1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. FirewallPolicy
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.10.0 published on Wednesday, Oct 4, 2023 by Pulumi

azure-native.network.FirewallPolicy

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.10.0 published on Wednesday, Oct 4, 2023 by Pulumi

    FirewallPolicy Resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01

    Example Usage

    Create FirewallPolicy

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var firewallPolicy = new AzureNative.Network.FirewallPolicy("firewallPolicy", new()
        {
            DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
            {
                EnableProxy = true,
                RequireProxyForNetworkRules = false,
                Servers = new[]
                {
                    "30.3.4.5",
                },
            },
            ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
            {
                EnableExplicitProxy = true,
                EnablePacFile = true,
                HttpPort = 8087,
                HttpsPort = 8087,
                PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
                PacFilePort = 8087,
            },
            FirewallPolicyName = "firewallPolicy",
            Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
            {
                IsEnabled = true,
                LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
                {
                    DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                    },
                    Workspaces = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "westus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                            },
                        },
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "eastus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                            },
                        },
                    },
                },
                RetentionDays = 100,
            },
            IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
            {
                Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
                {
                    BypassTrafficSettings = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                        {
                            Description = "Rule 1",
                            DestinationAddresses = new[]
                            {
                                "5.6.7.8",
                            },
                            DestinationPorts = new[]
                            {
                                "*",
                            },
                            Name = "bypassRule1",
                            Protocol = "TCP",
                            SourceAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                        },
                    },
                    SignatureOverrides = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                        {
                            Id = "2525004",
                            Mode = "Deny",
                        },
                    },
                },
                Mode = "Alert",
            },
            Location = "West US",
            ResourceGroupName = "rg1",
            Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
            {
                Tier = "Premium",
            },
            Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
            {
                PrivateRanges = new[]
                {
                    "IANAPrivateRanges",
                },
            },
            Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
            {
                AllowSqlRedirect = true,
            },
            Tags = 
            {
                { "key1", "value1" },
            },
            ThreatIntelMode = "Alert",
            ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
            {
                Fqdns = new[]
                {
                    "*.microsoft.com",
                },
                IpAddresses = new[]
                {
                    "20.3.4.5",
                },
            },
            TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
            {
                CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
                {
                    KeyVaultSecretId = "https://kv/secret",
                    Name = "clientcert",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
    _, err := network.NewFirewallPolicy(ctx, "firewallPolicy", &network.FirewallPolicyArgs{
    DnsSettings: &network.DnsSettingsArgs{
    EnableProxy: pulumi.Bool(true),
    RequireProxyForNetworkRules: pulumi.Bool(false),
    Servers: pulumi.StringArray{
    pulumi.String("30.3.4.5"),
    },
    },
    ExplicitProxy: &network.ExplicitProxyArgs{
    EnableExplicitProxy: pulumi.Bool(true),
    EnablePacFile: pulumi.Bool(true),
    HttpPort: pulumi.Int(8087),
    HttpsPort: pulumi.Int(8087),
    PacFile: pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
    PacFilePort: pulumi.Int(8087),
    },
    FirewallPolicyName: pulumi.String("firewallPolicy"),
    Insights: network.FirewallPolicyInsightsResponse{
    IsEnabled: pulumi.Bool(true),
    LogAnalyticsResources: interface{}{
    DefaultWorkspaceId: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
    },
    Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
    interface{}{
    Region: pulumi.String("westus"),
    WorkspaceId: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
    },
    },
    interface{}{
    Region: pulumi.String("eastus"),
    WorkspaceId: &network.SubResourceArgs{
    Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
    },
    },
    },
    },
    RetentionDays: pulumi.Int(100),
    },
    IntrusionDetection: network.FirewallPolicyIntrusionDetectionResponse{
    Configuration: interface{}{
    BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
    &network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
    Description: pulumi.String("Rule 1"),
    DestinationAddresses: pulumi.StringArray{
    pulumi.String("5.6.7.8"),
    },
    DestinationPorts: pulumi.StringArray{
    pulumi.String("*"),
    },
    Name: pulumi.String("bypassRule1"),
    Protocol: pulumi.String("TCP"),
    SourceAddresses: pulumi.StringArray{
    pulumi.String("1.2.3.4"),
    },
    },
    },
    SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
    &network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
    Id: pulumi.String("2525004"),
    Mode: pulumi.String("Deny"),
    },
    },
    },
    Mode: pulumi.String("Alert"),
    },
    Location: pulumi.String("West US"),
    ResourceGroupName: pulumi.String("rg1"),
    Sku: &network.FirewallPolicySkuArgs{
    Tier: pulumi.String("Premium"),
    },
    Snat: &network.FirewallPolicySNATArgs{
    PrivateRanges: pulumi.StringArray{
    pulumi.String("IANAPrivateRanges"),
    },
    },
    Sql: &network.FirewallPolicySQLArgs{
    AllowSqlRedirect: pulumi.Bool(true),
    },
    Tags: pulumi.StringMap{
    "key1": pulumi.String("value1"),
    },
    ThreatIntelMode: pulumi.String("Alert"),
    ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
    Fqdns: pulumi.StringArray{
    pulumi.String("*.microsoft.com"),
    },
    IpAddresses: pulumi.StringArray{
    pulumi.String("20.3.4.5"),
    },
    },
    TransportSecurity: network.FirewallPolicyTransportSecurityResponse{
    CertificateAuthority: &network.FirewallPolicyCertificateAuthorityArgs{
    KeyVaultSecretId: pulumi.String("https://kv/secret"),
    Name: pulumi.String("clientcert"),
    },
    },
    })
    if err != nil {
    return err
    }
    return nil
    })
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.FirewallPolicy;
    import com.pulumi.azurenative.network.FirewallPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var firewallPolicy = new FirewallPolicy("firewallPolicy", FirewallPolicyArgs.builder()        
                .dnsSettings(Map.ofEntries(
                    Map.entry("enableProxy", true),
                    Map.entry("requireProxyForNetworkRules", false),
                    Map.entry("servers", "30.3.4.5")
                ))
                .explicitProxy(Map.ofEntries(
                    Map.entry("enableExplicitProxy", true),
                    Map.entry("enablePacFile", true),
                    Map.entry("httpPort", 8087),
                    Map.entry("httpsPort", 8087),
                    Map.entry("pacFile", "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
                    Map.entry("pacFilePort", 8087)
                ))
                .firewallPolicyName("firewallPolicy")
                .insights(Map.ofEntries(
                    Map.entry("isEnabled", true),
                    Map.entry("logAnalyticsResources", Map.ofEntries(
                        Map.entry("defaultWorkspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")),
                        Map.entry("workspaces",                     
                            Map.ofEntries(
                                Map.entry("region", "westus"),
                                Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"))
                            ),
                            Map.ofEntries(
                                Map.entry("region", "eastus"),
                                Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"))
                            ))
                    )),
                    Map.entry("retentionDays", 100)
                ))
                .intrusionDetection(Map.ofEntries(
                    Map.entry("configuration", Map.ofEntries(
                        Map.entry("bypassTrafficSettings", Map.ofEntries(
                            Map.entry("description", "Rule 1"),
                            Map.entry("destinationAddresses", "5.6.7.8"),
                            Map.entry("destinationPorts", "*"),
                            Map.entry("name", "bypassRule1"),
                            Map.entry("protocol", "TCP"),
                            Map.entry("sourceAddresses", "1.2.3.4")
                        )),
                        Map.entry("signatureOverrides", Map.ofEntries(
                            Map.entry("id", "2525004"),
                            Map.entry("mode", "Deny")
                        ))
                    )),
                    Map.entry("mode", "Alert")
                ))
                .location("West US")
                .resourceGroupName("rg1")
                .sku(Map.of("tier", "Premium"))
                .snat(Map.of("privateRanges", "IANAPrivateRanges"))
                .sql(Map.of("allowSqlRedirect", true))
                .tags(Map.of("key1", "value1"))
                .threatIntelMode("Alert")
                .threatIntelWhitelist(Map.ofEntries(
                    Map.entry("fqdns", "*.microsoft.com"),
                    Map.entry("ipAddresses", "20.3.4.5")
                ))
                .transportSecurity(Map.of("certificateAuthority", Map.ofEntries(
                    Map.entry("keyVaultSecretId", "https://kv/secret"),
                    Map.entry("name", "clientcert")
                )))
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    firewall_policy = azure_native.network.FirewallPolicy("firewallPolicy",
        dns_settings=azure_native.network.DnsSettingsArgs(
            enable_proxy=True,
            require_proxy_for_network_rules=False,
            servers=["30.3.4.5"],
        ),
        explicit_proxy=azure_native.network.ExplicitProxyArgs(
            enable_explicit_proxy=True,
            enable_pac_file=True,
            http_port=8087,
            https_port=8087,
            pac_file="https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
            pac_file_port=8087,
        ),
        firewall_policy_name="firewallPolicy",
        insights=azure_native.network.FirewallPolicyInsightsResponseArgs(
            is_enabled=True,
            log_analytics_resources={
                "defaultWorkspaceId": azure_native.network.SubResourceArgs(
                    id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                ),
                "workspaces": [
                    {
                        "region": "westus",
                        "workspaceId": azure_native.network.SubResourceArgs(
                            id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        ),
                    },
                    {
                        "region": "eastus",
                        "workspaceId": azure_native.network.SubResourceArgs(
                            id="/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        ),
                    },
                ],
            },
            retention_days=100,
        ),
        intrusion_detection=azure_native.network.FirewallPolicyIntrusionDetectionResponseArgs(
            configuration={
                "bypassTrafficSettings": [azure_native.network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs(
                    description="Rule 1",
                    destination_addresses=["5.6.7.8"],
                    destination_ports=["*"],
                    name="bypassRule1",
                    protocol="TCP",
                    source_addresses=["1.2.3.4"],
                )],
                "signatureOverrides": [azure_native.network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs(
                    id="2525004",
                    mode="Deny",
                )],
            },
            mode="Alert",
        ),
        location="West US",
        resource_group_name="rg1",
        sku=azure_native.network.FirewallPolicySkuArgs(
            tier="Premium",
        ),
        snat=azure_native.network.FirewallPolicySNATArgs(
            private_ranges=["IANAPrivateRanges"],
        ),
        sql=azure_native.network.FirewallPolicySQLArgs(
            allow_sql_redirect=True,
        ),
        tags={
            "key1": "value1",
        },
        threat_intel_mode="Alert",
        threat_intel_whitelist=azure_native.network.FirewallPolicyThreatIntelWhitelistArgs(
            fqdns=["*.microsoft.com"],
            ip_addresses=["20.3.4.5"],
        ),
        transport_security=azure_native.network.FirewallPolicyTransportSecurityResponseArgs(
            certificate_authority=azure_native.network.FirewallPolicyCertificateAuthorityArgs(
                key_vault_secret_id="https://kv/secret",
                name="clientcert",
            ),
        ))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const firewallPolicy = new azure_native.network.FirewallPolicy("firewallPolicy", {
        dnsSettings: {
            enableProxy: true,
            requireProxyForNetworkRules: false,
            servers: ["30.3.4.5"],
        },
        explicitProxy: {
            enableExplicitProxy: true,
            enablePacFile: true,
            httpPort: 8087,
            httpsPort: 8087,
            pacFile: "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
            pacFilePort: 8087,
        },
        firewallPolicyName: "firewallPolicy",
        insights: {
            isEnabled: true,
            logAnalyticsResources: {
                defaultWorkspaceId: {
                    id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                },
                workspaces: [
                    {
                        region: "westus",
                        workspaceId: {
                            id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        },
                    },
                    {
                        region: "eastus",
                        workspaceId: {
                            id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        },
                    },
                ],
            },
            retentionDays: 100,
        },
        intrusionDetection: {
            configuration: {
                bypassTrafficSettings: [{
                    description: "Rule 1",
                    destinationAddresses: ["5.6.7.8"],
                    destinationPorts: ["*"],
                    name: "bypassRule1",
                    protocol: "TCP",
                    sourceAddresses: ["1.2.3.4"],
                }],
                signatureOverrides: [{
                    id: "2525004",
                    mode: "Deny",
                }],
            },
            mode: "Alert",
        },
        location: "West US",
        resourceGroupName: "rg1",
        sku: {
            tier: "Premium",
        },
        snat: {
            privateRanges: ["IANAPrivateRanges"],
        },
        sql: {
            allowSqlRedirect: true,
        },
        tags: {
            key1: "value1",
        },
        threatIntelMode: "Alert",
        threatIntelWhitelist: {
            fqdns: ["*.microsoft.com"],
            ipAddresses: ["20.3.4.5"],
        },
        transportSecurity: {
            certificateAuthority: {
                keyVaultSecretId: "https://kv/secret",
                name: "clientcert",
            },
        },
    });
    
