Azure Classic

Pulumi Official
Package maintained by Pulumi
v5.8.0 published on Friday, May 27, 2022 by Pulumi

Firewall

Manages an Azure Firewall.

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new Azure.Core.ResourceGroupArgs
        {
            Location = "West Europe",
        });
        var exampleVirtualNetwork = new Azure.Network.VirtualNetwork("exampleVirtualNetwork", new Azure.Network.VirtualNetworkArgs
        {
            AddressSpaces = 
            {
                "10.0.0.0/16",
            },
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
        });
        var exampleSubnet = new Azure.Network.Subnet("exampleSubnet", new Azure.Network.SubnetArgs
        {
            ResourceGroupName = exampleResourceGroup.Name,
            VirtualNetworkName = exampleVirtualNetwork.Name,
            AddressPrefixes = 
            {
                "10.0.1.0/24",
            },
        });
        var examplePublicIp = new Azure.Network.PublicIp("examplePublicIp", new Azure.Network.PublicIpArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            AllocationMethod = "Static",
            Sku = "Standard",
        });
        var exampleFirewall = new Azure.Network.Firewall("exampleFirewall", new Azure.Network.FirewallArgs
        {
            Location = exampleResourceGroup.Location,
            ResourceGroupName = exampleResourceGroup.Name,
            IpConfigurations = 
            {
                new Azure.Network.Inputs.FirewallIpConfigurationArgs
                {
                    Name = "configuration",
                    SubnetId = exampleSubnet.Id,
                    PublicIpAddressId = examplePublicIp.Id,
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		exampleVirtualNetwork, err := network.NewVirtualNetwork(ctx, "exampleVirtualNetwork", &network.VirtualNetworkArgs{
			AddressSpaces: pulumi.StringArray{
				pulumi.String("10.0.0.0/16"),
			},
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
		})
		if err != nil {
			return err
		}
		exampleSubnet, err := network.NewSubnet(ctx, "exampleSubnet", &network.SubnetArgs{
			ResourceGroupName:  exampleResourceGroup.Name,
			VirtualNetworkName: exampleVirtualNetwork.Name,
			AddressPrefixes: pulumi.StringArray{
				pulumi.String("10.0.1.0/24"),
			},
		})
		if err != nil {
			return err
		}
		examplePublicIp, err := network.NewPublicIp(ctx, "examplePublicIp", &network.PublicIpArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			AllocationMethod:  pulumi.String("Static"),
			Sku:               pulumi.String("Standard"),
		})
		if err != nil {
			return err
		}
		_, err = network.NewFirewall(ctx, "exampleFirewall", &network.FirewallArgs{
			Location:          exampleResourceGroup.Location,
			ResourceGroupName: exampleResourceGroup.Name,
			IpConfigurations: network.FirewallIpConfigurationArray{
				&network.FirewallIpConfigurationArgs{
					Name:              pulumi.String("configuration"),
					SubnetId:          exampleSubnet.ID(),
					PublicIpAddressId: examplePublicIp.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var exampleVirtualNetwork = new VirtualNetwork("exampleVirtualNetwork", VirtualNetworkArgs.builder()        
            .addressSpaces("10.0.0.0/16")
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .build());

        var exampleSubnet = new Subnet("exampleSubnet", SubnetArgs.builder()        
            .resourceGroupName(exampleResourceGroup.name())
            .virtualNetworkName(exampleVirtualNetwork.name())
            .addressPrefixes("10.0.1.0/24")
            .build());

        var examplePublicIp = new PublicIp("examplePublicIp", PublicIpArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .allocationMethod("Static")
            .sku("Standard")
            .build());

        var exampleFirewall = new Firewall("exampleFirewall", FirewallArgs.builder()        
            .location(exampleResourceGroup.location())
            .resourceGroupName(exampleResourceGroup.name())
            .ipConfigurations(FirewallIpConfigurationArgs.builder()
                .name("configuration")
                .subnetId(exampleSubnet.id())
                .publicIpAddressId(examplePublicIp.id())
                .build())
            .build());

