Azure Native

Pulumi Official
Package maintained by Pulumi
v1.67.0 published on Tuesday, Jul 12, 2022 by Pulumi

FirewallPolicy

FirewallPolicy Resource. API Version: 2020-11-01.

Example Usage

Create FirewallPolicy

using Pulumi;
using AzureNative = Pulumi.AzureNative;

class MyStack : Stack
{
    public MyStack()
    {
        var firewallPolicy = new AzureNative.Network.FirewallPolicy("firewallPolicy", new AzureNative.Network.FirewallPolicyArgs
        {
            DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
            {
                EnableProxy = true,
                RequireProxyForNetworkRules = false,
                Servers = 
                {
                    "30.3.4.5",
                },
            },
            FirewallPolicyName = "firewallPolicy",
            Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
            {
                IsEnabled = true,
                LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
                {
                    DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                    },
                    Workspaces = 
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "westus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                            },
                        },
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "eastus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                            },
                        },
                    },
                },
                RetentionDays = 100,
            },
            IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
            {
                Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
                {
                    BypassTrafficSettings = 
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                        {
                            Description = "Rule 1",
                            DestinationAddresses = 
                            {
                                "5.6.7.8",
                            },
                            DestinationPorts = 
                            {
                                "*",
                            },
                            Name = "bypassRule1",
                            Protocol = "TCP",
                            SourceAddresses = 
                            {
                                "1.2.3.4",
                            },
                        },
                    },
                    SignatureOverrides = 
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                        {
                            Id = "2525004",
                            Mode = "Deny",
                        },
                    },
                },
                Mode = "Alert",
            },
            Location = "West US",
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
            {
                Tier = "Premium",
            },
            Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
            {
                PrivateRanges = 
                {
                    "IANAPrivateRanges",
                },
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
            {
                Fqdns = 
                {
                    "*.microsoft.com",
                },
                IpAddresses = 
                {
                    "20.3.4.5",
                },
            },
            TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
            {
                CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
                {
                    KeyVaultSecretId = "https://kv/secret",
                    Name = "clientcert",
                },
            },
        });
    }

}
package main

import (
	network "github.com/pulumi/pulumi-azure-native/sdk/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewFirewallPolicy(ctx, "firewallPolicy", &network.FirewallPolicyArgs{
			DnsSettings: &network.DnsSettingsArgs{
				EnableProxy:                 pulumi.Bool(true),
				RequireProxyForNetworkRules: pulumi.Bool(false),
				Servers: pulumi.StringArray{
					pulumi.String("30.3.4.5"),
				},
			},
			FirewallPolicyName: pulumi.String("firewallPolicy"),
			Insights: &network.FirewallPolicyInsightsArgs{
				IsEnabled: pulumi.Bool(true),
				LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
					DefaultWorkspaceId: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
					},
					Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
							Region: pulumi.String("westus"),
							WorkspaceId: &network.SubResourceArgs{
								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
							},
						},
						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
							Region: pulumi.String("eastus"),
							WorkspaceId: &network.SubResourceArgs{
								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
							},
						},
					},
				},
				RetentionDays: pulumi.Int(100),
			},
			IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
				Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
					BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
						&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
							Description: pulumi.String("Rule 1"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("5.6.7.8"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("*"),
							},
							Name:     pulumi.String("bypassRule1"),
							Protocol: pulumi.String("TCP"),
							SourceAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
						},
					},
					SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
						&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
							Id:   pulumi.String("2525004"),
							Mode: pulumi.String("Deny"),
						},
					},
				},
				Mode: pulumi.String("Alert"),
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.FirewallPolicySkuArgs{
				Tier: pulumi.String("Premium"),
			},
			Snat: &network.FirewallPolicySNATArgs{
				PrivateRanges: pulumi.StringArray{
					pulumi.String("IANAPrivateRanges"),
				},
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String("Alert"),
			ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
				Fqdns: pulumi.StringArray{
					pulumi.String("*.microsoft.com"),
				},
				IpAddresses: pulumi.StringArray{
					pulumi.String("20.3.4.5"),
				},
			},
			TransportSecurity: &network.FirewallPolicyTransportSecurityArgs{
				CertificateAuthority: &network.FirewallPolicyCertificateAuthorityArgs{
					KeyVaultSecretId: pulumi.String("https://kv/secret"),
					Name:             pulumi.String("clientcert"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var firewallPolicy = new FirewallPolicy("firewallPolicy", FirewallPolicyArgs.builder()        
            .dnsSettings(Map.ofEntries(
                Map.entry("enableProxy", true),
                Map.entry("requireProxyForNetworkRules", false),
                Map.entry("servers", "30.3.4.5")
            ))
            .firewallPolicyName("firewallPolicy")
            .insights(Map.ofEntries(
                Map.entry("isEnabled", true),
                Map.entry("logAnalyticsResources", Map.ofEntries(
                    Map.entry("defaultWorkspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")),
                    Map.entry("workspaces",                     
                        Map.ofEntries(
                            Map.entry("region", "westus"),
                            Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"))
                        ),
                        Map.ofEntries(
                            Map.entry("region", "eastus"),
                            Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"))
                        ))
                )),
                Map.entry("retentionDays", 100)
            ))
            .intrusionDetection(Map.ofEntries(
                Map.entry("configuration", Map.ofEntries(
                    Map.entry("bypassTrafficSettings", Map.ofEntries(
                        Map.entry("description", "Rule 1"),
                        Map.entry("destinationAddresses", "5.6.7.8"),
                        Map.entry("destinationPorts", "*"),
                        Map.entry("name", "bypassRule1"),
                        Map.entry("protocol", "TCP"),
                        Map.entry("sourceAddresses", "1.2.3.4")
                    )),
                    Map.entry("signatureOverrides", Map.ofEntries(
                        Map.entry("id", "2525004"),
                        Map.entry("mode", "Deny")
                    ))
                )),
                Map.entry("mode", "Alert")
            ))
            .location("West US")
            .resourceGroupName("rg1")
            .sku(Map.of("tier", "Premium"))
            .snat(Map.of("privateRanges", "IANAPrivateRanges"))
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .threatIntelWhitelist(Map.ofEntries(
                Map.entry("fqdns", "*.microsoft.com"),
                Map.entry("ipAddresses", "20.3.4.5")
            ))
            .transportSecurity(Map.of("certificateAuthority", Map.ofEntries(
                Map.entry("keyVaultSecretId", "https://kv/secret"),
                Map.entry("name", "clientcert")
            )))
            .build());

