                },
            ],
        }],
        network_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "Block traffic based on source IPs and ports",
                    "destination_addresses": ["*"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    "description": "Block traffic based on source IPs and ports to amazon",
                    "destination_fqdns": ["www.amazon.com"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic-with-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        additionalProperties: {
            key1: "value1",
            key2: "value2",
        },
        applicationRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          additionalProperties:
            key1: value1
            key2: value2
          applicationRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With IpGroups

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    				&network.AzureFirewallApplicationRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						&network.AzureFirewallApplicationRuleArgs{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								&network.AzureFirewallApplicationRuleProtocolArgs{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: network.AzureFirewallIPConfigurationArray{
    				&network.AzureFirewallIPConfigurationArgs{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    				&network.AzureFirewallNatRuleCollectionArgs{
    					Action: &network.AzureFirewallNatRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    				&network.AzureFirewallNetworkRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                    .name("apprulecoll")
                    .priority(110)
                    .rules(AzureFirewallApplicationRuleArgs.builder()
                        .description("Deny inbound rule")
                        .name("rule1")
                        .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                            .port(443)
                            .protocolType("Https")
                            .build())
                        .sourceAddresses(                    
                            "216.58.216.164",
                            "10.0.0.0/24")
                        .targetFqdns("www.test.com")
                        .build())
                    .build())
                .azureFirewallName("azurefirewall")
                .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                        .build())
                    .build())
                .location("West US")
                .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                    .action(AzureFirewallNatRCActionArgs.builder()
                        .type("Dnat")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                    .name("natrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all outbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("443")
                            .name("DNAT-HTTPS-traffic")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedAddress("1.2.3.5")
                            .translatedPort("8443")
                            .build(),
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all inbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("80")
                            .name("DNAT-HTTP-traffic-With-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedFqdn("internalhttpserver")
                            .translatedPort("880")
                            .build())
                    .build())
                .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                    .name("netrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports")
                            .destinationAddresses("*")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic")
                            .protocols("TCP")
                            .sourceAddresses(                        
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                            .build(),
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports to amazon")
                            .destinationFqdns("www.amazon.com")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic-with-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("10.2.4.12-10.2.4.255")
                            .build())
                    .build())
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_VNet")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [{
                    "port": 443,
                    "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
                }],
                "source_addresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "target_fqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location="West US",
        nat_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "D-NAT all outbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["443"],
                    "name": "DNAT-HTTPS-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_address": "1.2.3.5",
                    "translated_port": "8443",
                },
                {
                    "description": "D-NAT all inbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["80"],
                    "name": "DNAT-HTTP-traffic-With-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_fqdn": "internalhttpserver",
                    "translated_port": "880",
                },
            ],
        }],
        network_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "Block traffic based on source IPs and ports",
                    "destination_addresses": ["*"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    "description": "Block traffic based on source IPs and ports to amazon",
                    "destination_fqdns": ["www.amazon.com"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic-with-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        natRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          natRuleCollections:
            - action:
                type: Dnat
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall With Zones

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US 2",
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            Zones = new[]
            {
                "1",
                "2",
                "3",
            },
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    				&network.AzureFirewallApplicationRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						&network.AzureFirewallApplicationRuleArgs{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								&network.AzureFirewallApplicationRuleProtocolArgs{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: network.AzureFirewallIPConfigurationArray{
    				&network.AzureFirewallIPConfigurationArgs{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US 2"),
    			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    				&network.AzureFirewallNatRuleCollectionArgs{
    					Action: &network.AzureFirewallNatRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    				&network.AzureFirewallNetworkRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			Zones: pulumi.StringArray{
    				pulumi.String("1"),
    				pulumi.String("2"),
    				pulumi.String("3"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                    .name("apprulecoll")
                    .priority(110)
                    .rules(AzureFirewallApplicationRuleArgs.builder()
                        .description("Deny inbound rule")
                        .name("rule1")
                        .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                            .port(443)
                            .protocolType("Https")
                            .build())
                        .sourceAddresses(                    
                            "216.58.216.164",
                            "10.0.0.0/24")
                        .targetFqdns("www.test.com")
                        .build())
                    .build())
                .azureFirewallName("azurefirewall")
                .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                        .build())
                    .build())
                .location("West US 2")
                .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                    .action(AzureFirewallNatRCActionArgs.builder()
                        .type("Dnat")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                    .name("natrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all outbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("443")
                            .name("DNAT-HTTPS-traffic")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedAddress("1.2.3.5")
                            .translatedPort("8443")
                            .build(),
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all inbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("80")
                            .name("DNAT-HTTP-traffic-With-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedFqdn("internalhttpserver")
                            .translatedPort("880")
                            .build())
                    .build())
                .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                    .name("netrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports")
                            .destinationAddresses("*")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic")
                            .protocols("TCP")
                            .sourceAddresses(                        
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                            .build(),
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports to amazon")
                            .destinationFqdns("www.amazon.com")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic-with-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("10.2.4.12-10.2.4.255")
                            .build())
                    .build())
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_VNet")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones(            
                    "1",
                    "2",
                    "3")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [{
                    "port": 443,
                    "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
                }],
                "source_addresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "target_fqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location="West US 2",
        nat_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "D-NAT all outbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["443"],
                    "name": "DNAT-HTTPS-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_address": "1.2.3.5",
                    "translated_port": "8443",
                },
                {
                    "description": "D-NAT all inbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["80"],
                    "name": "DNAT-HTTP-traffic-With-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_fqdn": "internalhttpserver",
                    "translated_port": "880",
                },
            ],
        }],
        network_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "Block traffic based on source IPs and ports",
                    "destination_addresses": ["*"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    "description": "Block traffic based on source IPs and ports to amazon",
                    "destination_fqdns": ["www.amazon.com"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic-with-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        zones=[
            "1",
            "2",
            "3",
        ])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US 2",
        natRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        zones: [
            "1",
            "2",
            "3",
        ],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US 2
          natRuleCollections:
            - action:
                type: Dnat
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones:
            - '1'
            - '2'
            - '3'
    

