1. Packages
  2. Azure Classic
  3. API Docs
  4. network
  5. FirewallPolicy

We recommend using Azure Native.

Azure Classic v6.8.0 published on Monday, Nov 4, 2024 by Pulumi

azure.network.FirewallPolicy

Explore with Pulumi AI

azure logo

We recommend using Azure Native.

Azure Classic v6.8.0 published on Monday, Nov 4, 2024 by Pulumi

    Manages a Firewall Policy.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azure from "@pulumi/azure";
    
    const example = new azure.core.ResourceGroup("example", {
        name: "example-resources",
        location: "West Europe",
    });
    const exampleFirewallPolicy = new azure.network.FirewallPolicy("example", {
        name: "example-policy",
        resourceGroupName: example.name,
        location: example.location,
    });
    
    import pulumi
    import pulumi_azure as azure
    
    example = azure.core.ResourceGroup("example",
        name="example-resources",
        location="West Europe")
    example_firewall_policy = azure.network.FirewallPolicy("example",
        name="example-policy",
        resource_group_name=example.name,
        location=example.location)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
    	"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
    			Name:     pulumi.String("example-resources"),
    			Location: pulumi.String("West Europe"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = network.NewFirewallPolicy(ctx, "example", &network.FirewallPolicyArgs{
    			Name:              pulumi.String("example-policy"),
    			ResourceGroupName: example.Name,
    			Location:          example.Location,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Azure = Pulumi.Azure;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new Azure.Core.ResourceGroup("example", new()
        {
            Name = "example-resources",
            Location = "West Europe",
        });
    
        var exampleFirewallPolicy = new Azure.Network.FirewallPolicy("example", new()
        {
            Name = "example-policy",
            ResourceGroupName = example.Name,
            Location = example.Location,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azure.core.ResourceGroup;
    import com.pulumi.azure.core.ResourceGroupArgs;
    import com.pulumi.azure.network.FirewallPolicy;
    import com.pulumi.azure.network.FirewallPolicyArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new ResourceGroup("example", ResourceGroupArgs.builder()
                .name("example-resources")
                .location("West Europe")
                .build());
    
            var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
                .name("example-policy")
                .resourceGroupName(example.name())
                .location(example.location())
                .build());
    
        }
    }
    
    resources:
      example:
        type: azure:core:ResourceGroup
        properties:
          name: example-resources
          location: West Europe
      exampleFirewallPolicy:
        type: azure:network:FirewallPolicy
        name: example
        properties:
          name: example-policy
          resourceGroupName: ${example.name}
          location: ${example.location}
    

    Create FirewallPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallPolicy(resource_name: str,
                       args: FirewallPolicyArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def FirewallPolicy(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       resource_group_name: Optional[str] = None,
                       name: Optional[str] = None,
                       location: Optional[str] = None,
                       explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
                       identity: Optional[FirewallPolicyIdentityArgs] = None,
                       private_ip_ranges: Optional[Sequence[str]] = None,
                       intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                       dns: Optional[FirewallPolicyDnsArgs] = None,
                       auto_learn_private_ranges_enabled: Optional[bool] = None,
                       insights: Optional[FirewallPolicyInsightsArgs] = None,
                       base_policy_id: Optional[str] = None,
                       sku: Optional[str] = None,
                       sql_redirect_allowed: Optional[bool] = None,
                       tags: Optional[Mapping[str, str]] = None,
                       threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
                       threat_intelligence_mode: Optional[str] = None,
                       tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None)
    func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
    public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
    public FirewallPolicy(String name, FirewallPolicyArgs args)
    public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
    