    resources:
      firewallPolicy:
        type: azure-native:network:FirewallPolicy
        properties:
          dnsSettings:
            enableProxy: true
            requireProxyForNetworkRules: false
            servers:
              - 30.3.4.5
          explicitProxy:
            enableExplicitProxy: true
            enablePacFile: true
            httpPort: 8087
            httpsPort: 8087
            pacFile: https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D
            pacFilePort: 8087
          firewallPolicyName: firewallPolicy
          insights:
            isEnabled: true
            logAnalyticsResources:
              defaultWorkspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
              workspaces:
                - region: westus
                  workspaceId:
                    id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
                - region: eastus
                  workspaceId:
                    id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
            retentionDays: 100
          intrusionDetection:
            configuration:
              bypassTrafficSettings:
                - description: Rule 1
                  destinationAddresses:
                    - 5.6.7.8
                  destinationPorts:
                    - '*'
                  name: bypassRule1
                  protocol: TCP
                  sourceAddresses:
                    - 1.2.3.4
              signatureOverrides:
                - id: '2525004'
                  mode: Deny
            mode: Alert
          location: West US
          resourceGroupName: rg1
          sku:
            tier: Premium
          snat:
            privateRanges:
              - IANAPrivateRanges
          sql:
            allowSqlRedirect: true
          tags:
            key1: value1
          threatIntelMode: Alert
          threatIntelWhitelist:
            fqdns:
              - '*.microsoft.com'
            ipAddresses:
              - 20.3.4.5
          transportSecurity:
            certificateAuthority:
              keyVaultSecretId: https://kv/secret
              name: clientcert
    

    Create FirewallPolicy Resource

    new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallPolicy(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       base_policy: Optional[SubResourceArgs] = None,
                       dns_settings: Optional[DnsSettingsArgs] = None,
                       explicit_proxy: Optional[ExplicitProxyArgs] = None,
                       firewall_policy_name: Optional[str] = None,
                       id: Optional[str] = None,
                       identity: Optional[ManagedServiceIdentityArgs] = None,
                       insights: Optional[FirewallPolicyInsightsArgs] = None,
                       intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                       location: Optional[str] = None,
                       resource_group_name: Optional[str] = None,
                       sku: Optional[FirewallPolicySkuArgs] = None,
                       snat: Optional[FirewallPolicySNATArgs] = None,
                       sql: Optional[FirewallPolicySQLArgs] = None,
                       tags: Optional[Mapping[str, str]] = None,
                       threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                       threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None,
                       transport_security: Optional[FirewallPolicyTransportSecurityArgs] = None)
    @overload
    def FirewallPolicy(resource_name: str,
                       args: FirewallPolicyArgs,
                       opts: Optional[ResourceOptions] = None)
    func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
    public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
    public FirewallPolicy(String name, FirewallPolicyArgs args)
    public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
    
    type: azure-native:network:FirewallPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    FirewallPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The FirewallPolicy resource accepts the following input properties:

    ResourceGroupName string

    The name of the resource group.