    Create Azure Firewall With management subnet

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            ApplicationRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                    Name = "apprulecoll",
                    Priority = 110,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                        {
                            Description = "Deny inbound rule",
                            Name = "rule1",
                            Protocols = new[]
                            {
                                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                                {
                                    Port = 443,
                                    ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                                },
                            },
                            SourceAddresses = new[]
                            {
                                "216.58.216.164",
                                "10.0.0.0/24",
                            },
                            TargetFqdns = new[]
                            {
                                "www.test.com",
                            },
                        },
                    },
                },
            },
            AzureFirewallName = "azurefirewall",
            IpConfigurations = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
                {
                    Name = "azureFirewallIpConfiguration",
                    PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                    },
                    Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                    },
                },
            },
            Location = "West US",
            ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallMgmtIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
                },
            },
            NatRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                    Name = "natrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all outbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "443",
                            },
                            Name = "DNAT-HTTPS-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedAddress = "1.2.3.5",
                            TranslatedPort = "8443",
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                        {
                            Description = "D-NAT all inbound web traffic for inspection",
                            DestinationAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                            DestinationPorts = new[]
                            {
                                "80",
                            },
                            Name = "DNAT-HTTP-traffic-With-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "*",
                            },
                            TranslatedFqdn = "internalhttpserver",
                            TranslatedPort = "880",
                        },
                    },
                },
            },
            NetworkRuleCollections = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
                {
                    Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                    {
                        Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                    },
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                    Name = "netrulecoll",
                    Priority = 112,
                    Rules = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports",
                            DestinationAddresses = new[]
                            {
                                "*",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255",
                            },
                        },
                        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                        {
                            Description = "Block traffic based on source IPs and ports to amazon",
                            DestinationFqdns = new[]
                            {
                                "www.amazon.com",
                            },
                            DestinationPorts = new[]
                            {
                                "443-444",
                                "8443",
                            },
                            Name = "L4-traffic-with-FQDN",
                            Protocols = new[]
                            {
                                AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                            },
                            SourceAddresses = new[]
                            {
                                "10.2.4.12-10.2.4.255",
                            },
                        },
                    },
                },
            },
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    				&network.AzureFirewallApplicationRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
    					Name:     pulumi.String("apprulecoll"),
    					Priority: pulumi.Int(110),
    					Rules: network.AzureFirewallApplicationRuleArray{
    						&network.AzureFirewallApplicationRuleArgs{
    							Description: pulumi.String("Deny inbound rule"),
    							Name:        pulumi.String("rule1"),
    							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    								&network.AzureFirewallApplicationRuleProtocolArgs{
    									Port:         pulumi.Int(443),
    									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
    								},
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("216.58.216.164"),
    								pulumi.String("10.0.0.0/24"),
    							},
    							TargetFqdns: pulumi.StringArray{
    								pulumi.String("www.test.com"),
    							},
    						},
    					},
    				},
    			},
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			IpConfigurations: network.AzureFirewallIPConfigurationArray{
    				&network.AzureFirewallIPConfigurationArgs{
    					Name: pulumi.String("azureFirewallIpConfiguration"),
    					PublicIPAddress: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
    					},
    					Subnet: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
    					},
    				},
    			},
    			Location: pulumi.String("West US"),
    			ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
    				Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
    				PublicIPAddress: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
    				},
    				Subnet: &network.SubResourceArgs{
    					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
    				},
    			},
    			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    				&network.AzureFirewallNatRuleCollectionArgs{
    					Action: &network.AzureFirewallNatRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
    					Name:     pulumi.String("natrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNatRuleArray{
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443"),
    							},
    							Name: pulumi.String("DNAT-HTTPS-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedAddress: pulumi.String("1.2.3.5"),
    							TranslatedPort:    pulumi.String("8443"),
    						},
    						&network.AzureFirewallNatRuleArgs{
    							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("80"),
    							},
    							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							TranslatedFqdn: pulumi.String("internalhttpserver"),
    							TranslatedPort: pulumi.String("880"),
    						},
    					},
    				},
    			},
    			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    				&network.AzureFirewallNetworkRuleCollectionArgs{
    					Action: &network.AzureFirewallRCActionArgs{
    						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
    					},
    					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
    					Name:     pulumi.String("netrulecoll"),
    					Priority: pulumi.Int(112),
    					Rules: network.AzureFirewallNetworkRuleArray{
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("192.168.1.1-192.168.1.12"),
    								pulumi.String("10.1.4.12-10.1.4.255"),
    							},
    						},
    						&network.AzureFirewallNetworkRuleArgs{
    							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
    							DestinationFqdns: pulumi.StringArray{
    								pulumi.String("www.amazon.com"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("443-444"),
    								pulumi.String("8443"),
    							},
    							Name: pulumi.String("L4-traffic-with-FQDN"),
    							Protocols: pulumi.StringArray{
    								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
    							},
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("10.2.4.12-10.2.4.255"),
    							},
    						},
    					},
    				},
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			Zones:           pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                    .name("apprulecoll")
                    .priority(110)
                    .rules(AzureFirewallApplicationRuleArgs.builder()
                        .description("Deny inbound rule")
                        .name("rule1")
                        .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                            .port(443)
                            .protocolType("Https")
                            .build())
                        .sourceAddresses(                    
                            "216.58.216.164",
                            "10.0.0.0/24")
                        .targetFqdns("www.test.com")
                        .build())
                    .build())
                .azureFirewallName("azurefirewall")
                .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                        .build())
                    .build())
                .location("West US")
                .managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
                    .name("azureFirewallMgmtIpConfiguration")
                    .publicIPAddress(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")
                        .build())
                    .subnet(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet")
                        .build())
                    .build())
                .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                    .action(AzureFirewallNatRCActionArgs.builder()
                        .type("Dnat")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                    .name("natrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all outbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("443")
                            .name("DNAT-HTTPS-traffic")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedAddress("1.2.3.5")
                            .translatedPort("8443")
                            .build(),
                        AzureFirewallNatRuleArgs.builder()