    type: azure:network:FirewallPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var azureFirewallPolicyResource = new Azure.Network.FirewallPolicy("azureFirewallPolicyResource", new()
    {
        ResourceGroupName = "string",
        Name = "string",
        Location = "string",
        ExplicitProxy = new Azure.Network.Inputs.FirewallPolicyExplicitProxyArgs
        {
            EnablePacFile = false,
            Enabled = false,
            HttpPort = 0,
            HttpsPort = 0,
            PacFile = "string",
            PacFilePort = 0,
        },
        Identity = new Azure.Network.Inputs.FirewallPolicyIdentityArgs
        {
            Type = "string",
            IdentityIds = new[]
            {
                "string",
            },
            PrincipalId = "string",
            TenantId = "string",
        },
        PrivateIpRanges = new[]
        {
            "string",
        },
        IntrusionDetection = new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
        {
            Mode = "string",
            PrivateRanges = new[]
            {
                "string",
            },
            SignatureOverrides = new[]
            {
                new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureOverrideArgs
                {
                    Id = "string",
                    State = "string",
                },
            },
            TrafficBypasses = new[]
            {
                new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionTrafficBypassArgs
                {
                    Name = "string",
                    Protocol = "string",
                    Description = "string",
                    DestinationAddresses = new[]
                    {
                        "string",
                    },
                    DestinationIpGroups = new[]
                    {
                        "string",
                    },
                    DestinationPorts = new[]
                    {
                        "string",
                    },
                    SourceAddresses = new[]
                    {
                        "string",
                    },
                    SourceIpGroups = new[]
                    {
                        "string",
                    },
                },
            },
        },
        Dns = new Azure.Network.Inputs.FirewallPolicyDnsArgs
        {
            ProxyEnabled = false,
            Servers = new[]
            {
                "string",
            },
        },
        AutoLearnPrivateRangesEnabled = false,
        Insights = new Azure.Network.Inputs.FirewallPolicyInsightsArgs
        {
            DefaultLogAnalyticsWorkspaceId = "string",
            Enabled = false,
            LogAnalyticsWorkspaces = new[]
            {
                new Azure.Network.Inputs.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs
                {
                    FirewallLocation = "string",
                    Id = "string",
                },
            },
            RetentionInDays = 0,
        },
        BasePolicyId = "string",
        Sku = "string",
        SqlRedirectAllowed = false,
        Tags = 
        {
            { "string", "string" },
        },
        ThreatIntelligenceAllowlist = new Azure.Network.Inputs.FirewallPolicyThreatIntelligenceAllowlistArgs
        {
            Fqdns = new[]
            {
                "string",
            },
            IpAddresses = new[]
            {
                "string",
            },
        },
        ThreatIntelligenceMode = "string",
        TlsCertificate = new Azure.Network.Inputs.FirewallPolicyTlsCertificateArgs
        {
            KeyVaultSecretId = "string",
            Name = "string",
        },
    });
    