    }
}
import pulumi
import pulumi_azure_native as azure_native

firewall_policy = azure_native.network.FirewallPolicy("firewallPolicy",
    dns_settings=azure_native.network.DnsSettingsArgs(
        enable_proxy=True,
        require_proxy_for_network_rules=False,
        servers=["30.3.4.5"],
    ),
    firewall_policy_name="firewallPolicy",
    insights=azure_native.network.FirewallPolicyInsightsArgs(
        is_enabled=True,
        log_analytics_resources=azure_native.network.FirewallPolicyLogAnalyticsResourcesArgs(
            default_workspace_id=azure_native.network.SubResourceArgs(
                id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
            ),
            workspaces=[
                azure_native.network.FirewallPolicyLogAnalyticsWorkspaceArgs(
                    region="westus",
                    workspace_id=azure_native.network.SubResourceArgs(
                        id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                    ),
                ),
                azure_native.network.FirewallPolicyLogAnalyticsWorkspaceArgs(
                    region="eastus",
                    workspace_id=azure_native.network.SubResourceArgs(
                        id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                    ),
                ),
            ],
        ),
        retention_days=100,
    ),
    intrusion_detection=azure_native.network.FirewallPolicyIntrusionDetectionArgs(
        configuration=azure_native.network.FirewallPolicyIntrusionDetectionConfigurationArgs(
            bypass_traffic_settings=[azure_native.network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs(
                description="Rule 1",
                destination_addresses=["5.6.7.8"],
                destination_ports=["*"],
                name="bypassRule1",
                protocol="TCP",
                source_addresses=["1.2.3.4"],
            )],
            signature_overrides=[azure_native.network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs(
                id="2525004",
                mode="Deny",
            )],
        ),
        mode="Alert",
    ),
    location="West US",
    resource_group_name="rg1",
    sku=azure_native.network.FirewallPolicySkuArgs(
        tier="Premium",
    ),
    snat=azure_native.network.FirewallPolicySNATArgs(
        private_ranges=["IANAPrivateRanges"],
    ),
    tags={
        "key1": "value1",
    },
    threat_intel_mode="Alert",
    threat_intel_whitelist=azure_native.network.FirewallPolicyThreatIntelWhitelistArgs(
        fqdns=["*.microsoft.com"],
        ip_addresses=["20.3.4.5"],
    ),
    transport_security=azure_native.network.FirewallPolicyTransportSecurityArgs(
        certificate_authority=azure_native.network.FirewallPolicyCertificateAuthorityArgs(
            key_vault_secret_id="https://kv/secret",
            name="clientcert",
        ),
    ))
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const firewallPolicy = new azure_native.network.FirewallPolicy("firewallPolicy", {
    dnsSettings: {
        enableProxy: true,
        requireProxyForNetworkRules: false,
        servers: ["30.3.4.5"],
    },
    firewallPolicyName: "firewallPolicy",
    insights: {
        isEnabled: true,
        logAnalyticsResources: {
            defaultWorkspaceId: {
                id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
            },
            workspaces: [
                {
                    region: "westus",
                    workspaceId: {
                        id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                    },
                },
                {
                    region: "eastus",
                    workspaceId: {
                        id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                    },
                },
            ],
        },
        retentionDays: 100,
    },
    intrusionDetection: {
        configuration: {
            bypassTrafficSettings: [{
                description: "Rule 1",
                destinationAddresses: ["5.6.7.8"],
                destinationPorts: ["*"],
                name: "bypassRule1",
                protocol: "TCP",
                sourceAddresses: ["1.2.3.4"],
            }],
            signatureOverrides: [{
                id: "2525004",
                mode: "Deny",
            }],
        },
        mode: "Alert",
    },
    location: "West US",
    resourceGroupName: "rg1",
    sku: {
        tier: "Premium",
    },
    snat: {
        privateRanges: ["IANAPrivateRanges"],
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: "Alert",
    threatIntelWhitelist: {
        fqdns: ["*.microsoft.com"],
        ipAddresses: ["20.3.4.5"],
    },
    transportSecurity: {
        certificateAuthority: {
            keyVaultSecretId: "https://kv/secret",
            name: "clientcert",
        },
    },
});
resources:
  firewallPolicy:
    type: azure-native:network:FirewallPolicy
    properties:
      dnsSettings:
        enableProxy: true
        requireProxyForNetworkRules: false
        servers:
          - 30.3.4.5
      firewallPolicyName: firewallPolicy
      insights:
        isEnabled: true
        logAnalyticsResources:
          defaultWorkspaceId:
            id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
          workspaces:
            - region: westus
              workspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
            - region: eastus
              workspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
        retentionDays: 100
      intrusionDetection:
        configuration:
          bypassTrafficSettings:
            - description: Rule 1
              destinationAddresses:
                - 5.6.7.8
              destinationPorts:
                - '*'
              name: bypassRule1
              protocol: TCP
              sourceAddresses:
                - 1.2.3.4
          signatureOverrides:
            - id: 2525004
              mode: Deny
        mode: Alert
      location: West US
      resourceGroupName: rg1
      sku:
        tier: Premium
      snat:
        privateRanges:
          - IANAPrivateRanges
      tags:
        key1: value1
      threatIntelMode: Alert
      threatIntelWhitelist:
        fqdns:
          - '*.microsoft.com'
        ipAddresses:
          - 20.3.4.5
      transportSecurity:
        certificateAuthority:
          keyVaultSecretId: https://kv/secret
          name: clientcert