                            .description("D-NAT all inbound web traffic for inspection")
                            .destinationAddresses("1.2.3.4")
                            .destinationPorts("80")
                            .name("DNAT-HTTP-traffic-With-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("*")
                            .translatedFqdn("internalhttpserver")
                            .translatedPort("880")
                            .build())
                    .build())
                .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                    .action(AzureFirewallRCActionArgs.builder()
                        .type("Deny")
                        .build())
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                    .name("netrulecoll")
                    .priority(112)
                    .rules(                
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports")
                            .destinationAddresses("*")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic")
                            .protocols("TCP")
                            .sourceAddresses(                        
                                "192.168.1.1-192.168.1.12",
                                "10.1.4.12-10.1.4.255")
                            .build(),
                        AzureFirewallNetworkRuleArgs.builder()
                            .description("Block traffic based on source IPs and ports to amazon")
                            .destinationFqdns("www.amazon.com")
                            .destinationPorts(                        
                                "443-444",
                                "8443")
                            .name("L4-traffic-with-FQDN")
                            .protocols("TCP")
                            .sourceAddresses("10.2.4.12-10.2.4.255")
                            .build())
                    .build())
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_VNet")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        application_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "name": "apprulecoll",
            "priority": 110,
            "rules": [{
                "description": "Deny inbound rule",
                "name": "rule1",
                "protocols": [{
                    "port": 443,
                    "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
                }],
                "source_addresses": [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                "target_fqdns": ["www.test.com"],
            }],
        }],
        azure_firewall_name="azurefirewall",
        ip_configurations=[{
            "name": "azureFirewallIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location="West US",
        management_ip_configuration={
            "name": "azureFirewallMgmtIpConfiguration",
            "public_ip_address": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        nat_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "name": "natrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "D-NAT all outbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["443"],
                    "name": "DNAT-HTTPS-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_address": "1.2.3.5",
                    "translated_port": "8443",
                },
                {
                    "description": "D-NAT all inbound web traffic for inspection",
                    "destination_addresses": ["1.2.3.4"],
                    "destination_ports": ["80"],
                    "name": "DNAT-HTTP-traffic-With-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["*"],
                    "translated_fqdn": "internalhttpserver",
                    "translated_port": "880",
                },
            ],
        }],
        network_rule_collections=[{
            "action": {
                "type": azure_native.network.AzureFirewallRCActionType.DENY,
            },
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "name": "netrulecoll",
            "priority": 112,
            "rules": [
                {
                    "description": "Block traffic based on source IPs and ports",
                    "destination_addresses": ["*"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    "description": "Block traffic based on source IPs and ports to amazon",
                    "destination_fqdns": ["www.amazon.com"],
                    "destination_ports": [
                        "443-444",
                        "8443",
                    ],
                    "name": "L4-traffic-with-FQDN",
                    "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    "source_addresses": ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        applicationRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            name: "apprulecoll",
            priority: 110,
            rules: [{
                description: "Deny inbound rule",
                name: "rule1",
                protocols: [{
                    port: 443,
                    protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
                }],
                sourceAddresses: [
                    "216.58.216.164",
                    "10.0.0.0/24",
                ],
                targetFqdns: ["www.test.com"],
            }],
        }],
        azureFirewallName: "azurefirewall",
        ipConfigurations: [{
            name: "azureFirewallIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
            },
        }],
        location: "West US",
        managementIpConfiguration: {
            name: "azureFirewallMgmtIpConfiguration",
            publicIPAddress: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            subnet: {
                id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        natRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            name: "natrulecoll",
            priority: 112,
            rules: [
                {
                    description: "D-NAT all outbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["443"],
                    name: "DNAT-HTTPS-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedAddress: "1.2.3.5",
                    translatedPort: "8443",
                },
                {
                    description: "D-NAT all inbound web traffic for inspection",
                    destinationAddresses: ["1.2.3.4"],
                    destinationPorts: ["80"],
                    name: "DNAT-HTTP-traffic-With-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["*"],
                    translatedFqdn: "internalhttpserver",
                    translatedPort: "880",
                },
            ],
        }],
        networkRuleCollections: [{
            action: {
                type: azure_native.network.AzureFirewallRCActionType.Deny,
            },
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            name: "netrulecoll",
            priority: 112,
            rules: [
                {
                    description: "Block traffic based on source IPs and ports",
                    destinationAddresses: ["*"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: [
                        "192.168.1.1-192.168.1.12",
                        "10.1.4.12-10.1.4.255",
                    ],
                },
                {
                    description: "Block traffic based on source IPs and ports to amazon",
                    destinationFqdns: ["www.amazon.com"],
                    destinationPorts: [
                        "443-444",
                        "8443",
                    ],
                    name: "L4-traffic-with-FQDN",
                    protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                    sourceAddresses: ["10.2.4.12-10.2.4.255"],
                },
            ],
        }],
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          applicationRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
              name: apprulecoll
              priority: 110
              rules:
                - description: Deny inbound rule
                  name: rule1
                  protocols:
                    - port: 443
                      protocolType: Https
                  sourceAddresses:
                    - 216.58.216.164
                    - 10.0.0.0/24
                  targetFqdns:
                    - www.test.com
          azureFirewallName: azurefirewall
          ipConfigurations:
            - name: azureFirewallIpConfiguration
              publicIPAddress:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
              subnet:
                id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
          location: West US
          managementIpConfiguration:
            name: azureFirewallMgmtIpConfiguration
            publicIPAddress:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
            subnet:
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
          natRuleCollections:
            - action:
                type: Dnat
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
              name: natrulecoll
              priority: 112
              rules:
                - description: D-NAT all outbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '443'
                  name: DNAT-HTTPS-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedAddress: 1.2.3.5
                  translatedPort: '8443'
                - description: D-NAT all inbound web traffic for inspection
                  destinationAddresses:
                    - 1.2.3.4
                  destinationPorts:
                    - '80'
                  name: DNAT-HTTP-traffic-With-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - '*'
                  translatedFqdn: internalhttpserver
                  translatedPort: '880'
          networkRuleCollections:
            - action:
                type: Deny
              id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
              name: netrulecoll
              priority: 112
              rules:
                - description: Block traffic based on source IPs and ports
                  destinationAddresses:
                    - '*'
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 192.168.1.1-192.168.1.12
                    - 10.1.4.12-10.1.4.255
                - description: Block traffic based on source IPs and ports to amazon
                  destinationFqdns:
                    - www.amazon.com
                  destinationPorts:
                    - 443-444
                    - '8443'
                  name: L4-traffic-with-FQDN
                  protocols:
                    - TCP
                  sourceAddresses:
                    - 10.2.4.12-10.2.4.255
          resourceGroupName: rg1
          sku:
            name: AZFW_VNet
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          zones: []
    