    example, err := network.NewFirewallPolicy(ctx, "azureFirewallPolicyResource", &network.FirewallPolicyArgs{
    	ResourceGroupName: pulumi.String("string"),
    	Name:              pulumi.String("string"),
    	Location:          pulumi.String("string"),
    	ExplicitProxy: &network.FirewallPolicyExplicitProxyArgs{
    		EnablePacFile: pulumi.Bool(false),
    		Enabled:       pulumi.Bool(false),
    		HttpPort:      pulumi.Int(0),
    		HttpsPort:     pulumi.Int(0),
    		PacFile:       pulumi.String("string"),
    		PacFilePort:   pulumi.Int(0),
    	},
    	Identity: &network.FirewallPolicyIdentityArgs{
    		Type: pulumi.String("string"),
    		IdentityIds: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		PrincipalId: pulumi.String("string"),
    		TenantId:    pulumi.String("string"),
    	},
    	PrivateIpRanges: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
    		Mode: pulumi.String("string"),
    		PrivateRanges: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureOverrideArray{
    			&network.FirewallPolicyIntrusionDetectionSignatureOverrideArgs{
    				Id:    pulumi.String("string"),
    				State: pulumi.String("string"),
    			},
    		},
    		TrafficBypasses: network.FirewallPolicyIntrusionDetectionTrafficBypassArray{
    			&network.FirewallPolicyIntrusionDetectionTrafficBypassArgs{
    				Name:        pulumi.String("string"),
    				Protocol:    pulumi.String("string"),
    				Description: pulumi.String("string"),
    				DestinationAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestinationIpGroups: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				DestinationPorts: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SourceAddresses: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    				SourceIpGroups: pulumi.StringArray{
    					pulumi.String("string"),
    				},
    			},
    		},
    	},
    	Dns: &network.FirewallPolicyDnsArgs{
    		ProxyEnabled: pulumi.Bool(false),
    		Servers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	AutoLearnPrivateRangesEnabled: pulumi.Bool(false),
    	Insights: &network.FirewallPolicyInsightsArgs{
    		DefaultLogAnalyticsWorkspaceId: pulumi.String("string"),
    		Enabled:                        pulumi.Bool(false),
    		LogAnalyticsWorkspaces: network.FirewallPolicyInsightsLogAnalyticsWorkspaceArray{
    			&network.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs{
    				FirewallLocation: pulumi.String("string"),
    				Id:               pulumi.String("string"),
    			},
    		},
    		RetentionInDays: pulumi.Int(0),
    	},
    	BasePolicyId:       pulumi.String("string"),
    	Sku:                pulumi.String("string"),
    	SqlRedirectAllowed: pulumi.Bool(false),
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ThreatIntelligenceAllowlist: &network.FirewallPolicyThreatIntelligenceAllowlistArgs{
    		Fqdns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		IpAddresses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	ThreatIntelligenceMode: pulumi.String("string"),
    	TlsCertificate: &network.FirewallPolicyTlsCertificateArgs{
    		KeyVaultSecretId: pulumi.String("string"),
    		Name:             pulumi.String("string"),
    	},
    })
    
    var azureFirewallPolicyResource = new FirewallPolicy("azureFirewallPolicyResource", FirewallPolicyArgs.builder()
        .resourceGroupName("string")
        .name("string")
        .location("string")
        .explicitProxy(FirewallPolicyExplicitProxyArgs.builder()
            .enablePacFile(false)
            .enabled(false)
            .httpPort(0)
            .httpsPort(0)
            .pacFile("string")
            .pacFilePort(0)
            .build())
        .identity(FirewallPolicyIdentityArgs.builder()
            .type("string")
            .identityIds("string")
            .principalId("string")
            .tenantId("string")
            .build())
        .privateIpRanges("string")
        .intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
            .mode("string")
            .privateRanges("string")
            .signatureOverrides(FirewallPolicyIntrusionDetectionSignatureOverrideArgs.builder()
                .id("string")
                .state("string")
                .build())
            .trafficBypasses(FirewallPolicyIntrusionDetectionTrafficBypassArgs.builder()
                .name("string")
                .protocol("string")
                .description("string")
                .destinationAddresses("string")
                .destinationIpGroups("string")
                .destinationPorts("string")
                .sourceAddresses("string")
                .sourceIpGroups("string")
                .build())
            .build())
        .dns(FirewallPolicyDnsArgs.builder()
            .proxyEnabled(false)
            .servers("string")
            .build())
        .autoLearnPrivateRangesEnabled(false)
        .insights(FirewallPolicyInsightsArgs.builder()
            .defaultLogAnalyticsWorkspaceId("string")
            .enabled(false)
            .logAnalyticsWorkspaces(FirewallPolicyInsightsLogAnalyticsWorkspaceArgs.builder()
                .firewallLocation("string")
                .id("string")
                .build())
            .retentionInDays(0)
            .build())
        .basePolicyId("string")
        .sku("string")
        .sqlRedirectAllowed(false)
        .tags(Map.of("string", "string"))
        .threatIntelligenceAllowlist(FirewallPolicyThreatIntelligenceAllowlistArgs.builder()
            .fqdns("string")
            .ipAddresses("string")
            .build())
        .threatIntelligenceMode("string")
        .tlsCertificate(FirewallPolicyTlsCertificateArgs.builder()
            .keyVaultSecretId("string")
            .name("string")
            .build())
        .build());
    