Create a FirewallPolicy Resource

new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   base_policy: Optional[SubResourceArgs] = None,
                   dns_settings: Optional[DnsSettingsArgs] = None,
                   firewall_policy_name: Optional[str] = None,
                   id: Optional[str] = None,
                   identity: Optional[ManagedServiceIdentityArgs] = None,
                   insights: Optional[FirewallPolicyInsightsArgs] = None,
                   intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                   location: Optional[str] = None,
                   resource_group_name: Optional[str] = None,
                   sku: Optional[FirewallPolicySkuArgs] = None,
                   snat: Optional[FirewallPolicySNATArgs] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                   threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None,
                   transport_security: Optional[FirewallPolicyTransportSecurityArgs] = None)
@overload
def FirewallPolicy(resource_name: str,
                   args: FirewallPolicyArgs,
                   opts: Optional[ResourceOptions] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure-native:network:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FirewallPolicyArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

FirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The FirewallPolicy resource accepts the following input properties:

ResourceGroupName string

The name of the resource group.

BasePolicy Pulumi.AzureNative.Network.Inputs.SubResourceArgs

The parent firewall policy from which rules are inherited.

DnsSettings Pulumi.AzureNative.Network.Inputs.DnsSettingsArgs

DNS Proxy Settings definition.

FirewallPolicyName string

The name of the Firewall Policy.

Id string

Resource ID.

Identity Pulumi.AzureNative.Network.Inputs.ManagedServiceIdentityArgs

The identity of the firewall policy.

Insights Pulumi.AzureNative.Network.Inputs.FirewallPolicyInsightsArgs

Insights on Firewall Policy.

IntrusionDetection Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs

The configuration for Intrusion detection.

Location string

Resource location.

Sku Pulumi.AzureNative.Network.Inputs.FirewallPolicySkuArgs

The Firewall Policy SKU.

Snat Pulumi.AzureNative.Network.Inputs.FirewallPolicySNATArgs

The private IP addresses/IP ranges to which traffic will not be SNAT.

Tags Dictionary<string, string>

Resource tags.

ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

ThreatIntelWhitelist Pulumi.AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs

ThreatIntel Whitelist for Firewall Policy.

TransportSecurity Pulumi.AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs

TLS Configuration definition.

ResourceGroupName string

The name of the resource group.

BasePolicy SubResourceArgs

The parent firewall policy from which rules are inherited.

DnsSettings DnsSettingsArgs

DNS Proxy Settings definition.

FirewallPolicyName string

The name of the Firewall Policy.

Id string

Resource ID.

Identity ManagedServiceIdentityArgs

The identity of the firewall policy.

Insights FirewallPolicyInsightsArgs

Insights on Firewall Policy.

IntrusionDetection FirewallPolicyIntrusionDetectionArgs

The configuration for Intrusion detection.

Location string

Resource location.

Sku FirewallPolicySkuArgs

The Firewall Policy SKU.

Snat FirewallPolicySNATArgs

The private IP addresses/IP ranges to which traffic will not be SNAT.

Tags map[string]string

Resource tags.

ThreatIntelMode string | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

ThreatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs

ThreatIntel Whitelist for Firewall Policy.

TransportSecurity FirewallPolicyTransportSecurityArgs

TLS Configuration definition.

resourceGroupName String

The name of the resource group.

basePolicy SubResourceArgs

The parent firewall policy from which rules are inherited.

dnsSettings DnsSettingsArgs

DNS Proxy Settings definition.

firewallPolicyName String

The name of the Firewall Policy.

id String

Resource ID.

identity ManagedServiceIdentityArgs

The identity of the firewall policy.

insights FirewallPolicyInsightsArgs

Insights on Firewall Policy.

intrusionDetection FirewallPolicyIntrusionDetectionArgs

The configuration for Intrusion detection.

location String

Resource location.

sku FirewallPolicySkuArgs

The Firewall Policy SKU.

snat FirewallPolicySNATArgs

The private IP addresses/IP ranges to which traffic will not be SNAT.

tags Map<String,String>

Resource tags.

threatIntelMode String | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

threatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs

ThreatIntel Whitelist for Firewall Policy.

transportSecurity FirewallPolicyTransportSecurityArgs

TLS Configuration definition.

resourceGroupName string

The name of the resource group.

basePolicy SubResourceArgs

The parent firewall policy from which rules are inherited.

dnsSettings DnsSettingsArgs

DNS Proxy Settings definition.

firewallPolicyName string

The name of the Firewall Policy.

id string

Resource ID.

identity ManagedServiceIdentityArgs

The identity of the firewall policy.

insights FirewallPolicyInsightsArgs

Insights on Firewall Policy.

intrusionDetection FirewallPolicyIntrusionDetectionArgs

The configuration for Intrusion detection.

location string

Resource location.

sku FirewallPolicySkuArgs

The Firewall Policy SKU.

snat FirewallPolicySNATArgs

The private IP addresses/IP ranges to which traffic will not be SNAT.

tags {[key: string]: string}

Resource tags.

threatIntelMode string | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

threatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs

ThreatIntel Whitelist for Firewall Policy.

transportSecurity FirewallPolicyTransportSecurityArgs

TLS Configuration definition.

resource_group_name str

The name of the resource group.

base_policy SubResourceArgs

The parent firewall policy from which rules are inherited.

dns_settings DnsSettingsArgs

DNS Proxy Settings definition.

firewall_policy_name str

The name of the Firewall Policy.

id str

Resource ID.

identity ManagedServiceIdentityArgs

The identity of the firewall policy.

insights FirewallPolicyInsightsArgs

Insights on Firewall Policy.

intrusion_detection FirewallPolicyIntrusionDetectionArgs

The configuration for Intrusion detection.

location str

Resource location.

sku FirewallPolicySkuArgs

The Firewall Policy SKU.

snat FirewallPolicySNATArgs

The private IP addresses/IP ranges to which traffic will not be SNAT.

tags Mapping[str, str]

Resource tags.

threat_intel_mode str | AzureFirewallThreatIntelMode

The operation mode for Threat Intelligence.