    }
}
import pulumi
import pulumi_azure as azure

example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_virtual_network = azure.network.VirtualNetwork("exampleVirtualNetwork",
    address_spaces=["10.0.0.0/16"],
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name)
example_subnet = azure.network.Subnet("exampleSubnet",
    resource_group_name=example_resource_group.name,
    virtual_network_name=example_virtual_network.name,
    address_prefixes=["10.0.1.0/24"])
example_public_ip = azure.network.PublicIp("examplePublicIp",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    allocation_method="Static",
    sku="Standard")
example_firewall = azure.network.Firewall("exampleFirewall",
    location=example_resource_group.location,
    resource_group_name=example_resource_group.name,
    ip_configurations=[azure.network.FirewallIpConfigurationArgs(
        name="configuration",
        subnet_id=example_subnet.id,
        public_ip_address_id=example_public_ip.id,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleVirtualNetwork = new azure.network.VirtualNetwork("exampleVirtualNetwork", {
    addressSpaces: ["10.0.0.0/16"],
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
});
const exampleSubnet = new azure.network.Subnet("exampleSubnet", {
    resourceGroupName: exampleResourceGroup.name,
    virtualNetworkName: exampleVirtualNetwork.name,
    addressPrefixes: ["10.0.1.0/24"],
});
const examplePublicIp = new azure.network.PublicIp("examplePublicIp", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    allocationMethod: "Static",
    sku: "Standard",
});
const exampleFirewall = new azure.network.Firewall("exampleFirewall", {
    location: exampleResourceGroup.location,
    resourceGroupName: exampleResourceGroup.name,
    ipConfigurations: [{
        name: "configuration",
        subnetId: exampleSubnet.id,
        publicIpAddressId: examplePublicIp.id,
    }],
});
resources:
  exampleResourceGroup:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  exampleVirtualNetwork:
    type: azure:network:VirtualNetwork
    properties:
      addressSpaces:
        - 10.0.0.0/16
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
  exampleSubnet:
    type: azure:network:Subnet
    properties:
      resourceGroupName: ${exampleResourceGroup.name}
      virtualNetworkName: ${exampleVirtualNetwork.name}
      addressPrefixes:
        - 10.0.1.0/24
  examplePublicIp:
    type: azure:network:PublicIp
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      allocationMethod: Static
      sku: Standard
  exampleFirewall:
    type: azure:network:Firewall
    properties:
      location: ${exampleResourceGroup.location}
      resourceGroupName: ${exampleResourceGroup.name}
      ipConfigurations:
        - name: configuration
          subnetId: ${exampleSubnet.id}
          publicIpAddressId: ${examplePublicIp.id}

Create a Firewall Resource

new Firewall(name: string, args: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             dns_servers: Optional[Sequence[str]] = None,
             firewall_policy_id: Optional[str] = None,
             ip_configurations: Optional[Sequence[FirewallIpConfigurationArgs]] = None,
             location: Optional[str] = None,
             management_ip_configuration: Optional[FirewallManagementIpConfigurationArgs] = None,
             name: Optional[str] = None,
             private_ip_ranges: Optional[Sequence[str]] = None,
             resource_group_name: Optional[str] = None,
             sku_name: Optional[str] = None,
             sku_tier: Optional[str] = None,
             tags: Optional[Mapping[str, str]] = None,
             threat_intel_mode: Optional[str] = None,
             virtual_hub: Optional[FirewallVirtualHubArgs] = None,
             zones: Optional[Sequence[str]] = None)
@overload
def Firewall(resource_name: str,
             args: FirewallArgs,
             opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs args, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: azure:network:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

ResourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

SkuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

SkuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

DnsServers List<string>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

FirewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

IpConfigurations List<FirewallIpConfigurationArgs>

An ip_configuration block as documented below.

Location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

ManagementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

Name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

PrivateIpRanges List<string>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

ThreatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

VirtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

Zones List<string>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

ResourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

SkuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

SkuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

DnsServers []string

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

FirewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

IpConfigurations []FirewallIpConfigurationArgs

An ip_configuration block as documented below.

Location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

ManagementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

Name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

PrivateIpRanges []string

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

Tags map[string]string

A mapping of tags to assign to the resource.

ThreatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

VirtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

Zones []string

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

resourceGroupName String

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName String

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier String

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

dnsServers List<String>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId String

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations List<FirewallIpConfigurationArgs>

An ip_configuration block as documented below.

location String

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name String

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges List<String>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

tags Map<String,String>

A mapping of tags to assign to the resource.

threatIntelMode String

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones List<String>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

resourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

dnsServers string[]

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations FirewallIpConfigurationArgs[]

An ip_configuration block as documented below.

location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges string[]

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

threatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones string[]

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

resource_group_name str

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

sku_name str

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

sku_tier str

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

dns_servers Sequence[str]

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewall_policy_id str

The ID of the Firewall Policy applied to this Firewall.

ip_configurations Sequence[FirewallIpConfigurationArgs]

An ip_configuration block as documented below.

location str

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

management_ip_configuration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name str

Specifies the name of the Firewall. Changing this forces a new resource to be created.

private_ip_ranges Sequence[str]