    azure_firewall_policy_resource = azure.network.FirewallPolicy("azureFirewallPolicyResource",
        resource_group_name="string",
        name="string",
        location="string",
        explicit_proxy={
            "enable_pac_file": False,
            "enabled": False,
            "http_port": 0,
            "https_port": 0,
            "pac_file": "string",
            "pac_file_port": 0,
        },
        identity={
            "type": "string",
            "identity_ids": ["string"],
            "principal_id": "string",
            "tenant_id": "string",
        },
        private_ip_ranges=["string"],
        intrusion_detection={
            "mode": "string",
            "private_ranges": ["string"],
            "signature_overrides": [{
                "id": "string",
                "state": "string",
            }],
            "traffic_bypasses": [{
                "name": "string",
                "protocol": "string",
                "description": "string",
                "destination_addresses": ["string"],
                "destination_ip_groups": ["string"],
                "destination_ports": ["string"],
                "source_addresses": ["string"],
                "source_ip_groups": ["string"],
            }],
        },
        dns={
            "proxy_enabled": False,
            "servers": ["string"],
        },
        auto_learn_private_ranges_enabled=False,
        insights={
            "default_log_analytics_workspace_id": "string",
            "enabled": False,
            "log_analytics_workspaces": [{
                "firewall_location": "string",
                "id": "string",
            }],
            "retention_in_days": 0,
        },
        base_policy_id="string",
        sku="string",
        sql_redirect_allowed=False,
        tags={
            "string": "string",
        },
        threat_intelligence_allowlist={
            "fqdns": ["string"],
            "ip_addresses": ["string"],
        },
        threat_intelligence_mode="string",
        tls_certificate={
            "key_vault_secret_id": "string",
            "name": "string",
        })
    
    const azureFirewallPolicyResource = new azure.network.FirewallPolicy("azureFirewallPolicyResource", {
        resourceGroupName: "string",
        name: "string",
        location: "string",
        explicitProxy: {
            enablePacFile: false,
            enabled: false,
            httpPort: 0,
            httpsPort: 0,
            pacFile: "string",
            pacFilePort: 0,
        },
        identity: {
            type: "string",
            identityIds: ["string"],
            principalId: "string",
            tenantId: "string",
        },
        privateIpRanges: ["string"],
        intrusionDetection: {
            mode: "string",
            privateRanges: ["string"],
            signatureOverrides: [{
                id: "string",
                state: "string",
            }],
            trafficBypasses: [{
                name: "string",
                protocol: "string",
                description: "string",
                destinationAddresses: ["string"],
                destinationIpGroups: ["string"],
                destinationPorts: ["string"],
                sourceAddresses: ["string"],
                sourceIpGroups: ["string"],
            }],
        },
        dns: {
            proxyEnabled: false,
            servers: ["string"],
        },
        autoLearnPrivateRangesEnabled: false,
        insights: {
            defaultLogAnalyticsWorkspaceId: "string",
            enabled: false,
            logAnalyticsWorkspaces: [{
                firewallLocation: "string",
                id: "string",
            }],
            retentionInDays: 0,
        },
        basePolicyId: "string",
        sku: "string",
        sqlRedirectAllowed: false,
        tags: {
            string: "string",
        },
        threatIntelligenceAllowlist: {
            fqdns: ["string"],
            ipAddresses: ["string"],
        },
        threatIntelligenceMode: "string",
        tlsCertificate: {
            keyVaultSecretId: "string",
            name: "string",
        },
    });
    