threat_intel_whitelist FirewallPolicyThreatIntelWhitelistArgs

ThreatIntel Whitelist for Firewall Policy.

transport_security FirewallPolicyTransportSecurityArgs

TLS Configuration definition.

resourceGroupName String

The name of the resource group.

basePolicy Property Map

The parent firewall policy from which rules are inherited.

dnsSettings Property Map

DNS Proxy Settings definition.

firewallPolicyName String

The name of the Firewall Policy.

id String

Resource ID.

identity Property Map

The identity of the firewall policy.

insights Property Map

Insights on Firewall Policy.

intrusionDetection Property Map

The configuration for Intrusion detection.

location String

Resource location.

sku Property Map

The Firewall Policy SKU.

snat Property Map

The private IP addresses/IP ranges to which traffic will not be SNAT.

tags Map<String>

Resource tags.

threatIntelMode String | "Alert" | "Deny" | "Off"

The operation mode for Threat Intelligence.

threatIntelWhitelist Property Map

ThreatIntel Whitelist for Firewall Policy.

transportSecurity Property Map

TLS Configuration definition.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

ChildPolicies List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

List of references to Child Firewall Policies.

Etag string

A unique read-only string that changes whenever the resource is updated.

Firewalls List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

List of references to Azure Firewalls that this Firewall Policy is associated with.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name.

ProvisioningState string

The provisioning state of the firewall policy resource.

RuleCollectionGroups List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

List of references to FirewallPolicyRuleCollectionGroups.

Type string

Resource type.

ChildPolicies []SubResourceResponse

List of references to Child Firewall Policies.

Etag string

A unique read-only string that changes whenever the resource is updated.

Firewalls []SubResourceResponse

List of references to Azure Firewalls that this Firewall Policy is associated with.

Id string

The provider-assigned unique ID for this managed resource.

Name string

Resource name.

ProvisioningState string

The provisioning state of the firewall policy resource.

RuleCollectionGroups []SubResourceResponse

List of references to FirewallPolicyRuleCollectionGroups.

Type string

Resource type.

childPolicies List<SubResourceResponse>

List of references to Child Firewall Policies.

etag String

A unique read-only string that changes whenever the resource is updated.

firewalls List<SubResourceResponse>

List of references to Azure Firewalls that this Firewall Policy is associated with.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name.

provisioningState String

The provisioning state of the firewall policy resource.

ruleCollectionGroups List<SubResourceResponse>

List of references to FirewallPolicyRuleCollectionGroups.

type String

Resource type.

childPolicies SubResourceResponse[]

List of references to Child Firewall Policies.

etag string

A unique read-only string that changes whenever the resource is updated.

firewalls SubResourceResponse[]

List of references to Azure Firewalls that this Firewall Policy is associated with.

id string

The provider-assigned unique ID for this managed resource.

name string

Resource name.

provisioningState string

The provisioning state of the firewall policy resource.

ruleCollectionGroups SubResourceResponse[]

List of references to FirewallPolicyRuleCollectionGroups.

type string

Resource type.

child_policies Sequence[SubResourceResponse]

List of references to Child Firewall Policies.

etag str

A unique read-only string that changes whenever the resource is updated.

firewalls Sequence[SubResourceResponse]

List of references to Azure Firewalls that this Firewall Policy is associated with.

id str

The provider-assigned unique ID for this managed resource.

name str

Resource name.

provisioning_state str

The provisioning state of the firewall policy resource.

rule_collection_groups Sequence[SubResourceResponse]

List of references to FirewallPolicyRuleCollectionGroups.

type str

Resource type.

childPolicies List<Property Map>

List of references to Child Firewall Policies.

etag String

A unique read-only string that changes whenever the resource is updated.

firewalls List<Property Map>

List of references to Azure Firewalls that this Firewall Policy is associated with.

id String

The provider-assigned unique ID for this managed resource.

name String

Resource name.

provisioningState String

The provisioning state of the firewall policy resource.

ruleCollectionGroups List<Property Map>

List of references to FirewallPolicyRuleCollectionGroups.

type String

Resource type.

Supporting Types

AzureFirewallThreatIntelMode

Alert
Alert
Deny
Deny
Off
Off
AzureFirewallThreatIntelModeAlert
Alert
AzureFirewallThreatIntelModeDeny
Deny
AzureFirewallThreatIntelModeOff
Off
Alert
Alert
Deny
Deny
Off
Off
Alert
Alert
Deny
Deny
Off
Off
ALERT
Alert
DENY
Deny
OFF
Off
"Alert"
Alert
"Deny"
Deny
"Off"
Off

DnsSettings

EnableProxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

RequireProxyForNetworkRules bool

FQDNs in Network Rules are supported when set to true.

Servers List<string>

List of Custom DNS Servers.

EnableProxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

RequireProxyForNetworkRules bool

FQDNs in Network Rules are supported when set to true.

Servers []string

List of Custom DNS Servers.

enableProxy Boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules Boolean

FQDNs in Network Rules are supported when set to true.

servers List<String>

List of Custom DNS Servers.

enableProxy boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules boolean

FQDNs in Network Rules are supported when set to true.

servers string[]

List of Custom DNS Servers.

enable_proxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

require_proxy_for_network_rules bool

FQDNs in Network Rules are supported when set to true.

servers Sequence[str]

List of Custom DNS Servers.

enableProxy Boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules Boolean

FQDNs in Network Rules are supported when set to true.

servers List<String>

List of Custom DNS Servers.

DnsSettingsResponse

EnableProxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

RequireProxyForNetworkRules bool

FQDNs in Network Rules are supported when set to true.

Servers List<string>

List of Custom DNS Servers.

EnableProxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

RequireProxyForNetworkRules bool

FQDNs in Network Rules are supported when set to true.