    BasePolicy Pulumi.AzureNative.Network.Inputs.SubResource

    The parent firewall policy from which rules are inherited.

    DnsSettings Pulumi.AzureNative.Network.Inputs.DnsSettings

    DNS Proxy Settings definition.

    ExplicitProxy Pulumi.AzureNative.Network.Inputs.ExplicitProxy

    Explicit Proxy Settings definition.

    FirewallPolicyName string

    The name of the Firewall Policy.

    Id string

    Resource ID.

    Identity Pulumi.AzureNative.Network.Inputs.ManagedServiceIdentity

    The identity of the firewall policy.

    Insights Pulumi.AzureNative.Network.Inputs.FirewallPolicyInsights

    Insights on Firewall Policy.

    IntrusionDetection Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetection

    The configuration for Intrusion detection.

    Location string

    Resource location.

    Sku Pulumi.AzureNative.Network.Inputs.FirewallPolicySku

    The Firewall Policy SKU.

    Snat Pulumi.AzureNative.Network.Inputs.FirewallPolicySNAT

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    Sql Pulumi.AzureNative.Network.Inputs.FirewallPolicySQL

    SQL Settings definition.

    Tags Dictionary<string, string>

    Resource tags.

    ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    ThreatIntelWhitelist Pulumi.AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelist

    ThreatIntel Whitelist for Firewall Policy.

    TransportSecurity Pulumi.AzureNative.Network.Inputs.FirewallPolicyTransportSecurity

    TLS Configuration definition.

    ResourceGroupName string

    The name of the resource group.

    BasePolicy SubResourceArgs

    The parent firewall policy from which rules are inherited.

    DnsSettings DnsSettingsArgs

    DNS Proxy Settings definition.

    ExplicitProxy ExplicitProxyArgs

    Explicit Proxy Settings definition.

    FirewallPolicyName string

    The name of the Firewall Policy.

    Id string

    Resource ID.

    Identity ManagedServiceIdentityArgs

    The identity of the firewall policy.

    Insights FirewallPolicyInsightsArgs

    Insights on Firewall Policy.

    IntrusionDetection FirewallPolicyIntrusionDetectionArgs

    The configuration for Intrusion detection.

    Location string

    Resource location.

    Sku FirewallPolicySkuArgs

    The Firewall Policy SKU.

    Snat FirewallPolicySNATArgs

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    Sql FirewallPolicySQLArgs

    SQL Settings definition.

    Tags map[string]string

    Resource tags.

    ThreatIntelMode string | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    ThreatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs

    ThreatIntel Whitelist for Firewall Policy.

    TransportSecurity FirewallPolicyTransportSecurityArgs

    TLS Configuration definition.

    resourceGroupName String

    The name of the resource group.

    basePolicy SubResource

    The parent firewall policy from which rules are inherited.

    dnsSettings DnsSettings

    DNS Proxy Settings definition.

    explicitProxy ExplicitProxy

    Explicit Proxy Settings definition.

    firewallPolicyName String

    The name of the Firewall Policy.

    id String

    Resource ID.

    identity ManagedServiceIdentity

    The identity of the firewall policy.

    insights FirewallPolicyInsights

    Insights on Firewall Policy.

    intrusionDetection FirewallPolicyIntrusionDetection

    The configuration for Intrusion detection.

    location String

    Resource location.

    sku FirewallPolicySku

    The Firewall Policy SKU.

    snat FirewallPolicySNAT

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    sql FirewallPolicySQL

    SQL Settings definition.

    tags Map<String,String>

    Resource tags.

    threatIntelMode String | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    threatIntelWhitelist FirewallPolicyThreatIntelWhitelist

    ThreatIntel Whitelist for Firewall Policy.

    transportSecurity FirewallPolicyTransportSecurity

    TLS Configuration definition.

    resourceGroupName string

    The name of the resource group.

    basePolicy SubResource

    The parent firewall policy from which rules are inherited.

    dnsSettings DnsSettings

    DNS Proxy Settings definition.

    explicitProxy ExplicitProxy

    Explicit Proxy Settings definition.

    firewallPolicyName string

    The name of the Firewall Policy.

    id string

    Resource ID.

    identity ManagedServiceIdentity

    The identity of the firewall policy.

    insights FirewallPolicyInsights

    Insights on Firewall Policy.

    intrusionDetection FirewallPolicyIntrusionDetection

    The configuration for Intrusion detection.

    location string

    Resource location.

    sku FirewallPolicySku

    The Firewall Policy SKU.

    snat FirewallPolicySNAT

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    sql FirewallPolicySQL

    SQL Settings definition.

    tags {[key: string]: string}

    Resource tags.

    threatIntelMode string | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    threatIntelWhitelist FirewallPolicyThreatIntelWhitelist

    ThreatIntel Whitelist for Firewall Policy.

    transportSecurity FirewallPolicyTransportSecurity

    TLS Configuration definition.

    resource_group_name str

    The name of the resource group.

    base_policy SubResourceArgs

    The parent firewall policy from which rules are inherited.

    dns_settings DnsSettingsArgs

    DNS Proxy Settings definition.

    explicit_proxy ExplicitProxyArgs

    Explicit Proxy Settings definition.

    firewall_policy_name str

    The name of the Firewall Policy.

    id str

    Resource ID.

    identity ManagedServiceIdentityArgs

    The identity of the firewall policy.

    insights FirewallPolicyInsightsArgs

    Insights on Firewall Policy.

    intrusion_detection FirewallPolicyIntrusionDetectionArgs

    The configuration for Intrusion detection.

    location str

    Resource location.

    sku FirewallPolicySkuArgs

    The Firewall Policy SKU.

    snat FirewallPolicySNATArgs

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    sql FirewallPolicySQLArgs

    SQL Settings definition.

    tags Mapping[str, str]

    Resource tags.

    threat_intel_mode str | AzureFirewallThreatIntelMode

    The operation mode for Threat Intelligence.

    threat_intel_whitelist FirewallPolicyThreatIntelWhitelistArgs

    ThreatIntel Whitelist for Firewall Policy.

    transport_security FirewallPolicyTransportSecurityArgs

    TLS Configuration definition.

    resourceGroupName String

    The name of the resource group.

    basePolicy Property Map

    The parent firewall policy from which rules are inherited.

    dnsSettings Property Map

    DNS Proxy Settings definition.

    explicitProxy Property Map

    Explicit Proxy Settings definition.

    firewallPolicyName String

    The name of the Firewall Policy.

    id String

    Resource ID.

    identity Property Map

    The identity of the firewall policy.

    insights Property Map

    Insights on Firewall Policy.

    intrusionDetection Property Map

    The configuration for Intrusion detection.

    location String

    Resource location.

    sku Property Map

    The Firewall Policy SKU.

    snat Property Map

    The private IP addresses/IP ranges to which traffic will not be SNAT.

    sql Property Map

    SQL Settings definition.

    tags Map<String>

    Resource tags.

    threatIntelMode String | "Alert" | "Deny" | "Off"

    The operation mode for Threat Intelligence.

    threatIntelWhitelist Property Map

    ThreatIntel Whitelist for Firewall Policy.

    transportSecurity Property Map

    TLS Configuration definition.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

    ChildPolicies List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

    List of references to Child Firewall Policies.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    Firewalls List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    Resource name.