    Create Azure Firewall in virtual Hub

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
        {
            AzureFirewallName = "azurefirewall",
            FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
            },
            HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
            {
                PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
                {
                    Addresses = new() { },
                    Count = 1,
                },
            },
            Location = "West US",
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
            {
                Name = AzureNative.Network.AzureFirewallSkuName.AZFW_Hub,
                Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
            },
            Zones = new[] {},
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
    			AzureFirewallName: pulumi.String("azurefirewall"),
    			FirewallPolicy: &network.SubResourceArgs{
    				Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"),
    			},
    			HubIPAddresses: &network.HubIPAddressesArgs{
    				PublicIPs: &network.HubPublicIPAddressesArgs{
    					Addresses: network.AzureFirewallPublicIPAddressArray{},
    					Count:     pulumi.Int(1),
    				},
    			},
    			Location:          pulumi.String("West US"),
    			ResourceGroupName: pulumi.String("rg1"),
    			Sku: &network.AzureFirewallSkuArgs{
    				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_Hub),
    				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
    			},
    			Tags: pulumi.StringMap{
    				"key1": pulumi.String("value1"),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			VirtualHub: &network.SubResourceArgs{
    				Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"),
    			},
    			Zones: pulumi.StringArray{},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.AzureFirewall;
    import com.pulumi.azurenative.network.AzureFirewallArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.HubIPAddressesArgs;
    import com.pulumi.azurenative.network.inputs.HubPublicIPAddressesArgs;
    import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
                .azureFirewallName("azurefirewall")
                .firewallPolicy(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1")
                    .build())
                .hubIPAddresses(HubIPAddressesArgs.builder()
                    .publicIPs(HubPublicIPAddressesArgs.builder()
                        .addresses()
                        .count(1)
                        .build())
                    .build())
                .location("West US")
                .resourceGroupName("rg1")
                .sku(AzureFirewallSkuArgs.builder()
                    .name("AZFW_Hub")
                    .tier("Standard")
                    .build())
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .virtualHub(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1")
                    .build())
                .zones()
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
        azure_firewall_name="azurefirewall",
        firewall_policy={
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        hub_ip_addresses={
            "public_ips": {
                "addresses": [],
                "count": 1,
            },
        },
        location="West US",
        resource_group_name="rg1",
        sku={
            "name": azure_native.network.AzureFirewallSkuName.AZF_W_HUB,
            "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
        },
        tags={
            "key1": "value1",
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        virtual_hub={
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        zones=[])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
        azureFirewallName: "azurefirewall",
        firewallPolicy: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        hubIPAddresses: {
            publicIPs: {
                addresses: [],
                count: 1,
            },
        },
        location: "West US",
        resourceGroupName: "rg1",
        sku: {
            name: azure_native.network.AzureFirewallSkuName.AZFW_Hub,
            tier: azure_native.network.AzureFirewallSkuTier.Standard,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        virtualHub: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        zones: [],
    });
    
    resources:
      azureFirewall:
        type: azure-native:network:AzureFirewall
        properties:
          azureFirewallName: azurefirewall
          firewallPolicy:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
          hubIPAddresses:
            publicIPs:
              addresses: []
              count: 1
          location: West US
          resourceGroupName: rg1
          sku:
            name: AZFW_Hub
            tier: Standard
          tags:
            key1: value1
          threatIntelMode: Alert
          virtualHub:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
          zones: []
    

    Create AzureFirewall Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);
    @overload
    def AzureFirewall(resource_name: str,
                      args: AzureFirewallArgs,
                      opts: Optional[ResourceOptions] = None)
    
    @overload
    def AzureFirewall(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      resource_group_name: Optional[str] = None,
                      management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
                      location: Optional[str] = None,
                      firewall_policy: Optional[SubResourceArgs] = None,
                      hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
                      nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
                      ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
                      azure_firewall_name: Optional[str] = None,
                      additional_properties: Optional[Mapping[str, str]] = None,
                      id: Optional[str] = None,
                      network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
                      application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
                      sku: Optional[AzureFirewallSkuArgs] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                      virtual_hub: Optional[SubResourceArgs] = None,
                      zones: Optional[Sequence[str]] = None)
    func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)
    public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
    public AzureFirewall(String name, AzureFirewallArgs args)
    public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
    
    type: azure-native:network:AzureFirewall
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AzureFirewallArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var azureFirewallResource = new AzureNative.Network.AzureFirewall("azureFirewallResource", new()
    {
        ResourceGroupName = "string",
        ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
        {
            Id = "string",
            Name = "string",
            PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "string",
            },
            Subnet = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "string",
            },
        },
        Location = "string",
        FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "string",
        },
        HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
        {
            PrivateIPAddress = "string",
            PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
            {
                Addresses = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallPublicIPAddressArgs
                    {
                        Address = "string",
                    },
                },
                Count = 0,
            },
        },
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = "string",
                },
                Id = "string",
                Name = "string",
                Priority = 0,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "string",
                        DestinationAddresses = new[]
                        {
                            "string",
                        },
                        DestinationPorts = new[]
                        {
                            "string",
                        },
                        Name = "string",
                        Protocols = new[]
                        {
                            "string",
                        },
                        SourceAddresses = new[]
                        {
                            "string",
                        },
                        SourceIpGroups = new[]
                        {
                            "string",
                        },
                        TranslatedAddress = "string",
                        TranslatedFqdn = "string",
                        TranslatedPort = "string",
                    },
                },
            },
        },
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Id = "string",
                Name = "string",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "string",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "string",
                },
            },
        },
        AzureFirewallName = "string",
        AdditionalProperties = 
        {
            { "string", "string" },
        },
        Id = "string",
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "string",
                },
                Id = "string",
                Name = "string",
                Priority = 0,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "string",
                        DestinationAddresses = new[]
                        {
                            "string",
                        },
                        DestinationFqdns = new[]
                        {
                            "string",
                        },
                        DestinationIpGroups = new[]
                        {
                            "string",
                        },
                        DestinationPorts = new[]
                        {
                            "string",
                        },
                        Name = "string",
                        Protocols = new[]
                        {
                            "string",
                        },
                        SourceAddresses = new[]
                        {
                            "string",
                        },
                        SourceIpGroups = new[]
                        {
                            "string",
                        },
                    },
                },
            },
        },
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = "string",
                },
                Id = "string",
                Name = "string",
                Priority = 0,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "string",
                        FqdnTags = new[]
                        {
                            "string",
                        },
                        Name = "string",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 0,
                                ProtocolType = "string",
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "string",
                        },
                        SourceIpGroups = new[]
                        {
                            "string",
                        },
                        TargetFqdns = new[]
                        {
                            "string",
                        },
                    },
                },
            },
        },
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = "string",
            Tier = "string",
        },
        Tags = 
        {
            { "string", "string" },
        },
        ThreatIntelMode = "string",
        VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "string",
        },
        Zones = new[]
        {
            "string",
        },
    });
    