Servers []string

List of Custom DNS Servers.

enableProxy Boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules Boolean

FQDNs in Network Rules are supported when set to true.

servers List<String>

List of Custom DNS Servers.

enableProxy boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules boolean

FQDNs in Network Rules are supported when set to true.

servers string[]

List of Custom DNS Servers.

enable_proxy bool

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

require_proxy_for_network_rules bool

FQDNs in Network Rules are supported when set to true.

servers Sequence[str]

List of Custom DNS Servers.

enableProxy Boolean

Enable DNS Proxy on Firewalls attached to the Firewall Policy.

requireProxyForNetworkRules Boolean

FQDNs in Network Rules are supported when set to true.

servers List<String>

List of Custom DNS Servers.

FirewallPolicyCertificateAuthority

KeyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

Name string

Name of the CA certificate.

KeyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

Name string

Name of the CA certificate.

keyVaultSecretId String

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name String

Name of the CA certificate.

keyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name string

Name of the CA certificate.

key_vault_secret_id str

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name str

Name of the CA certificate.

keyVaultSecretId String

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name String

Name of the CA certificate.

FirewallPolicyCertificateAuthorityResponse

KeyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

Name string

Name of the CA certificate.

KeyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

Name string

Name of the CA certificate.

keyVaultSecretId String

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name String

Name of the CA certificate.

keyVaultSecretId string

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name string

Name of the CA certificate.

key_vault_secret_id str

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name str

Name of the CA certificate.

keyVaultSecretId String

Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

name String

Name of the CA certificate.

FirewallPolicyInsights

IsEnabled bool

A flag to indicate if the insights are enabled on the policy.

LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResources

Workspaces needed to configure the Firewall Policy Insights.

RetentionDays int

Number of days the insights should be enabled on the policy.

IsEnabled bool

A flag to indicate if the insights are enabled on the policy.

LogAnalyticsResources FirewallPolicyLogAnalyticsResources

Workspaces needed to configure the Firewall Policy Insights.

RetentionDays int

Number of days the insights should be enabled on the policy.

isEnabled Boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources FirewallPolicyLogAnalyticsResources

Workspaces needed to configure the Firewall Policy Insights.

retentionDays Integer

Number of days the insights should be enabled on the policy.

isEnabled boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources FirewallPolicyLogAnalyticsResources

Workspaces needed to configure the Firewall Policy Insights.

retentionDays number

Number of days the insights should be enabled on the policy.

is_enabled bool

A flag to indicate if the insights are enabled on the policy.

log_analytics_resources FirewallPolicyLogAnalyticsResources

Workspaces needed to configure the Firewall Policy Insights.

retention_days int

Number of days the insights should be enabled on the policy.

isEnabled Boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources Property Map

Workspaces needed to configure the Firewall Policy Insights.

retentionDays Number

Number of days the insights should be enabled on the policy.

FirewallPolicyInsightsResponse

IsEnabled bool

A flag to indicate if the insights are enabled on the policy.

LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesResponse

Workspaces needed to configure the Firewall Policy Insights.

RetentionDays int

Number of days the insights should be enabled on the policy.

IsEnabled bool

A flag to indicate if the insights are enabled on the policy.

LogAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

Workspaces needed to configure the Firewall Policy Insights.

RetentionDays int

Number of days the insights should be enabled on the policy.

isEnabled Boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

Workspaces needed to configure the Firewall Policy Insights.

retentionDays Integer

Number of days the insights should be enabled on the policy.

isEnabled boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

Workspaces needed to configure the Firewall Policy Insights.

retentionDays number

Number of days the insights should be enabled on the policy.

is_enabled bool

A flag to indicate if the insights are enabled on the policy.

log_analytics_resources FirewallPolicyLogAnalyticsResourcesResponse

Workspaces needed to configure the Firewall Policy Insights.

retention_days int

Number of days the insights should be enabled on the policy.

isEnabled Boolean

A flag to indicate if the insights are enabled on the policy.

logAnalyticsResources Property Map

Workspaces needed to configure the Firewall Policy Insights.

retentionDays Number

Number of days the insights should be enabled on the policy.

FirewallPolicyIntrusionDetection

Configuration FirewallPolicyIntrusionDetectionConfiguration

Intrusion detection configuration properties.

Mode string | FirewallPolicyIntrusionDetectionStateType

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfiguration

Intrusion detection configuration properties.

mode String | FirewallPolicyIntrusionDetectionStateType

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfiguration

Intrusion detection configuration properties.

mode string | FirewallPolicyIntrusionDetectionStateType

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfiguration

Intrusion detection configuration properties.

mode str | FirewallPolicyIntrusionDetectionStateType

Intrusion detection general state.

configuration Property Map

Intrusion detection configuration properties.

mode String | "Off" | "Alert" | "Deny"

Intrusion detection general state.

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

Description string

Description of the bypass traffic rule.

DestinationAddresses List<string>

List of destination IP addresses or ranges for this rule.

DestinationIpGroups List<string>

List of destination IpGroups for this rule.

DestinationPorts List<string>

List of destination ports or ranges.

Name string

Name of the bypass traffic rule.

Protocol string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol

The rule bypass protocol.

SourceAddresses List<string>

List of source IP addresses or ranges for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

Description string

Description of the bypass traffic rule.

DestinationAddresses []string

List of destination IP addresses or ranges for this rule.

DestinationIpGroups []string

List of destination IpGroups for this rule.

DestinationPorts []string

List of destination ports or ranges.

Name string

Name of the bypass traffic rule.

Protocol string | FirewallPolicyIntrusionDetectionProtocol

The rule bypass protocol.