    ProvisioningState string

    The provisioning state of the firewall policy resource.

    RuleCollectionGroups List<Pulumi.AzureNative.Network.Outputs.SubResourceResponse>

    List of references to FirewallPolicyRuleCollectionGroups.

    Type string

    Resource type.

    ChildPolicies []SubResourceResponse

    List of references to Child Firewall Policies.

    Etag string

    A unique read-only string that changes whenever the resource is updated.

    Firewalls []SubResourceResponse

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    Id string

    The provider-assigned unique ID for this managed resource.

    Name string

    Resource name.

    ProvisioningState string

    The provisioning state of the firewall policy resource.

    RuleCollectionGroups []SubResourceResponse

    List of references to FirewallPolicyRuleCollectionGroups.

    Type string

    Resource type.

    childPolicies List<SubResourceResponse>

    List of references to Child Firewall Policies.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    firewalls List<SubResourceResponse>

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    Resource name.

    provisioningState String

    The provisioning state of the firewall policy resource.

    ruleCollectionGroups List<SubResourceResponse>

    List of references to FirewallPolicyRuleCollectionGroups.

    type String

    Resource type.

    childPolicies SubResourceResponse[]

    List of references to Child Firewall Policies.

    etag string

    A unique read-only string that changes whenever the resource is updated.

    firewalls SubResourceResponse[]

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    id string

    The provider-assigned unique ID for this managed resource.

    name string

    Resource name.

    provisioningState string

    The provisioning state of the firewall policy resource.

    ruleCollectionGroups SubResourceResponse[]

    List of references to FirewallPolicyRuleCollectionGroups.

    type string

    Resource type.

    child_policies Sequence[SubResourceResponse]

    List of references to Child Firewall Policies.

    etag str

    A unique read-only string that changes whenever the resource is updated.

    firewalls Sequence[SubResourceResponse]

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    id str

    The provider-assigned unique ID for this managed resource.

    name str

    Resource name.

    provisioning_state str

    The provisioning state of the firewall policy resource.

    rule_collection_groups Sequence[SubResourceResponse]

    List of references to FirewallPolicyRuleCollectionGroups.

    type str

    Resource type.

    childPolicies List<Property Map>

    List of references to Child Firewall Policies.

    etag String

    A unique read-only string that changes whenever the resource is updated.

    firewalls List<Property Map>

    List of references to Azure Firewalls that this Firewall Policy is associated with.

    id String

    The provider-assigned unique ID for this managed resource.

    name String

    Resource name.

    provisioningState String

    The provisioning state of the firewall policy resource.

    ruleCollectionGroups List<Property Map>

    List of references to FirewallPolicyRuleCollectionGroups.

    type String

    Resource type.

    Supporting Types

    AutoLearnPrivateRangesMode, AutoLearnPrivateRangesModeArgs

    Enabled
    Enabled
    Disabled
    Disabled
    AutoLearnPrivateRangesModeEnabled
    Enabled
    AutoLearnPrivateRangesModeDisabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    ENABLED
    Enabled
    DISABLED
    Disabled
    "Enabled"
    Enabled
    "Disabled"
    Disabled

    AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs

    Alert
    Alert
    Deny
    Deny
    Off
    Off
    AzureFirewallThreatIntelModeAlert
    Alert
    AzureFirewallThreatIntelModeDeny
    Deny
    AzureFirewallThreatIntelModeOff
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    ALERT
    Alert
    DENY
    Deny
    OFF
    Off
    "Alert"
    Alert
    "Deny"
    Deny
    "Off"
    Off

    DnsSettings, DnsSettingsArgs

    EnableProxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    RequireProxyForNetworkRules bool

    FQDNs in Network Rules are supported when set to true.

    Servers List<string>

    List of Custom DNS Servers.

    EnableProxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    RequireProxyForNetworkRules bool

    FQDNs in Network Rules are supported when set to true.

    Servers []string

    List of Custom DNS Servers.

    enableProxy Boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules Boolean

    FQDNs in Network Rules are supported when set to true.

    servers List<String>

    List of Custom DNS Servers.

    enableProxy boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules boolean

    FQDNs in Network Rules are supported when set to true.

    servers string[]

    List of Custom DNS Servers.

    enable_proxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    require_proxy_for_network_rules bool

    FQDNs in Network Rules are supported when set to true.

    servers Sequence[str]

    List of Custom DNS Servers.

    enableProxy Boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules Boolean

    FQDNs in Network Rules are supported when set to true.

    servers List<String>

    List of Custom DNS Servers.

    DnsSettingsResponse, DnsSettingsResponseArgs

    EnableProxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    RequireProxyForNetworkRules bool

    FQDNs in Network Rules are supported when set to true.

    Servers List<string>

    List of Custom DNS Servers.

    EnableProxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    RequireProxyForNetworkRules bool

    FQDNs in Network Rules are supported when set to true.

    Servers []string

    List of Custom DNS Servers.

    enableProxy Boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules Boolean

    FQDNs in Network Rules are supported when set to true.

    servers List<String>

    List of Custom DNS Servers.

    enableProxy boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules boolean

    FQDNs in Network Rules are supported when set to true.

    servers string[]

    List of Custom DNS Servers.

    enable_proxy bool

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    require_proxy_for_network_rules bool

    FQDNs in Network Rules are supported when set to true.

    servers Sequence[str]

    List of Custom DNS Servers.

    enableProxy Boolean

    Enable DNS Proxy on Firewalls attached to the Firewall Policy.

    requireProxyForNetworkRules Boolean

    FQDNs in Network Rules are supported when set to true.

    servers List<String>

    List of Custom DNS Servers.

    ExplicitProxy, ExplicitProxyArgs

    EnableExplicitProxy bool

    When set to true, explicit proxy mode is enabled.

    EnablePacFile bool

    When set to true, pac file port and url needs to be provided.

    HttpPort int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    HttpsPort int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    PacFile string

    SAS URL for PAC file.

    PacFilePort int

    Port number for firewall to serve PAC file.

    EnableExplicitProxy bool

    When set to true, explicit proxy mode is enabled.

    EnablePacFile bool

    When set to true, pac file port and url needs to be provided.

    HttpPort int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    HttpsPort int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    PacFile string

    SAS URL for PAC file.

    PacFilePort int

    Port number for firewall to serve PAC file.

    enableExplicitProxy Boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile Boolean

    When set to true, pac file port and url needs to be provided.

    httpPort Integer

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort Integer

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile String

    SAS URL for PAC file.

    pacFilePort Integer

    Port number for firewall to serve PAC file.

    enableExplicitProxy boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile boolean

    When set to true, pac file port and url needs to be provided.

    httpPort number

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort number

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile string

    SAS URL for PAC file.

    pacFilePort number

    Port number for firewall to serve PAC file.

    enable_explicit_proxy bool

    When set to true, explicit proxy mode is enabled.

    enable_pac_file bool

    When set to true, pac file port and url needs to be provided.

    http_port int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    https_port int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pac_file str

    SAS URL for PAC file.

    pac_file_port int

    Port number for firewall to serve PAC file.

    enableExplicitProxy Boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile Boolean

    When set to true, pac file port and url needs to be provided.

    httpPort Number

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort Number

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile String

    SAS URL for PAC file.

    pacFilePort Number

    Port number for firewall to serve PAC file.

    ExplicitProxyResponse, ExplicitProxyResponseArgs

    EnableExplicitProxy bool

    When set to true, explicit proxy mode is enabled.