    example, err := network.NewAzureFirewall(ctx, "azureFirewallResource", &network.AzureFirewallArgs{
    	ResourceGroupName: pulumi.String("string"),
    	ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
    		Id:   pulumi.String("string"),
    		Name: pulumi.String("string"),
    		PublicIPAddress: &network.SubResourceArgs{
    			Id: pulumi.String("string"),
    		},
    		Subnet: &network.SubResourceArgs{
    			Id: pulumi.String("string"),
    		},
    	},
    	Location: pulumi.String("string"),
    	FirewallPolicy: &network.SubResourceArgs{
    		Id: pulumi.String("string"),
    	},
    	HubIPAddresses: &network.HubIPAddressesArgs{
    		PrivateIPAddress: pulumi.String("string"),
    		PublicIPs: &network.HubPublicIPAddressesArgs{
    			Addresses: network.AzureFirewallPublicIPAddressArray{
    				&network.AzureFirewallPublicIPAddressArgs{
    					Address: pulumi.String("string"),
    				},
    			},
    			Count: pulumi.Int(0),
    		},
    	},
    	NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
    		&network.AzureFirewallNatRuleCollectionArgs{
    			Action: &network.AzureFirewallNatRCActionArgs{
    				Type: pulumi.String("string"),
    			},
    			Id:       pulumi.String("string"),
    			Name:     pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Rules: network.AzureFirewallNatRuleArray{
    				&network.AzureFirewallNatRuleArgs{
    					Description: pulumi.String("string"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationPorts: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Name: pulumi.String("string"),
    					Protocols: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					TranslatedAddress: pulumi.String("string"),
    					TranslatedFqdn:    pulumi.String("string"),
    					TranslatedPort:    pulumi.String("string"),
    				},
    			},
    		},
    	},
    	IpConfigurations: network.AzureFirewallIPConfigurationArray{
    		&network.AzureFirewallIPConfigurationArgs{
    			Id:   pulumi.String("string"),
    			Name: pulumi.String("string"),
    			PublicIPAddress: &network.SubResourceArgs{
    				Id: pulumi.String("string"),
    			},
    			Subnet: &network.SubResourceArgs{
    				Id: pulumi.String("string"),
    			},
    		},
    	},
    	AzureFirewallName: pulumi.String("string"),
    	AdditionalProperties: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Id: pulumi.String("string"),
    	NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
    		&network.AzureFirewallNetworkRuleCollectionArgs{
    			Action: &network.AzureFirewallRCActionArgs{
    				Type: pulumi.String("string"),
    			},
    			Id:       pulumi.String("string"),
    			Name:     pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Rules: network.AzureFirewallNetworkRuleArray{
    				&network.AzureFirewallNetworkRuleArgs{
    					Description: pulumi.String("string"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationFqdns: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationPorts: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Name: pulumi.String("string"),
    					Protocols: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    		},
    	},
    	ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
    		&network.AzureFirewallApplicationRuleCollectionArgs{
    			Action: &network.AzureFirewallRCActionArgs{
    				Type: pulumi.String("string"),
    			},
    			Id:       pulumi.String("string"),
    			Name:     pulumi.String("string"),
    			Priority: pulumi.Int(0),
    			Rules: network.AzureFirewallApplicationRuleArray{
    				&network.AzureFirewallApplicationRuleArgs{
    					Description: pulumi.String("string"),
    					FqdnTags: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Name: pulumi.String("string"),
    					Protocols: network.AzureFirewallApplicationRuleProtocolArray{
    						&network.AzureFirewallApplicationRuleProtocolArgs{
    							Port:         pulumi.Int(0),
    							ProtocolType: pulumi.String("string"),
    						},
    					},
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					TargetFqdns: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    		},
    	},
    	Sku: &network.AzureFirewallSkuArgs{
    		Name: pulumi.String("string"),
    		Tier: pulumi.String("string"),
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ThreatIntelMode: pulumi.String("string"),
    	VirtualHub: &network.SubResourceArgs{
    		Id: pulumi.String("string"),
    	},
    	Zones: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    })
    
    var azureFirewallResource = new AzureFirewall("azureFirewallResource", AzureFirewallArgs.builder()
        .resourceGroupName("string")
        .managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
            .id("string")
            .name("string")
            .publicIPAddress(SubResourceArgs.builder()
                .id("string")
                .build())
            .subnet(SubResourceArgs.builder()
                .id("string")
                .build())
            .build())
        .location("string")
        .firewallPolicy(SubResourceArgs.builder()
            .id("string")
            .build())
        .hubIPAddresses(HubIPAddressesArgs.builder()
            .privateIPAddress("string")
            .publicIPs(HubPublicIPAddressesArgs.builder()
                .addresses(AzureFirewallPublicIPAddressArgs.builder()
                    .address("string")
                    .build())
                .count(0)
                .build())
            .build())
        .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
            .action(AzureFirewallNatRCActionArgs.builder()
                .type("string")
                .build())
            .id("string")
            .name("string")
            .priority(0)
            .rules(AzureFirewallNatRuleArgs.builder()
                .description("string")
                .destinationAddresses("string")
                .destinationPorts("string")
                .name("string")
                .protocols("string")
                .sourceAddresses("string")
                .sourceIpGroups("string")
                .translatedAddress("string")
                .translatedFqdn("string")
                .translatedPort("string")
                .build())
            .build())
        .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
            .id("string")
            .name("string")
            .publicIPAddress(SubResourceArgs.builder()
                .id("string")
                .build())
            .subnet(SubResourceArgs.builder()
                .id("string")
                .build())
            .build())
        .azureFirewallName("string")
        .additionalProperties(Map.of("string", "string"))
        .id("string")
        .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
            .action(AzureFirewallRCActionArgs.builder()
                .type("string")
                .build())
            .id("string")
            .name("string")
            .priority(0)
            .rules(AzureFirewallNetworkRuleArgs.builder()
                .description("string")
                .destinationAddresses("string")
                .destinationFqdns("string")
                .destinationIpGroups("string")
                .destinationPorts("string")
                .name("string")
                .protocols("string")
                .sourceAddresses("string")
                .sourceIpGroups("string")
                .build())
            .build())
        .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
            .action(AzureFirewallRCActionArgs.builder()
                .type("string")
                .build())
            .id("string")
            .name("string")
            .priority(0)
            .rules(AzureFirewallApplicationRuleArgs.builder()
                .description("string")
                .fqdnTags("string")
                .name("string")
                .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                    .port(0)
                    .protocolType("string")
                    .build())
                .sourceAddresses("string")
                .sourceIpGroups("string")
                .targetFqdns("string")
                .build())
            .build())
        .sku(AzureFirewallSkuArgs.builder()
            .name("string")
            .tier("string")
            .build())
        .tags(Map.of("string", "string"))
        .threatIntelMode("string")
        .virtualHub(SubResourceArgs.builder()
            .id("string")
            .build())
        .zones("string")
        .build());
    