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

threat_intel_mode str

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtual_hub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones Sequence[str]

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

resourceGroupName String

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName String

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier String

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

dnsServers List<String>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId String

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations List<Property Map>

An ip_configuration block as documented below.

location String

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration Property Map

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name String

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges List<String>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

tags Map<String>

A mapping of tags to assign to the resource.

threatIntelMode String

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub Property Map

A virtual_hub block as documented below.

zones List<String>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up an Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        dns_servers: Optional[Sequence[str]] = None,
        firewall_policy_id: Optional[str] = None,
        ip_configurations: Optional[Sequence[FirewallIpConfigurationArgs]] = None,
        location: Optional[str] = None,
        management_ip_configuration: Optional[FirewallManagementIpConfigurationArgs] = None,
        name: Optional[str] = None,
        private_ip_ranges: Optional[Sequence[str]] = None,
        resource_group_name: Optional[str] = None,
        sku_name: Optional[str] = None,
        sku_tier: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        threat_intel_mode: Optional[str] = None,
        virtual_hub: Optional[FirewallVirtualHubArgs] = None,
        zones: Optional[Sequence[str]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
DnsServers List<string>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

FirewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

IpConfigurations List<FirewallIpConfigurationArgs>

An ip_configuration block as documented below.

Location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

ManagementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

Name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

PrivateIpRanges List<string>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

ResourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

SkuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

SkuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

Tags Dictionary<string, string>

A mapping of tags to assign to the resource.

ThreatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

VirtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

Zones List<string>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

DnsServers []string

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

FirewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

IpConfigurations []FirewallIpConfigurationArgs

An ip_configuration block as documented below.

Location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

ManagementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

Name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

PrivateIpRanges []string

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

ResourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

SkuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

SkuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

Tags map[string]string

A mapping of tags to assign to the resource.

ThreatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

VirtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

Zones []string

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

dnsServers List<String>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId String

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations List<FirewallIpConfigurationArgs>

An ip_configuration block as documented below.

location String

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name String

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges List<String>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

resourceGroupName String

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName String

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier String

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

tags Map<String,String>

A mapping of tags to assign to the resource.

threatIntelMode String

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones List<String>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

dnsServers string[]

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId string

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations FirewallIpConfigurationArgs[]

An ip_configuration block as documented below.

location string

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name string

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges string[]

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

resourceGroupName string

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName string

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier string

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

tags {[key: string]: string}

A mapping of tags to assign to the resource.

threatIntelMode string

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones string[]

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

dns_servers Sequence[str]

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewall_policy_id str

The ID of the Firewall Policy applied to this Firewall.

ip_configurations Sequence[FirewallIpConfigurationArgs]

An ip_configuration block as documented below.

location str

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

management_ip_configuration FirewallManagementIpConfigurationArgs

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name str

Specifies the name of the Firewall. Changing this forces a new resource to be created.

private_ip_ranges Sequence[str]

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

resource_group_name str

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

sku_name str

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

sku_tier str

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

tags Mapping[str, str]

A mapping of tags to assign to the resource.

threat_intel_mode str

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtual_hub FirewallVirtualHubArgs

A virtual_hub block as documented below.

zones Sequence[str]

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

dnsServers List<String>

A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution.

firewallPolicyId String

The ID of the Firewall Policy applied to this Firewall.

ipConfigurations List<Property Map>

An ip_configuration block as documented below.

location String

Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created.

managementIpConfiguration Property Map

A management_ip_configuration block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the subnet_id in an existing block forces a new resource to be created.

name String

Specifies the name of the Firewall. Changing this forces a new resource to be created.

privateIpRanges List<String>

A list of SNAT private CIDR IP ranges, or the special string IANAPrivateRanges, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918.

resourceGroupName String

The name of the resource group in which to create the resource. Changing this forces a new resource to be created.

skuName String

SKU name of the Firewall. Possible values are AZFW_Hub and AZFW_VNet. Changing this forces a new resource to be created.

skuTier String

SKU tier of the Firewall. Possible values are Premium and Standard. Changing this forces a new resource to be created.

tags Map<String>

A mapping of tags to assign to the resource.

threatIntelMode String

The operation mode for threat intelligence-based filtering. Possible values are: Off, Alert,Deny and ""(empty string). Defaults to Alert.

virtualHub Property Map

A virtual_hub block as documented below.

zones List<String>

Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created.

Supporting Types

FirewallIpConfiguration

Name string

Specifies the name of the IP Configuration.

PublicIpAddressId string

The ID of the Public IP Address associated with the firewall.