    EnablePacFile bool

    When set to true, pac file port and url needs to be provided.

    HttpPort int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    HttpsPort int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    PacFile string

    SAS URL for PAC file.

    PacFilePort int

    Port number for firewall to serve PAC file.

    EnableExplicitProxy bool

    When set to true, explicit proxy mode is enabled.

    EnablePacFile bool

    When set to true, pac file port and url needs to be provided.

    HttpPort int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    HttpsPort int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    PacFile string

    SAS URL for PAC file.

    PacFilePort int

    Port number for firewall to serve PAC file.

    enableExplicitProxy Boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile Boolean

    When set to true, pac file port and url needs to be provided.

    httpPort Integer

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort Integer

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile String

    SAS URL for PAC file.

    pacFilePort Integer

    Port number for firewall to serve PAC file.

    enableExplicitProxy boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile boolean

    When set to true, pac file port and url needs to be provided.

    httpPort number

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort number

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile string

    SAS URL for PAC file.

    pacFilePort number

    Port number for firewall to serve PAC file.

    enable_explicit_proxy bool

    When set to true, explicit proxy mode is enabled.

    enable_pac_file bool

    When set to true, pac file port and url needs to be provided.

    http_port int

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    https_port int

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pac_file str

    SAS URL for PAC file.

    pac_file_port int

    Port number for firewall to serve PAC file.

    enableExplicitProxy Boolean

    When set to true, explicit proxy mode is enabled.

    enablePacFile Boolean

    When set to true, pac file port and url needs to be provided.

    httpPort Number

    Port number for explicit proxy http protocol, cannot be greater than 64000.

    httpsPort Number

    Port number for explicit proxy https protocol, cannot be greater than 64000.

    pacFile String

    SAS URL for PAC file.

    pacFilePort Number

    Port number for firewall to serve PAC file.

    FirewallPolicyCertificateAuthority, FirewallPolicyCertificateAuthorityArgs

    KeyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    Name string

    Name of the CA certificate.

    KeyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    Name string

    Name of the CA certificate.

    keyVaultSecretId String

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name String

    Name of the CA certificate.

    keyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name string

    Name of the CA certificate.

    key_vault_secret_id str

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name str

    Name of the CA certificate.

    keyVaultSecretId String

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name String

    Name of the CA certificate.

    FirewallPolicyCertificateAuthorityResponse, FirewallPolicyCertificateAuthorityResponseArgs

    KeyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    Name string

    Name of the CA certificate.

    KeyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    Name string

    Name of the CA certificate.

    keyVaultSecretId String

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name String

    Name of the CA certificate.

    keyVaultSecretId string

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name string

    Name of the CA certificate.

    key_vault_secret_id str

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name str

    Name of the CA certificate.

    keyVaultSecretId String

    Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.

    name String

    Name of the CA certificate.

    FirewallPolicyInsights, FirewallPolicyInsightsArgs

    IsEnabled bool

    A flag to indicate if the insights are enabled on the policy.

    LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResources

    Workspaces needed to configure the Firewall Policy Insights.

    RetentionDays int

    Number of days the insights should be enabled on the policy.

    IsEnabled bool

    A flag to indicate if the insights are enabled on the policy.

    LogAnalyticsResources FirewallPolicyLogAnalyticsResources

    Workspaces needed to configure the Firewall Policy Insights.

    RetentionDays int

    Number of days the insights should be enabled on the policy.

    isEnabled Boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources FirewallPolicyLogAnalyticsResources

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays Integer

    Number of days the insights should be enabled on the policy.

    isEnabled boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources FirewallPolicyLogAnalyticsResources

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays number

    Number of days the insights should be enabled on the policy.

    is_enabled bool

    A flag to indicate if the insights are enabled on the policy.

    log_analytics_resources FirewallPolicyLogAnalyticsResources

    Workspaces needed to configure the Firewall Policy Insights.

    retention_days int

    Number of days the insights should be enabled on the policy.

    isEnabled Boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources Property Map

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays Number

    Number of days the insights should be enabled on the policy.

    FirewallPolicyInsightsResponse, FirewallPolicyInsightsResponseArgs

    IsEnabled bool

    A flag to indicate if the insights are enabled on the policy.

    LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesResponse

    Workspaces needed to configure the Firewall Policy Insights.

    RetentionDays int

    Number of days the insights should be enabled on the policy.

    IsEnabled bool

    A flag to indicate if the insights are enabled on the policy.

    LogAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

    Workspaces needed to configure the Firewall Policy Insights.

    RetentionDays int

    Number of days the insights should be enabled on the policy.

    isEnabled Boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays Integer

    Number of days the insights should be enabled on the policy.

    isEnabled boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays number

    Number of days the insights should be enabled on the policy.

    is_enabled bool

    A flag to indicate if the insights are enabled on the policy.

    log_analytics_resources FirewallPolicyLogAnalyticsResourcesResponse

    Workspaces needed to configure the Firewall Policy Insights.

    retention_days int

    Number of days the insights should be enabled on the policy.

    isEnabled Boolean

    A flag to indicate if the insights are enabled on the policy.

    logAnalyticsResources Property Map

    Workspaces needed to configure the Firewall Policy Insights.

    retentionDays Number

    Number of days the insights should be enabled on the policy.

    FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

    Configuration FirewallPolicyIntrusionDetectionConfiguration

    Intrusion detection configuration properties.

    Mode string | FirewallPolicyIntrusionDetectionStateType

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfiguration

    Intrusion detection configuration properties.

    mode String | FirewallPolicyIntrusionDetectionStateType

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfiguration

    Intrusion detection configuration properties.

    mode string | FirewallPolicyIntrusionDetectionStateType

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfiguration

    Intrusion detection configuration properties.

    mode str | FirewallPolicyIntrusionDetectionStateType

    Intrusion detection general state.

    configuration Property Map

    Intrusion detection configuration properties.

    mode String | "Off" | "Alert" | "Deny"

    Intrusion detection general state.

    FirewallPolicyIntrusionDetectionBypassTrafficSpecifications, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs

    Description string

    Description of the bypass traffic rule.

    DestinationAddresses List<string>

    List of destination IP addresses or ranges for this rule.

    DestinationIpGroups List<string>

    List of destination IpGroups for this rule.

    DestinationPorts List<string>

    List of destination ports or ranges.

    Name string

    Name of the bypass traffic rule.

    Protocol string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol

    The rule bypass protocol.

    SourceAddresses List<string>

    List of source IP addresses or ranges for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    Description string

    Description of the bypass traffic rule.

    DestinationAddresses []string

    List of destination IP addresses or ranges for this rule.

    DestinationIpGroups []string

    List of destination IpGroups for this rule.

    DestinationPorts []string

    List of destination ports or ranges.

    Name string

    Name of the bypass traffic rule.

    Protocol string | FirewallPolicyIntrusionDetectionProtocol

    The rule bypass protocol.