    azure_firewall_resource = azure_native.network.AzureFirewall("azureFirewallResource",
        resource_group_name="string",
        management_ip_configuration={
            "id": "string",
            "name": "string",
            "publicIPAddress": {
                "id": "string",
            },
            "subnet": {
                "id": "string",
            },
        },
        location="string",
        firewall_policy={
            "id": "string",
        },
        hub_ip_addresses={
            "privateIPAddress": "string",
            "publicIPs": {
                "addresses": [{
                    "address": "string",
                }],
                "count": 0,
            },
        },
        nat_rule_collections=[{
            "action": {
                "type": "string",
            },
            "id": "string",
            "name": "string",
            "priority": 0,
            "rules": [{
                "description": "string",
                "destinationAddresses": ["string"],
                "destinationPorts": ["string"],
                "name": "string",
                "protocols": ["string"],
                "sourceAddresses": ["string"],
                "sourceIpGroups": ["string"],
                "translatedAddress": "string",
                "translatedFqdn": "string",
                "translatedPort": "string",
            }],
        }],
        ip_configurations=[{
            "id": "string",
            "name": "string",
            "publicIPAddress": {
                "id": "string",
            },
            "subnet": {
                "id": "string",
            },
        }],
        azure_firewall_name="string",
        additional_properties={
            "string": "string",
        },
        id="string",
        network_rule_collections=[{
            "action": {
                "type": "string",
            },
            "id": "string",
            "name": "string",
            "priority": 0,
            "rules": [{
                "description": "string",
                "destinationAddresses": ["string"],
                "destinationFqdns": ["string"],
                "destinationIpGroups": ["string"],
                "destinationPorts": ["string"],
                "name": "string",
                "protocols": ["string"],
                "sourceAddresses": ["string"],
                "sourceIpGroups": ["string"],
            }],
        }],
        application_rule_collections=[{
            "action": {
                "type": "string",
            },
            "id": "string",
            "name": "string",
            "priority": 0,
            "rules": [{
                "description": "string",
                "fqdnTags": ["string"],
                "name": "string",
                "protocols": [{
                    "port": 0,
                    "protocolType": "string",
                }],
                "sourceAddresses": ["string"],
                "sourceIpGroups": ["string"],
                "targetFqdns": ["string"],
            }],
        }],
        sku={
            "name": "string",
            "tier": "string",
        },
        tags={
            "string": "string",
        },
        threat_intel_mode="string",
        virtual_hub={
            "id": "string",
        },
        zones=["string"])
    
    const azureFirewallResource = new azure_native.network.AzureFirewall("azureFirewallResource", {
        resourceGroupName: "string",
        managementIpConfiguration: {
            id: "string",
            name: "string",
            publicIPAddress: {
                id: "string",
            },
            subnet: {
                id: "string",
            },
        },
        location: "string",
        firewallPolicy: {
            id: "string",
        },
        hubIPAddresses: {
            privateIPAddress: "string",
            publicIPs: {
                addresses: [{
                    address: "string",
                }],
                count: 0,
            },
        },
        natRuleCollections: [{
            action: {
                type: "string",
            },
            id: "string",
            name: "string",
            priority: 0,
            rules: [{
                description: "string",
                destinationAddresses: ["string"],
                destinationPorts: ["string"],
                name: "string",
                protocols: ["string"],
                sourceAddresses: ["string"],
                sourceIpGroups: ["string"],
                translatedAddress: "string",
                translatedFqdn: "string",
                translatedPort: "string",
            }],
        }],
        ipConfigurations: [{
            id: "string",
            name: "string",
            publicIPAddress: {
                id: "string",
            },
            subnet: {
                id: "string",
            },
        }],
        azureFirewallName: "string",
        additionalProperties: {
            string: "string",
        },
        id: "string",
        networkRuleCollections: [{
            action: {
                type: "string",
            },
            id: "string",
            name: "string",
            priority: 0,
            rules: [{
                description: "string",
                destinationAddresses: ["string"],
                destinationFqdns: ["string"],
                destinationIpGroups: ["string"],
                destinationPorts: ["string"],
                name: "string",
                protocols: ["string"],
                sourceAddresses: ["string"],
                sourceIpGroups: ["string"],
            }],
        }],
        applicationRuleCollections: [{
            action: {
                type: "string",
            },
            id: "string",
            name: "string",
            priority: 0,
            rules: [{
                description: "string",
                fqdnTags: ["string"],
                name: "string",
                protocols: [{
                    port: 0,
                    protocolType: "string",
                }],
                sourceAddresses: ["string"],
                sourceIpGroups: ["string"],
                targetFqdns: ["string"],
            }],
        }],
        sku: {
            name: "string",
            tier: "string",
        },
        tags: {
            string: "string",
        },
        threatIntelMode: "string",
        virtualHub: {
            id: "string",
        },
        zones: ["string"],
    });
    
    type: azure-native:network:AzureFirewall
    properties:
        additionalProperties:
            string: string
        applicationRuleCollections:
            - action:
                type: string
              id: string
              name: string
              priority: 0
              rules:
                - description: string
                  fqdnTags:
                    - string
                  name: string
                  protocols:
                    - port: 0
                      protocolType: string
                  sourceAddresses:
                    - string
                  sourceIpGroups:
                    - string
                  targetFqdns:
                    - string
        azureFirewallName: string
        firewallPolicy:
            id: string
        hubIPAddresses:
            privateIPAddress: string
            publicIPs:
                addresses:
                    - address: string
                count: 0
        id: string
        ipConfigurations:
            - id: string
              name: string
              publicIPAddress:
                id: string
              subnet:
                id: string
        location: string
        managementIpConfiguration:
            id: string
            name: string
            publicIPAddress:
                id: string
            subnet:
                id: string
        natRuleCollections:
            - action:
                type: string
              id: string
              name: string
              priority: 0
              rules:
                - description: string
                  destinationAddresses:
                    - string
                  destinationPorts:
                    - string
                  name: string
                  protocols:
                    - string
                  sourceAddresses:
                    - string
                  sourceIpGroups:
                    - string
                  translatedAddress: string
                  translatedFqdn: string
                  translatedPort: string
        networkRuleCollections:
            - action:
                type: string
              id: string
              name: string
              priority: 0
              rules:
                - description: string
                  destinationAddresses:
                    - string
                  destinationFqdns:
                    - string
                  destinationIpGroups:
                    - string
                  destinationPorts:
                    - string
                  name: string
                  protocols:
                    - string
                  sourceAddresses:
                    - string
                  sourceIpGroups:
                    - string
        resourceGroupName: string
        sku:
            name: string
            tier: string
        tags:
            string: string
        threatIntelMode: string
        virtualHub:
            id: string
        zones:
            - string
    

    AzureFirewall Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The AzureFirewall resource accepts the following input properties:

    ResourceGroupName string
    The name of the resource group.
    AdditionalProperties Dictionary<string, string>
    The additional properties used to further config this azure firewall.
    ApplicationRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollection>
    Collection of application rule collections used by Azure Firewall.
    AzureFirewallName string
    The name of the Azure Firewall.
    FirewallPolicy Pulumi.AzureNative.Network.Inputs.SubResource
    The firewallPolicy associated with this azure firewall.
    HubIPAddresses Pulumi.AzureNative.Network.Inputs.HubIPAddresses
    IP addresses associated with AzureFirewall.
    Id string
    Resource ID.
    IpConfigurations List<Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration>
    IP configuration of the Azure Firewall resource.
    Location string
    Resource location.
    ManagementIpConfiguration Pulumi.AzureNative.Network.Inputs.AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    NatRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNatRuleCollection>
    Collection of NAT rule collections used by Azure Firewall.
    NetworkRuleCollections List<Pulumi.AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollection>
    Collection of network rule collections used by Azure Firewall.
    Sku Pulumi.AzureNative.Network.Inputs.AzureFirewallSku
    The Azure Firewall Resource SKU.
    Tags Dictionary<string, string>
    Resource tags.
    ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    VirtualHub Pulumi.AzureNative.Network.Inputs.SubResource
    The virtualHub to which the firewall belongs.
    Zones List<string>
    A list of availability zones denoting where the resource needs to come from.
    ResourceGroupName string
    The name of the resource group.
    AdditionalProperties map[string]string
    The additional properties used to further config this azure firewall.
    ApplicationRuleCollections []AzureFirewallApplicationRuleCollectionArgs
    Collection of application rule collections used by Azure Firewall.
    AzureFirewallName string
    The name of the Azure Firewall.
    FirewallPolicy SubResourceArgs
    The firewallPolicy associated with this azure firewall.
    HubIPAddresses HubIPAddressesArgs
    IP addresses associated with AzureFirewall.
    Id string
    Resource ID.
    IpConfigurations []AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall resource.
    Location string
    Resource location.
    ManagementIpConfiguration AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall used for management traffic.
    NatRuleCollections []AzureFirewallNatRuleCollectionArgs
    Collection of NAT rule collections used by Azure Firewall.
    NetworkRuleCollections []AzureFirewallNetworkRuleCollectionArgs
    Collection of network rule collections used by Azure Firewall.
    Sku AzureFirewallSkuArgs
    The Azure Firewall Resource SKU.
    Tags map[string]string
    Resource tags.
    ThreatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    VirtualHub SubResourceArgs
    The virtualHub to which the firewall belongs.
    Zones []string
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName String
    The name of the resource group.
    additionalProperties Map<String,String>
    The additional properties used to further config this azure firewall.
    applicationRuleCollections List<AzureFirewallApplicationRuleCollection>
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName String
    The name of the Azure Firewall.
    firewallPolicy SubResource
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses HubIPAddresses
    IP addresses associated with AzureFirewall.
    id String
    Resource ID.
    ipConfigurations List<AzureFirewallIPConfiguration>
    IP configuration of the Azure Firewall resource.
    location String
    Resource location.
    managementIpConfiguration AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections List<AzureFirewallNatRuleCollection>
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections List<AzureFirewallNetworkRuleCollection>
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSku
    The Azure Firewall Resource SKU.
    tags Map<String,String>
    Resource tags.
    threatIntelMode String | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtualHub SubResource
    The virtualHub to which the firewall belongs.
    zones List<String>
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName string
    The name of the resource group.
    additionalProperties {[key: string]: string}
    The additional properties used to further config this azure firewall.
    applicationRuleCollections AzureFirewallApplicationRuleCollection[]
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName string
    The name of the Azure Firewall.
    firewallPolicy SubResource
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses HubIPAddresses
    IP addresses associated with AzureFirewall.
    id string
    Resource ID.
    ipConfigurations AzureFirewallIPConfiguration[]
    IP configuration of the Azure Firewall resource.
    location string
    Resource location.
    managementIpConfiguration AzureFirewallIPConfiguration
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections AzureFirewallNatRuleCollection[]
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections AzureFirewallNetworkRuleCollection[]
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSku
    The Azure Firewall Resource SKU.
    tags {[key: string]: string}
    Resource tags.
    threatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtualHub SubResource
    The virtualHub to which the firewall belongs.
    zones string[]
    A list of availability zones denoting where the resource needs to come from.
    resource_group_name str
    The name of the resource group.
    additional_properties Mapping[str, str]
    The additional properties used to further config this azure firewall.
    application_rule_collections Sequence[AzureFirewallApplicationRuleCollectionArgs]
    Collection of application rule collections used by Azure Firewall.
    azure_firewall_name str
    The name of the Azure Firewall.
    firewall_policy SubResourceArgs
    The firewallPolicy associated with this azure firewall.
    hub_ip_addresses HubIPAddressesArgs
    IP addresses associated with AzureFirewall.
    id str
    Resource ID.
    ip_configurations Sequence[AzureFirewallIPConfigurationArgs]
    IP configuration of the Azure Firewall resource.
    location str
    Resource location.
    management_ip_configuration AzureFirewallIPConfigurationArgs
    IP configuration of the Azure Firewall used for management traffic.
    nat_rule_collections Sequence[AzureFirewallNatRuleCollectionArgs]
    Collection of NAT rule collections used by Azure Firewall.
    network_rule_collections Sequence[AzureFirewallNetworkRuleCollectionArgs]
    Collection of network rule collections used by Azure Firewall.
    sku AzureFirewallSkuArgs
    The Azure Firewall Resource SKU.
    tags Mapping[str, str]
    Resource tags.
    threat_intel_mode str | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    virtual_hub SubResourceArgs
    The virtualHub to which the firewall belongs.
    zones Sequence[str]
    A list of availability zones denoting where the resource needs to come from.
    resourceGroupName String
    The name of the resource group.
    additionalProperties Map<String>
    The additional properties used to further config this azure firewall.
    applicationRuleCollections List<Property Map>
    Collection of application rule collections used by Azure Firewall.
    azureFirewallName String
    The name of the Azure Firewall.
    firewallPolicy Property Map
    The firewallPolicy associated with this azure firewall.
    hubIPAddresses Property Map
    IP addresses associated with AzureFirewall.
    id String
    Resource ID.
    ipConfigurations List<Property Map>
    IP configuration of the Azure Firewall resource.
    location String
    Resource location.
    managementIpConfiguration Property Map
    IP configuration of the Azure Firewall used for management traffic.
    natRuleCollections List<Property Map>
    Collection of NAT rule collections used by Azure Firewall.
    networkRuleCollections List<Property Map>
    Collection of network rule collections used by Azure Firewall.
    sku Property Map
    The Azure Firewall Resource SKU.
    tags Map<String>
    Resource tags.
    threatIntelMode String | "Alert" | "Deny" | "Off"
    The operation mode for Threat Intelligence.
    virtualHub Property Map
    The virtualHub to which the firewall belongs.
    zones List<String>
    A list of availability zones denoting where the resource needs to come from.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    IpGroups List<Pulumi.AzureNative.Network.Outputs.AzureFirewallIpGroupsResponse>
    IpGroups associated with AzureFirewall.
    Name string
    Resource name.
    ProvisioningState string
    The provisioning state of the Azure firewall resource.
    Type string
    Resource type.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    IpGroups []AzureFirewallIpGroupsResponse
    IpGroups associated with AzureFirewall.
    Name string
    Resource name.
    ProvisioningState string
    The provisioning state of the Azure firewall resource.
    Type string
    Resource type.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    id String
    The provider-assigned unique ID for this managed resource.
    ipGroups List<AzureFirewallIpGroupsResponse>
    IpGroups associated with AzureFirewall.
    name String
    Resource name.
    provisioningState String
    The provisioning state of the Azure firewall resource.
    type String
    Resource type.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    id string
    The provider-assigned unique ID for this managed resource.
    ipGroups AzureFirewallIpGroupsResponse[]
    IpGroups associated with AzureFirewall.
    name string
    Resource name.
    provisioningState string
    The provisioning state of the Azure firewall resource.
    type string
    Resource type.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    id str
    The provider-assigned unique ID for this managed resource.
    ip_groups Sequence[AzureFirewallIpGroupsResponse]
    IpGroups associated with AzureFirewall.
    name str
    Resource name.
    provisioning_state str
    The provisioning state of the Azure firewall resource.
    type str
    Resource type.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    id String
    The provider-assigned unique ID for this managed resource.
    ipGroups List<Property Map>
    IpGroups associated with AzureFirewall.
    name String
    Resource name.
    provisioningState String
    The provisioning state of the Azure firewall resource.
    type String
    Resource type.