SourceAddresses []string

List of source IP addresses or ranges for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

description String

Description of the bypass traffic rule.

destinationAddresses List<String>

List of destination IP addresses or ranges for this rule.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports or ranges.

name String

Name of the bypass traffic rule.

protocol String | FirewallPolicyIntrusionDetectionProtocol

The rule bypass protocol.

sourceAddresses List<String>

List of source IP addresses or ranges for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

description string

Description of the bypass traffic rule.

destinationAddresses string[]

List of destination IP addresses or ranges for this rule.

destinationIpGroups string[]

List of destination IpGroups for this rule.

destinationPorts string[]

List of destination ports or ranges.

name string

Name of the bypass traffic rule.

protocol string | FirewallPolicyIntrusionDetectionProtocol

The rule bypass protocol.

sourceAddresses string[]

List of source IP addresses or ranges for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

description str

Description of the bypass traffic rule.

destination_addresses Sequence[str]

List of destination IP addresses or ranges for this rule.

destination_ip_groups Sequence[str]

List of destination IpGroups for this rule.

destination_ports Sequence[str]

List of destination ports or ranges.

name str

Name of the bypass traffic rule.

protocol str | FirewallPolicyIntrusionDetectionProtocol

The rule bypass protocol.

source_addresses Sequence[str]

List of source IP addresses or ranges for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

description String

Description of the bypass traffic rule.

destinationAddresses List<String>

List of destination IP addresses or ranges for this rule.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports or ranges.

name String

Name of the bypass traffic rule.

protocol String | "TCP" | "UDP" | "ICMP" | "ANY"

The rule bypass protocol.

sourceAddresses List<String>

List of source IP addresses or ranges for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse

Description string

Description of the bypass traffic rule.

DestinationAddresses List<string>

List of destination IP addresses or ranges for this rule.

DestinationIpGroups List<string>

List of destination IpGroups for this rule.

DestinationPorts List<string>

List of destination ports or ranges.

Name string

Name of the bypass traffic rule.

Protocol string

The rule bypass protocol.

SourceAddresses List<string>

List of source IP addresses or ranges for this rule.

SourceIpGroups List<string>

List of source IpGroups for this rule.

Description string

Description of the bypass traffic rule.

DestinationAddresses []string

List of destination IP addresses or ranges for this rule.

DestinationIpGroups []string

List of destination IpGroups for this rule.

DestinationPorts []string

List of destination ports or ranges.

Name string

Name of the bypass traffic rule.

Protocol string

The rule bypass protocol.

SourceAddresses []string

List of source IP addresses or ranges for this rule.

SourceIpGroups []string

List of source IpGroups for this rule.

description String

Description of the bypass traffic rule.

destinationAddresses List<String>

List of destination IP addresses or ranges for this rule.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports or ranges.

name String

Name of the bypass traffic rule.

protocol String

The rule bypass protocol.

sourceAddresses List<String>

List of source IP addresses or ranges for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

description string

Description of the bypass traffic rule.

destinationAddresses string[]

List of destination IP addresses or ranges for this rule.

destinationIpGroups string[]

List of destination IpGroups for this rule.

destinationPorts string[]

List of destination ports or ranges.

name string

Name of the bypass traffic rule.

protocol string

The rule bypass protocol.

sourceAddresses string[]

List of source IP addresses or ranges for this rule.

sourceIpGroups string[]

List of source IpGroups for this rule.

description str

Description of the bypass traffic rule.

destination_addresses Sequence[str]

List of destination IP addresses or ranges for this rule.

destination_ip_groups Sequence[str]

List of destination IpGroups for this rule.

destination_ports Sequence[str]

List of destination ports or ranges.

name str

Name of the bypass traffic rule.

protocol str

The rule bypass protocol.

source_addresses Sequence[str]

List of source IP addresses or ranges for this rule.

source_ip_groups Sequence[str]

List of source IpGroups for this rule.

description String

Description of the bypass traffic rule.

destinationAddresses List<String>

List of destination IP addresses or ranges for this rule.

destinationIpGroups List<String>

List of destination IpGroups for this rule.

destinationPorts List<String>

List of destination ports or ranges.

name String

Name of the bypass traffic rule.

protocol String

The rule bypass protocol.

sourceAddresses List<String>

List of source IP addresses or ranges for this rule.

sourceIpGroups List<String>

List of source IpGroups for this rule.

FirewallPolicyIntrusionDetectionConfiguration

bypassTrafficSettings List<Property Map>

List of rules for traffic to bypass.

signatureOverrides List<Property Map>

List of specific signatures states.

FirewallPolicyIntrusionDetectionConfigurationResponse

bypassTrafficSettings List<Property Map>

List of rules for traffic to bypass.

signatureOverrides List<Property Map>

List of specific signatures states.

FirewallPolicyIntrusionDetectionProtocol

TCP
TCP
UDP
UDP
ICMP
ICMP
ANY
ANY
FirewallPolicyIntrusionDetectionProtocolTCP
TCP
FirewallPolicyIntrusionDetectionProtocolUDP
UDP
FirewallPolicyIntrusionDetectionProtocolICMP
ICMP
FirewallPolicyIntrusionDetectionProtocolANY
ANY
TCP
TCP
UDP
UDP
ICMP
ICMP
ANY
ANY
TCP
TCP
UDP
UDP
ICMP
ICMP
ANY
ANY
TCP
TCP
UDP
UDP
ICMP
ICMP
ANY
ANY
"TCP"
TCP
"UDP"
UDP
"ICMP"
ICMP
"ANY"
ANY

FirewallPolicyIntrusionDetectionResponse

Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationResponse

Intrusion detection configuration properties.

Mode string

Intrusion detection general state.

Configuration FirewallPolicyIntrusionDetectionConfigurationResponse

Intrusion detection configuration properties.

Mode string

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse

Intrusion detection configuration properties.

mode String

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse

Intrusion detection configuration properties.

mode string

Intrusion detection general state.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse

Intrusion detection configuration properties.

mode str

Intrusion detection general state.

configuration Property Map

Intrusion detection configuration properties.

mode String

Intrusion detection general state.

FirewallPolicyIntrusionDetectionSignatureSpecification

Id string

Signature id.

Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType

The signature state.

Id string

Signature id.

Mode string | FirewallPolicyIntrusionDetectionStateType

The signature state.

id String

Signature id.

mode String | FirewallPolicyIntrusionDetectionStateType

The signature state.

id string

Signature id.

mode string | FirewallPolicyIntrusionDetectionStateType

The signature state.

id str

Signature id.

mode str | FirewallPolicyIntrusionDetectionStateType

The signature state.

id String

Signature id.

mode String | "Off" | "Alert" | "Deny"

The signature state.

FirewallPolicyIntrusionDetectionSignatureSpecificationResponse

Id string

Signature id.