    SourceAddresses []string

    List of source IP addresses or ranges for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    description String

    Description of the bypass traffic rule.

    destinationAddresses List<String>

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports or ranges.

    name String

    Name of the bypass traffic rule.

    protocol String | FirewallPolicyIntrusionDetectionProtocol

    The rule bypass protocol.

    sourceAddresses List<String>

    List of source IP addresses or ranges for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    description string

    Description of the bypass traffic rule.

    destinationAddresses string[]

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups string[]

    List of destination IpGroups for this rule.

    destinationPorts string[]

    List of destination ports or ranges.

    name string

    Name of the bypass traffic rule.

    protocol string | FirewallPolicyIntrusionDetectionProtocol

    The rule bypass protocol.

    sourceAddresses string[]

    List of source IP addresses or ranges for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    description str

    Description of the bypass traffic rule.

    destination_addresses Sequence[str]

    List of destination IP addresses or ranges for this rule.

    destination_ip_groups Sequence[str]

    List of destination IpGroups for this rule.

    destination_ports Sequence[str]

    List of destination ports or ranges.

    name str

    Name of the bypass traffic rule.

    protocol str | FirewallPolicyIntrusionDetectionProtocol

    The rule bypass protocol.

    source_addresses Sequence[str]

    List of source IP addresses or ranges for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    description String

    Description of the bypass traffic rule.

    destinationAddresses List<String>

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports or ranges.

    name String

    Name of the bypass traffic rule.

    protocol String | "TCP" | "UDP" | "ICMP" | "ANY"

    The rule bypass protocol.

    sourceAddresses List<String>

    List of source IP addresses or ranges for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs

    Description string

    Description of the bypass traffic rule.

    DestinationAddresses List<string>

    List of destination IP addresses or ranges for this rule.

    DestinationIpGroups List<string>

    List of destination IpGroups for this rule.

    DestinationPorts List<string>

    List of destination ports or ranges.

    Name string

    Name of the bypass traffic rule.

    Protocol string

    The rule bypass protocol.

    SourceAddresses List<string>

    List of source IP addresses or ranges for this rule.

    SourceIpGroups List<string>

    List of source IpGroups for this rule.

    Description string

    Description of the bypass traffic rule.

    DestinationAddresses []string

    List of destination IP addresses or ranges for this rule.

    DestinationIpGroups []string

    List of destination IpGroups for this rule.

    DestinationPorts []string

    List of destination ports or ranges.

    Name string

    Name of the bypass traffic rule.

    Protocol string

    The rule bypass protocol.

    SourceAddresses []string

    List of source IP addresses or ranges for this rule.

    SourceIpGroups []string

    List of source IpGroups for this rule.

    description String

    Description of the bypass traffic rule.

    destinationAddresses List<String>

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports or ranges.

    name String

    Name of the bypass traffic rule.

    protocol String

    The rule bypass protocol.

    sourceAddresses List<String>

    List of source IP addresses or ranges for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    description string

    Description of the bypass traffic rule.

    destinationAddresses string[]

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups string[]

    List of destination IpGroups for this rule.

    destinationPorts string[]

    List of destination ports or ranges.

    name string

    Name of the bypass traffic rule.

    protocol string

    The rule bypass protocol.

    sourceAddresses string[]

    List of source IP addresses or ranges for this rule.

    sourceIpGroups string[]

    List of source IpGroups for this rule.

    description str

    Description of the bypass traffic rule.

    destination_addresses Sequence[str]

    List of destination IP addresses or ranges for this rule.

    destination_ip_groups Sequence[str]

    List of destination IpGroups for this rule.

    destination_ports Sequence[str]

    List of destination ports or ranges.

    name str

    Name of the bypass traffic rule.

    protocol str

    The rule bypass protocol.

    source_addresses Sequence[str]

    List of source IP addresses or ranges for this rule.

    source_ip_groups Sequence[str]

    List of source IpGroups for this rule.

    description String

    Description of the bypass traffic rule.

    destinationAddresses List<String>

    List of destination IP addresses or ranges for this rule.

    destinationIpGroups List<String>

    List of destination IpGroups for this rule.

    destinationPorts List<String>

    List of destination ports or ranges.

    name String

    Name of the bypass traffic rule.

    protocol String

    The rule bypass protocol.

    sourceAddresses List<String>

    List of source IP addresses or ranges for this rule.

    sourceIpGroups List<String>

    List of source IpGroups for this rule.

    FirewallPolicyIntrusionDetectionConfiguration, FirewallPolicyIntrusionDetectionConfigurationArgs

    BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>

    List of rules for traffic to bypass.

    PrivateRanges List<string>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecification>

    List of specific signatures states.

    BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

    List of rules for traffic to bypass.

    PrivateRanges []string

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecification

    List of specific signatures states.

    bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>

    List of rules for traffic to bypass.

    privateRanges List<String>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecification>

    List of specific signatures states.

    bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]

    List of rules for traffic to bypass.

    privateRanges string[]

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecification[]

    List of specific signatures states.

    bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecifications]

    List of rules for traffic to bypass.

    private_ranges Sequence[str]

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecification]

    List of specific signatures states.

    bypassTrafficSettings List<Property Map>

    List of rules for traffic to bypass.

    privateRanges List<String>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides List<Property Map>

    List of specific signatures states.

    FirewallPolicyIntrusionDetectionConfigurationResponse, FirewallPolicyIntrusionDetectionConfigurationResponseArgs

    BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>

    List of rules for traffic to bypass.

    PrivateRanges List<string>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>

    List of specific signatures states.

    BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse

    List of rules for traffic to bypass.

    PrivateRanges []string

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecificationResponse

    List of specific signatures states.

    bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>

    List of rules for traffic to bypass.

    privateRanges List<String>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>

    List of specific signatures states.

    bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse[]

    List of rules for traffic to bypass.

    privateRanges string[]

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecificationResponse[]

    List of specific signatures states.

    bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse]

    List of rules for traffic to bypass.

    private_ranges Sequence[str]

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecificationResponse]

    List of specific signatures states.

    bypassTrafficSettings List<Property Map>

    List of rules for traffic to bypass.

    privateRanges List<String>

    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property

    signatureOverrides List<Property Map>

    List of specific signatures states.

    FirewallPolicyIntrusionDetectionProtocol, FirewallPolicyIntrusionDetectionProtocolArgs

    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    FirewallPolicyIntrusionDetectionProtocolTCP
    TCP
    FirewallPolicyIntrusionDetectionProtocolUDP
    UDP
    FirewallPolicyIntrusionDetectionProtocolICMP
    ICMP
    FirewallPolicyIntrusionDetectionProtocolANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    "TCP"
    TCP
    "UDP"
    UDP
    "ICMP"
    ICMP
    "ANY"
    ANY

    FirewallPolicyIntrusionDetectionResponse, FirewallPolicyIntrusionDetectionResponseArgs

    Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationResponse

    Intrusion detection configuration properties.

    Mode string

    Intrusion detection general state.

    Configuration FirewallPolicyIntrusionDetectionConfigurationResponse

    Intrusion detection configuration properties.

    Mode string

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfigurationResponse

    Intrusion detection configuration properties.

    mode String

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfigurationResponse

    Intrusion detection configuration properties.

    mode string

    Intrusion detection general state.

    configuration FirewallPolicyIntrusionDetectionConfigurationResponse

    Intrusion detection configuration properties.

    mode str

    Intrusion detection general state.

    configuration Property Map

    Intrusion detection configuration properties.

    mode String

    Intrusion detection general state.

    FirewallPolicyIntrusionDetectionSignatureSpecification, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs

    Id string

    Signature id.

    Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType

    The signature state.

    Id string

    Signature id.

    Mode string | FirewallPolicyIntrusionDetectionStateType

    The signature state.

    id String

    Signature id.

    mode String | FirewallPolicyIntrusionDetectionStateType

    The signature state.

    id string

    Signature id.

    mode string | FirewallPolicyIntrusionDetectionStateType

    The signature state.

    id str

    Signature id.

    mode str | FirewallPolicyIntrusionDetectionStateType

    The signature state.

    id String

    Signature id.

    mode String | "Off" | "Alert" | "Deny"

    The signature state.

    FirewallPolicyIntrusionDetectionSignatureSpecificationResponse, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs

    Id string

    Signature id.

    Mode string

    The signature state.

    Id string

    Signature id.