    Supporting Types

    AzureFirewallApplicationRule, AzureFirewallApplicationRuleArgs

    Description string
    Description of the rule.
    FqdnTags List<string>
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocol>
    Array of ApplicationRuleProtocols.
    SourceAddresses List<string>
    List of source IP addresses for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    TargetFqdns List<string>
    List of FQDNs for this rule.
    Description string
    Description of the rule.
    FqdnTags []string
    List of FQDN Tags for this rule.
    Name string
    Name of the application rule.
    Protocols []AzureFirewallApplicationRuleProtocol
    Array of ApplicationRuleProtocols.
    SourceAddresses []string
    List of source IP addresses for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    TargetFqdns []string
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<AzureFirewallApplicationRuleProtocol>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.
    description string
    Description of the rule.
    fqdnTags string[]
    List of FQDN Tags for this rule.
    name string
    Name of the application rule.
    protocols AzureFirewallApplicationRuleProtocol[]
    Array of ApplicationRuleProtocols.
    sourceAddresses string[]
    List of source IP addresses for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    targetFqdns string[]
    List of FQDNs for this rule.
    description str
    Description of the rule.
    fqdn_tags Sequence[str]
    List of FQDN Tags for this rule.
    name str
    Name of the application rule.
    protocols Sequence[AzureFirewallApplicationRuleProtocol]
    Array of ApplicationRuleProtocols.
    source_addresses Sequence[str]
    List of source IP addresses for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    target_fqdns Sequence[str]
    List of FQDNs for this rule.
    description String
    Description of the rule.
    fqdnTags List<String>
    List of FQDN Tags for this rule.
    name String
    Name of the application rule.
    protocols List<Property Map>
    Array of ApplicationRuleProtocols.
    sourceAddresses List<String>
    List of source IP addresses for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    targetFqdns List<String>
    List of FQDNs for this rule.

    AzureFirewallApplicationRuleCollection, AzureFirewallApplicationRuleCollectionArgs

    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRule>
    Collection of rules used by a application rule collection.
    Action AzureFirewallRCAction
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules []AzureFirewallApplicationRule
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the application rule collection resource.
    rules List<AzureFirewallApplicationRule>
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the application rule collection resource.
    rules AzureFirewallApplicationRule[]
    Collection of rules used by a application rule collection.
    action AzureFirewallRCAction
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the application rule collection resource.
    rules Sequence[AzureFirewallApplicationRule]
    Collection of rules used by a application rule collection.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the application rule collection resource.
    rules List<Property Map>
    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleCollectionResponse, AzureFirewallApplicationRuleCollectionResponseArgs

    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the application rule collection resource.
    Action Pulumi.AzureNative.Network.Inputs.AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules List<Pulumi.AzureNative.Network.Inputs.AzureFirewallApplicationRuleResponse>
    Collection of rules used by a application rule collection.
    Etag string
    A unique read-only string that changes whenever the resource is updated.
    ProvisioningState string
    The provisioning state of the application rule collection resource.
    Action AzureFirewallRCActionResponse
    The action type of a rule collection.
    Id string
    Resource ID.
    Name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    Priority int
    Priority of the application rule collection resource.
    Rules []AzureFirewallApplicationRuleResponse
    Collection of rules used by a application rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Integer
    Priority of the application rule collection resource.
    rules List<AzureFirewallApplicationRuleResponse>
    Collection of rules used by a application rule collection.
    etag string
    A unique read-only string that changes whenever the resource is updated.
    provisioningState string
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id string
    Resource ID.
    name string
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority number
    Priority of the application rule collection resource.
    rules AzureFirewallApplicationRuleResponse[]
    Collection of rules used by a application rule collection.
    etag str
    A unique read-only string that changes whenever the resource is updated.
    provisioning_state str
    The provisioning state of the application rule collection resource.
    action AzureFirewallRCActionResponse
    The action type of a rule collection.
    id str
    Resource ID.
    name str
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority int
    Priority of the application rule collection resource.
    rules Sequence[AzureFirewallApplicationRuleResponse]
    Collection of rules used by a application rule collection.
    etag String
    A unique read-only string that changes whenever the resource is updated.
    provisioningState String
    The provisioning state of the application rule collection resource.
    action Property Map
    The action type of a rule collection.
    id String
    Resource ID.
    name String
    The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
    priority Number
    Priority of the application rule collection resource.
    rules List<Property Map>
    Collection of rules used by a application rule collection.

    AzureFirewallApplicationRuleProtocol, AzureFirewallApplicationRuleProtocolArgs