PrivateIpAddress string

The private IP address associated with the Firewall.

SubnetId string

Reference to the subnet associated with the IP Configuration.

Name string

Specifies the name of the IP Configuration.

PublicIpAddressId string

The ID of the Public IP Address associated with the firewall.

PrivateIpAddress string

The private IP address associated with the Firewall.

SubnetId string

Reference to the subnet associated with the IP Configuration.

name String

Specifies the name of the IP Configuration.

publicIpAddressId String

The ID of the Public IP Address associated with the firewall.

privateIpAddress String

The private IP address associated with the Firewall.

subnetId String

Reference to the subnet associated with the IP Configuration.

name string

Specifies the name of the IP Configuration.

publicIpAddressId string

The ID of the Public IP Address associated with the firewall.

privateIpAddress string

The private IP address associated with the Firewall.

subnetId string

Reference to the subnet associated with the IP Configuration.

name str

Specifies the name of the IP Configuration.

public_ip_address_id str

The ID of the Public IP Address associated with the firewall.

private_ip_address str

The private IP address associated with the Firewall.

subnet_id str

Reference to the subnet associated with the IP Configuration.

name String

Specifies the name of the IP Configuration.

publicIpAddressId String

The ID of the Public IP Address associated with the firewall.

privateIpAddress String

The private IP address associated with the Firewall.

subnetId String

Reference to the subnet associated with the IP Configuration.

FirewallManagementIpConfiguration

Name string

Specifies the name of the IP Configuration.

PublicIpAddressId string

The ID of the Public IP Address associated with the firewall.

SubnetId string

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

PrivateIpAddress string

The private IP address associated with the Firewall.

Name string

Specifies the name of the IP Configuration.

PublicIpAddressId string

The ID of the Public IP Address associated with the firewall.

SubnetId string

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

PrivateIpAddress string

The private IP address associated with the Firewall.

name String

Specifies the name of the IP Configuration.

publicIpAddressId String

The ID of the Public IP Address associated with the firewall.

subnetId String

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

privateIpAddress String

The private IP address associated with the Firewall.

name string

Specifies the name of the IP Configuration.

publicIpAddressId string

The ID of the Public IP Address associated with the firewall.

subnetId string

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

privateIpAddress string

The private IP address associated with the Firewall.

name str

Specifies the name of the IP Configuration.

public_ip_address_id str

The ID of the Public IP Address associated with the firewall.

subnet_id str

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

private_ip_address str

The private IP address associated with the Firewall.

name String

Specifies the name of the IP Configuration.

publicIpAddressId String

The ID of the Public IP Address associated with the firewall.

subnetId String

Reference to the subnet associated with the IP Configuration. Changing this forces a new resource to be created.

privateIpAddress String

The private IP address associated with the Firewall.

FirewallVirtualHub

VirtualHubId string

Specifies the ID of the Virtual Hub where the Firewall resides in.

PrivateIpAddress string

The private IP address associated with the Firewall.

PublicIpAddresses List<string>

The list of public IP addresses associated with the Firewall.

PublicIpCount int

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

VirtualHubId string

Specifies the ID of the Virtual Hub where the Firewall resides in.

PrivateIpAddress string

The private IP address associated with the Firewall.

PublicIpAddresses []string

The list of public IP addresses associated with the Firewall.

PublicIpCount int

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

virtualHubId String

Specifies the ID of the Virtual Hub where the Firewall resides in.

privateIpAddress String

The private IP address associated with the Firewall.

publicIpAddresses List<String>

The list of public IP addresses associated with the Firewall.

publicIpCount Integer

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

virtualHubId string

Specifies the ID of the Virtual Hub where the Firewall resides in.

privateIpAddress string

The private IP address associated with the Firewall.

publicIpAddresses string[]

The list of public IP addresses associated with the Firewall.

publicIpCount number

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

virtual_hub_id str

Specifies the ID of the Virtual Hub where the Firewall resides in.

private_ip_address str

The private IP address associated with the Firewall.

public_ip_addresses Sequence[str]

The list of public IP addresses associated with the Firewall.

public_ip_count int

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

virtualHubId String

Specifies the ID of the Virtual Hub where the Firewall resides in.

privateIpAddress String

The private IP address associated with the Firewall.

publicIpAddresses List<String>

The list of public IP addresses associated with the Firewall.

publicIpCount Number

Specifies the number of public IPs to assign to the Firewall. Defaults to 1.

Import

Azure Firewalls can be imported using the resource id, e.g.

 $ pulumi import azure:network/firewall:Firewall example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/azureFirewalls/testfirewall

Package Details

Repository
https://github.com/pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.