    Mode string

    The signature state.

    id String

    Signature id.

    mode String

    The signature state.

    id string

    Signature id.

    mode string

    The signature state.

    id str

    Signature id.

    mode str

    The signature state.

    id String

    Signature id.

    mode String

    The signature state.

    FirewallPolicyIntrusionDetectionStateType, FirewallPolicyIntrusionDetectionStateTypeArgs

    Off
    Off
    Alert
    Alert
    Deny
    Deny
    FirewallPolicyIntrusionDetectionStateTypeOff
    Off
    FirewallPolicyIntrusionDetectionStateTypeAlert
    Alert
    FirewallPolicyIntrusionDetectionStateTypeDeny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    OFF
    Off
    ALERT
    Alert
    DENY
    Deny
    "Off"
    Off
    "Alert"
    Alert
    "Deny"
    Deny

    FirewallPolicyLogAnalyticsResources, FirewallPolicyLogAnalyticsResourcesArgs

    DefaultWorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource

    The default workspace Id for Firewall Policy Insights.

    Workspaces List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspace>

    List of workspaces for Firewall Policy Insights.

    DefaultWorkspaceId SubResource

    The default workspace Id for Firewall Policy Insights.

    Workspaces []FirewallPolicyLogAnalyticsWorkspace

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId SubResource

    The default workspace Id for Firewall Policy Insights.

    workspaces List<FirewallPolicyLogAnalyticsWorkspace>

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId SubResource

    The default workspace Id for Firewall Policy Insights.

    workspaces FirewallPolicyLogAnalyticsWorkspace[]

    List of workspaces for Firewall Policy Insights.

    default_workspace_id SubResource

    The default workspace Id for Firewall Policy Insights.

    workspaces Sequence[FirewallPolicyLogAnalyticsWorkspace]

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId Property Map

    The default workspace Id for Firewall Policy Insights.

    workspaces List<Property Map>

    List of workspaces for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsResourcesResponse, FirewallPolicyLogAnalyticsResourcesResponseArgs

    DefaultWorkspaceId SubResourceResponse

    The default workspace Id for Firewall Policy Insights.

    Workspaces []FirewallPolicyLogAnalyticsWorkspaceResponse

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId SubResourceResponse

    The default workspace Id for Firewall Policy Insights.

    workspaces List<FirewallPolicyLogAnalyticsWorkspaceResponse>

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId SubResourceResponse

    The default workspace Id for Firewall Policy Insights.

    workspaces FirewallPolicyLogAnalyticsWorkspaceResponse[]

    List of workspaces for Firewall Policy Insights.

    default_workspace_id SubResourceResponse

    The default workspace Id for Firewall Policy Insights.

    workspaces Sequence[FirewallPolicyLogAnalyticsWorkspaceResponse]

    List of workspaces for Firewall Policy Insights.

    defaultWorkspaceId Property Map

    The default workspace Id for Firewall Policy Insights.

    workspaces List<Property Map>

    List of workspaces for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsWorkspace, FirewallPolicyLogAnalyticsWorkspaceArgs

    Region string

    Region to configure the Workspace.

    WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource

    The workspace Id for Firewall Policy Insights.

    Region string

    Region to configure the Workspace.

    WorkspaceId SubResource

    The workspace Id for Firewall Policy Insights.

    region String

    Region to configure the Workspace.

    workspaceId SubResource

    The workspace Id for Firewall Policy Insights.

    region string

    Region to configure the Workspace.

    workspaceId SubResource

    The workspace Id for Firewall Policy Insights.

    region str

    Region to configure the Workspace.

    workspace_id SubResource

    The workspace Id for Firewall Policy Insights.

    region String

    Region to configure the Workspace.

    workspaceId Property Map

    The workspace Id for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsWorkspaceResponse, FirewallPolicyLogAnalyticsWorkspaceResponseArgs

    Region string

    Region to configure the Workspace.

    WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResourceResponse

    The workspace Id for Firewall Policy Insights.

    Region string

    Region to configure the Workspace.

    WorkspaceId SubResourceResponse

    The workspace Id for Firewall Policy Insights.

    region String

    Region to configure the Workspace.

    workspaceId SubResourceResponse

    The workspace Id for Firewall Policy Insights.

    region string

    Region to configure the Workspace.

    workspaceId SubResourceResponse

    The workspace Id for Firewall Policy Insights.

    region str

    Region to configure the Workspace.

    workspace_id SubResourceResponse

    The workspace Id for Firewall Policy Insights.

    region String

    Region to configure the Workspace.

    workspaceId Property Map

    The workspace Id for Firewall Policy Insights.

    FirewallPolicySNAT, FirewallPolicySNATArgs

    AutoLearnPrivateRanges string | Pulumi.AzureNative.Network.AutoLearnPrivateRangesMode

    The operation mode for automatically learning private ranges to not be SNAT

    PrivateRanges List<string>

    List of private IP addresses/IP address ranges to not be SNAT.

    AutoLearnPrivateRanges string | AutoLearnPrivateRangesMode

    The operation mode for automatically learning private ranges to not be SNAT

    PrivateRanges []string

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges String | AutoLearnPrivateRangesMode

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges List<String>

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges string | AutoLearnPrivateRangesMode

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges string[]

    List of private IP addresses/IP address ranges to not be SNAT.

    auto_learn_private_ranges str | AutoLearnPrivateRangesMode

    The operation mode for automatically learning private ranges to not be SNAT

    private_ranges Sequence[str]

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges String | "Enabled" | "Disabled"

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges List<String>

    List of private IP addresses/IP address ranges to not be SNAT.

    FirewallPolicySNATResponse, FirewallPolicySNATResponseArgs

    AutoLearnPrivateRanges string

    The operation mode for automatically learning private ranges to not be SNAT

    PrivateRanges List<string>

    List of private IP addresses/IP address ranges to not be SNAT.

    AutoLearnPrivateRanges string

    The operation mode for automatically learning private ranges to not be SNAT

    PrivateRanges []string

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges String

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges List<String>

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges string

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges string[]

    List of private IP addresses/IP address ranges to not be SNAT.

    auto_learn_private_ranges str

    The operation mode for automatically learning private ranges to not be SNAT

    private_ranges Sequence[str]

    List of private IP addresses/IP address ranges to not be SNAT.

    autoLearnPrivateRanges String

    The operation mode for automatically learning private ranges to not be SNAT

    privateRanges List<String>

    List of private IP addresses/IP address ranges to not be SNAT.

    FirewallPolicySQL, FirewallPolicySQLArgs

    AllowSqlRedirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    AllowSqlRedirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect Boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allow_sql_redirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect Boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    FirewallPolicySQLResponse, FirewallPolicySQLResponseArgs

    AllowSqlRedirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    AllowSqlRedirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect Boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allow_sql_redirect bool

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    allowSqlRedirect Boolean

    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    FirewallPolicySku, FirewallPolicySkuArgs

    Tier string | FirewallPolicySkuTier

    Tier of Firewall Policy.

    tier String | FirewallPolicySkuTier

    Tier of Firewall Policy.

    tier string | FirewallPolicySkuTier

    Tier of Firewall Policy.

    tier str | FirewallPolicySkuTier

    Tier of Firewall Policy.

    tier String | "Standard" | "Premium" | "Basic"

    Tier of Firewall Policy.

    FirewallPolicySkuResponse, FirewallPolicySkuResponseArgs

    Tier string

    Tier of Firewall Policy.

    Tier string

    Tier of Firewall Policy.

    tier String

    Tier of Firewall Policy.

    tier string

    Tier of Firewall Policy.

    tier str

    Tier of Firewall Policy.

    tier String

    Tier of Firewall Policy.