Mode string

The signature state.

Id string

Signature id.

Mode string

The signature state.

id String

Signature id.

mode String

The signature state.

id string

Signature id.

mode string

The signature state.

id str

Signature id.

mode str

The signature state.

id String

Signature id.

mode String

The signature state.

FirewallPolicyIntrusionDetectionStateType

Off
Off
Alert
Alert
Deny
Deny
FirewallPolicyIntrusionDetectionStateTypeOff
Off
FirewallPolicyIntrusionDetectionStateTypeAlert
Alert
FirewallPolicyIntrusionDetectionStateTypeDeny
Deny
Off
Off
Alert
Alert
Deny
Deny
Off
Off
Alert
Alert
Deny
Deny
OFF
Off
ALERT
Alert
DENY
Deny
"Off"
Off
"Alert"
Alert
"Deny"
Deny

FirewallPolicyLogAnalyticsResources

DefaultWorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource

The default workspace Id for Firewall Policy Insights.

Workspaces List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspace>

List of workspaces for Firewall Policy Insights.

DefaultWorkspaceId SubResource

The default workspace Id for Firewall Policy Insights.

Workspaces []FirewallPolicyLogAnalyticsWorkspace

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResource

The default workspace Id for Firewall Policy Insights.

workspaces List<FirewallPolicyLogAnalyticsWorkspace>

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResource

The default workspace Id for Firewall Policy Insights.

workspaces FirewallPolicyLogAnalyticsWorkspace[]

List of workspaces for Firewall Policy Insights.

default_workspace_id SubResource

The default workspace Id for Firewall Policy Insights.

workspaces Sequence[FirewallPolicyLogAnalyticsWorkspace]

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId Property Map

The default workspace Id for Firewall Policy Insights.

workspaces List<Property Map>

List of workspaces for Firewall Policy Insights.

FirewallPolicyLogAnalyticsResourcesResponse

DefaultWorkspaceId SubResourceResponse

The default workspace Id for Firewall Policy Insights.

Workspaces []FirewallPolicyLogAnalyticsWorkspaceResponse

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResourceResponse

The default workspace Id for Firewall Policy Insights.

workspaces List<FirewallPolicyLogAnalyticsWorkspaceResponse>

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResourceResponse

The default workspace Id for Firewall Policy Insights.

workspaces FirewallPolicyLogAnalyticsWorkspaceResponse[]

List of workspaces for Firewall Policy Insights.

default_workspace_id SubResourceResponse

The default workspace Id for Firewall Policy Insights.

workspaces Sequence[FirewallPolicyLogAnalyticsWorkspaceResponse]

List of workspaces for Firewall Policy Insights.

defaultWorkspaceId Property Map

The default workspace Id for Firewall Policy Insights.

workspaces List<Property Map>

List of workspaces for Firewall Policy Insights.

FirewallPolicyLogAnalyticsWorkspace

Region string

Region to configure the Workspace.

WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource

The workspace Id for Firewall Policy Insights.

Region string

Region to configure the Workspace.

WorkspaceId SubResource

The workspace Id for Firewall Policy Insights.

region String

Region to configure the Workspace.

workspaceId SubResource

The workspace Id for Firewall Policy Insights.

region string

Region to configure the Workspace.

workspaceId SubResource

The workspace Id for Firewall Policy Insights.

region str

Region to configure the Workspace.

workspace_id SubResource

The workspace Id for Firewall Policy Insights.

region String

Region to configure the Workspace.

workspaceId Property Map

The workspace Id for Firewall Policy Insights.

FirewallPolicyLogAnalyticsWorkspaceResponse

Region string

Region to configure the Workspace.

WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResourceResponse

The workspace Id for Firewall Policy Insights.

Region string

Region to configure the Workspace.

WorkspaceId SubResourceResponse

The workspace Id for Firewall Policy Insights.

region String

Region to configure the Workspace.

workspaceId SubResourceResponse

The workspace Id for Firewall Policy Insights.

region string

Region to configure the Workspace.

workspaceId SubResourceResponse

The workspace Id for Firewall Policy Insights.

region str

Region to configure the Workspace.

workspace_id SubResourceResponse

The workspace Id for Firewall Policy Insights.

region String

Region to configure the Workspace.

workspaceId Property Map

The workspace Id for Firewall Policy Insights.

FirewallPolicySNAT

PrivateRanges List<string>

List of private IP addresses/IP address ranges to not be SNAT.

PrivateRanges []string

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges List<String>

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges string[]

List of private IP addresses/IP address ranges to not be SNAT.

private_ranges Sequence[str]

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges List<String>

List of private IP addresses/IP address ranges to not be SNAT.

FirewallPolicySNATResponse

PrivateRanges List<string>

List of private IP addresses/IP address ranges to not be SNAT.

PrivateRanges []string

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges List<String>

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges string[]

List of private IP addresses/IP address ranges to not be SNAT.

private_ranges Sequence[str]

List of private IP addresses/IP address ranges to not be SNAT.

privateRanges List<String>

List of private IP addresses/IP address ranges to not be SNAT.

FirewallPolicySku

Tier string | FirewallPolicySkuTier

Tier of Firewall Policy.

tier String | FirewallPolicySkuTier

Tier of Firewall Policy.

tier string | FirewallPolicySkuTier

Tier of Firewall Policy.

tier str | FirewallPolicySkuTier

Tier of Firewall Policy.

tier String | "Standard" | "Premium"

Tier of Firewall Policy.

FirewallPolicySkuResponse

Tier string

Tier of Firewall Policy.

Tier string

Tier of Firewall Policy.

tier String

Tier of Firewall Policy.

tier string

Tier of Firewall Policy.

tier str

Tier of Firewall Policy.

tier String

Tier of Firewall Policy.

FirewallPolicySkuTier

Standard
Standard
Premium
Premium
FirewallPolicySkuTierStandard
Standard
FirewallPolicySkuTierPremium
Premium
Standard
Standard
Premium
Premium
Standard
Standard
Premium
Premium
STANDARD
Standard
PREMIUM
Premium
"Standard"
Standard
"Premium"
Premium

FirewallPolicyThreatIntelWhitelist

Fqdns List<string>

List of FQDNs for the ThreatIntel Whitelist.

IpAddresses List<string>

List of IP addresses for the ThreatIntel Whitelist.

Fqdns []string

List of FQDNs for the ThreatIntel Whitelist.

IpAddresses []string

List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses List<String>

List of IP addresses for the ThreatIntel Whitelist.

fqdns string[]

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses string[]

List of IP addresses for the ThreatIntel Whitelist.

fqdns Sequence[str]

List of FQDNs for the ThreatIntel Whitelist.

ip_addresses Sequence[str]

List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses List<String>

List of IP addresses for the ThreatIntel Whitelist.

FirewallPolicyThreatIntelWhitelistResponse

Fqdns List<string>

List of FQDNs for the ThreatIntel Whitelist.

IpAddresses List<string>

List of IP addresses for the ThreatIntel Whitelist.

Fqdns []string

List of FQDNs for the ThreatIntel Whitelist.

IpAddresses []string

List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses List<String>

List of IP addresses for the ThreatIntel Whitelist.

fqdns string[]

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses string[]

List of IP addresses for the ThreatIntel Whitelist.

fqdns Sequence[str]

List of FQDNs for the ThreatIntel Whitelist.

ip_addresses Sequence[str]

List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>

List of FQDNs for the ThreatIntel Whitelist.

ipAddresses List<String>

List of IP addresses for the ThreatIntel Whitelist.

FirewallPolicyTransportSecurity

CertificateAuthority FirewallPolicyCertificateAuthority

The CA used for intermediate CA generation.

certificateAuthority FirewallPolicyCertificateAuthority

The CA used for intermediate CA generation.

certificateAuthority FirewallPolicyCertificateAuthority

The CA used for intermediate CA generation.

certificate_authority FirewallPolicyCertificateAuthority

The CA used for intermediate CA generation.

certificateAuthority Property Map

The CA used for intermediate CA generation.

FirewallPolicyTransportSecurityResponse

CertificateAuthority FirewallPolicyCertificateAuthorityResponse

The CA used for intermediate CA generation.

certificateAuthority FirewallPolicyCertificateAuthorityResponse

The CA used for intermediate CA generation.

certificateAuthority FirewallPolicyCertificateAuthorityResponse

The CA used for intermediate CA generation.

certificate_authority FirewallPolicyCertificateAuthorityResponse

The CA used for intermediate CA generation.

certificateAuthority Property Map

The CA used for intermediate CA generation.

ManagedServiceIdentity

Type Pulumi.AzureNative.Network.ResourceIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

UserAssignedIdentities Dictionary<string, object>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

Type ResourceIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

UserAssignedIdentities map[string]interface{}

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

type ResourceIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities Map<String,Object>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

type ResourceIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities {[key: string]: any}

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

type ResourceIdentityType

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

user_assigned_identities Mapping[str, Any]

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

type "SystemAssigned" | "UserAssigned" | "SystemAssigned, UserAssigned" | "None"

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities Map<Any>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ManagedServiceIdentityResponse

PrincipalId string

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

TenantId string

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

Type string

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

UserAssignedIdentities Dictionary<string, Pulumi.AzureNative.Network.Inputs.ManagedServiceIdentityResponseUserAssignedIdentities>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

PrincipalId string

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

TenantId string

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

Type string

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

UserAssignedIdentities map[string]ManagedServiceIdentityResponseUserAssignedIdentities

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId String

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

tenantId String

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

type String

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities Map<String,ManagedServiceIdentityResponseUserAssignedIdentities>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId string

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

tenantId string

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

type string

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities {[key: string]: ManagedServiceIdentityResponseUserAssignedIdentities}

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principal_id str

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

tenant_id str

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

type str

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

user_assigned_identities Mapping[str, ManagedServiceIdentityResponseUserAssignedIdentities]

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

principalId String

The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

tenantId String

The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

type String

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

userAssignedIdentities Map<Property Map>

The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

ManagedServiceIdentityResponseUserAssignedIdentities

ClientId string

The client id of user assigned identity.

PrincipalId string

The principal id of user assigned identity.

ClientId string

The client id of user assigned identity.

PrincipalId string

The principal id of user assigned identity.

clientId String

The client id of user assigned identity.

principalId String

The principal id of user assigned identity.

clientId string

The client id of user assigned identity.

principalId string

The principal id of user assigned identity.

client_id str

The client id of user assigned identity.

principal_id str

The principal id of user assigned identity.

clientId String

The client id of user assigned identity.

principalId String

The principal id of user assigned identity.

ResourceIdentityType

SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
ResourceIdentityTypeSystemAssigned
SystemAssigned
ResourceIdentityTypeUserAssigned
UserAssigned
ResourceIdentityType_SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
ResourceIdentityTypeNone
None
SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
SystemAssigned
SystemAssigned
UserAssigned
UserAssigned
SystemAssigned_UserAssigned
SystemAssigned, UserAssigned
None
None
SYSTEM_ASSIGNED
SystemAssigned
USER_ASSIGNED
UserAssigned
SYSTEM_ASSIGNED_USER_ASSIGNED
SystemAssigned, UserAssigned
NONE
None
"SystemAssigned"
SystemAssigned
"UserAssigned"
UserAssigned
"SystemAssigned, UserAssigned"
SystemAssigned, UserAssigned
"None"
None

SubResource

Id string

Resource Id.

Id string

Resource Id.

id String

Resource Id.

id string

Resource Id.

id str

Resource Id.

id String

Resource Id.

SubResourceResponse

Id string

Resource ID.

Id string

Resource ID.

id String

Resource ID.

id string

Resource ID.

id str

Resource ID.

id String

Resource ID.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:network:FirewallPolicy firewallPolicy /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy 

Package Details

Repository
https://github.com/pulumi/pulumi-azure-native
License
Apache-2.0