    FirewallPolicySkuTier, FirewallPolicySkuTierArgs

    Standard
    Standard
    Premium
    Premium
    Basic
    Basic
    FirewallPolicySkuTierStandard
    Standard
    FirewallPolicySkuTierPremium
    Premium
    FirewallPolicySkuTierBasic
    Basic
    Standard
    Standard
    Premium
    Premium
    Basic
    Basic
    Standard
    Standard
    Premium
    Premium
    Basic
    Basic
    STANDARD
    Standard
    PREMIUM
    Premium
    BASIC
    Basic
    "Standard"
    Standard
    "Premium"
    Premium
    "Basic"
    Basic

    FirewallPolicyThreatIntelWhitelist, FirewallPolicyThreatIntelWhitelistArgs

    Fqdns List<string>

    List of FQDNs for the ThreatIntel Whitelist.

    IpAddresses List<string>

    List of IP addresses for the ThreatIntel Whitelist.

    Fqdns []string

    List of FQDNs for the ThreatIntel Whitelist.

    IpAddresses []string

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns List<String>

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses List<String>

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns string[]

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses string[]

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns Sequence[str]

    List of FQDNs for the ThreatIntel Whitelist.

    ip_addresses Sequence[str]

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns List<String>

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses List<String>

    List of IP addresses for the ThreatIntel Whitelist.

    FirewallPolicyThreatIntelWhitelistResponse, FirewallPolicyThreatIntelWhitelistResponseArgs

    Fqdns List<string>

    List of FQDNs for the ThreatIntel Whitelist.

    IpAddresses List<string>

    List of IP addresses for the ThreatIntel Whitelist.

    Fqdns []string

    List of FQDNs for the ThreatIntel Whitelist.

    IpAddresses []string

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns List<String>

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses List<String>

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns string[]

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses string[]

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns Sequence[str]

    List of FQDNs for the ThreatIntel Whitelist.

    ip_addresses Sequence[str]

    List of IP addresses for the ThreatIntel Whitelist.

    fqdns List<String>

    List of FQDNs for the ThreatIntel Whitelist.

    ipAddresses List<String>

    List of IP addresses for the ThreatIntel Whitelist.

    FirewallPolicyTransportSecurity, FirewallPolicyTransportSecurityArgs

    CertificateAuthority FirewallPolicyCertificateAuthority

    The CA used for intermediate CA generation.

    certificateAuthority FirewallPolicyCertificateAuthority

    The CA used for intermediate CA generation.

    certificateAuthority FirewallPolicyCertificateAuthority

    The CA used for intermediate CA generation.

    certificate_authority FirewallPolicyCertificateAuthority

    The CA used for intermediate CA generation.

    certificateAuthority Property Map

    The CA used for intermediate CA generation.

    FirewallPolicyTransportSecurityResponse, FirewallPolicyTransportSecurityResponseArgs

    CertificateAuthority FirewallPolicyCertificateAuthorityResponse

    The CA used for intermediate CA generation.

    certificateAuthority FirewallPolicyCertificateAuthorityResponse

    The CA used for intermediate CA generation.

    certificateAuthority FirewallPolicyCertificateAuthorityResponse

    The CA used for intermediate CA generation.

    certificate_authority FirewallPolicyCertificateAuthorityResponse

    The CA used for intermediate CA generation.

    certificateAuthority Property Map

    The CA used for intermediate CA generation.

    ManagedServiceIdentity, ManagedServiceIdentityArgs

    Type Pulumi.AzureNative.Network.ResourceIdentityType

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    UserAssignedIdentities List<string>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    Type ResourceIdentityType

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    UserAssignedIdentities []string

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    type ResourceIdentityType

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities List<String>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    type ResourceIdentityType

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities string[]

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    type ResourceIdentityType

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    user_assigned_identities Sequence[str]

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    type "SystemAssigned" | "UserAssigned" | "SystemAssigned, UserAssigned" | "None"

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities List<String>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    ManagedServiceIdentityResponse, ManagedServiceIdentityResponseArgs

    PrincipalId string

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    TenantId string

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    Type string

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    UserAssignedIdentities Dictionary<string, Pulumi.AzureNative.Network.Inputs.ManagedServiceIdentityResponseUserAssignedIdentities>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    PrincipalId string

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    TenantId string

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    Type string

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    UserAssignedIdentities map[string]ManagedServiceIdentityResponseUserAssignedIdentities

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    principalId String

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    tenantId String

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    type String

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities Map<String,ManagedServiceIdentityResponseUserAssignedIdentities>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    principalId string

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    tenantId string

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    type string

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities {[key: string]: ManagedServiceIdentityResponseUserAssignedIdentities}

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    principal_id str

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    tenant_id str

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    type str

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    user_assigned_identities Mapping[str, ManagedServiceIdentityResponseUserAssignedIdentities]

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    principalId String

    The principal id of the system assigned identity. This property will only be provided for a system assigned identity.

    tenantId String

    The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.

    type String

    The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

    userAssignedIdentities Map<Property Map>

    The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.

    ManagedServiceIdentityResponseUserAssignedIdentities, ManagedServiceIdentityResponseUserAssignedIdentitiesArgs

    ClientId string

    The client id of user assigned identity.

    PrincipalId string

    The principal id of user assigned identity.

    ClientId string

    The client id of user assigned identity.

    PrincipalId string

    The principal id of user assigned identity.

    clientId String

    The client id of user assigned identity.

    principalId String

    The principal id of user assigned identity.

    clientId string

    The client id of user assigned identity.

    principalId string

    The principal id of user assigned identity.

    client_id str

    The client id of user assigned identity.

    principal_id str

    The principal id of user assigned identity.

    clientId String

    The client id of user assigned identity.

    principalId String

    The principal id of user assigned identity.

    ResourceIdentityType, ResourceIdentityTypeArgs

    SystemAssigned
    SystemAssigned
    UserAssigned
    UserAssigned
    SystemAssigned_UserAssigned
    SystemAssigned, UserAssigned
    None
    None
    ResourceIdentityTypeSystemAssigned
    SystemAssigned
    ResourceIdentityTypeUserAssigned
    UserAssigned
    ResourceIdentityType_SystemAssigned_UserAssigned
    SystemAssigned, UserAssigned
    ResourceIdentityTypeNone
    None
    SystemAssigned
    SystemAssigned
    UserAssigned
    UserAssigned
    SystemAssigned_UserAssigned
    SystemAssigned, UserAssigned
    None
    None
    SystemAssigned
    SystemAssigned
    UserAssigned
    UserAssigned
    SystemAssigned_UserAssigned
    SystemAssigned, UserAssigned
    None
    None
    SYSTEM_ASSIGNED
    SystemAssigned
    USER_ASSIGNED
    UserAssigned
    SYSTEM_ASSIGNED_USER_ASSIGNED
    SystemAssigned, UserAssigned
    NONE
    None
    "SystemAssigned"
    SystemAssigned
    "UserAssigned"
    UserAssigned
    "SystemAssigned, UserAssigned"
    SystemAssigned, UserAssigned
    "None"
    None

    SubResource, SubResourceArgs

    Id string

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    Id string

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    id String

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    id string

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    id str

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    id String

    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    SubResourceResponse, SubResourceResponseArgs

    Id string

    Resource ID.

    Id string

    Resource ID.

    id String

    Resource ID.

    id string

    Resource ID.

    id str

    Resource ID.

    id String

    Resource ID.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:network:FirewallPolicy firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName} 
    

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.10.0 published on Wednesday, Oct 4, 2023 by Pulumi