    type: azure:network:FirewallPolicy
    properties:
        autoLearnPrivateRangesEnabled: false
        basePolicyId: string
        dns:
            proxyEnabled: false
            servers:
                - string
        explicitProxy:
            enablePacFile: false
            enabled: false
            httpPort: 0
            httpsPort: 0
            pacFile: string
            pacFilePort: 0
        identity:
            identityIds:
                - string
            principalId: string
            tenantId: string
            type: string
        insights:
            defaultLogAnalyticsWorkspaceId: string
            enabled: false
            logAnalyticsWorkspaces:
                - firewallLocation: string
                  id: string
            retentionInDays: 0
        intrusionDetection:
            mode: string
            privateRanges:
                - string
            signatureOverrides:
                - id: string
                  state: string
            trafficBypasses:
                - description: string
                  destinationAddresses:
                    - string
                  destinationIpGroups:
                    - string
                  destinationPorts:
                    - string
                  name: string
                  protocol: string
                  sourceAddresses:
                    - string
                  sourceIpGroups:
                    - string
        location: string
        name: string
        privateIpRanges:
            - string
        resourceGroupName: string
        sku: string
        sqlRedirectAllowed: false
        tags:
            string: string
        threatIntelligenceAllowlist:
            fqdns:
                - string
            ipAddresses:
                - string
        threatIntelligenceMode: string
        tlsCertificate:
            keyVaultSecretId: string
            name: string
    

    FirewallPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FirewallPolicy resource accepts the following input properties:

    ResourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    AutoLearnPrivateRangesEnabled bool
    Whether enable auto learn private ip range.
    BasePolicyId string
    The ID of the base Firewall Policy.
    Dns FirewallPolicyDns
    A dns block as defined below.
    ExplicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    Identity FirewallPolicyIdentity
    An identity block as defined below.
    Insights FirewallPolicyInsights
    An insights block as defined below.
    IntrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    Location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    Name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    PrivateIpRanges List<string>
    A list of private IP ranges to which traffic will not be SNAT.
    Sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    SqlRedirectAllowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Firewall Policy.
    ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    ThreatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    TlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    ResourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    AutoLearnPrivateRangesEnabled bool
    Whether enable auto learn private ip range.
    BasePolicyId string
    The ID of the base Firewall Policy.
    Dns FirewallPolicyDnsArgs
    A dns block as defined below.
    ExplicitProxy FirewallPolicyExplicitProxyArgs
    A explicit_proxy block as defined below.
    Identity FirewallPolicyIdentityArgs
    An identity block as defined below.
    Insights FirewallPolicyInsightsArgs
    An insights block as defined below.
    IntrusionDetection FirewallPolicyIntrusionDetectionArgs
    A intrusion_detection block as defined below.
    Location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    Name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    PrivateIpRanges []string
    A list of private IP ranges to which traffic will not be SNAT.
    Sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    SqlRedirectAllowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    Tags map[string]string
    A mapping of tags which should be assigned to the Firewall Policy.
    ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlistArgs
    A threat_intelligence_allowlist block as defined below.
    ThreatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    TlsCertificate FirewallPolicyTlsCertificateArgs
    A tls_certificate block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    autoLearnPrivateRangesEnabled Boolean
    Whether enable auto learn private ip range.
    basePolicyId String
    The ID of the base Firewall Policy.
    dns FirewallPolicyDns
    A dns block as defined below.
    explicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    identity FirewallPolicyIdentity
    An identity block as defined below.
    insights FirewallPolicyInsights
    An insights block as defined below.
    intrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    location String
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name String
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges List<String>
    A list of private IP ranges to which traffic will not be SNAT.
    sku String
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed Boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode String
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    resourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    autoLearnPrivateRangesEnabled boolean
    Whether enable auto learn private ip range.
    basePolicyId string
    The ID of the base Firewall Policy.
    dns FirewallPolicyDns
    A dns block as defined below.
    explicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    identity FirewallPolicyIdentity
    An identity block as defined below.
    insights FirewallPolicyInsights
    An insights block as defined below.
    intrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges string[]
    A list of private IP ranges to which traffic will not be SNAT.
    sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    resource_group_name str
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    auto_learn_private_ranges_enabled bool
    Whether enable auto learn private ip range.
    base_policy_id str
    The ID of the base Firewall Policy.
    dns FirewallPolicyDnsArgs
    A dns block as defined below.
    explicit_proxy FirewallPolicyExplicitProxyArgs
    A explicit_proxy block as defined below.
    identity FirewallPolicyIdentityArgs
    An identity block as defined below.
    insights FirewallPolicyInsightsArgs
    An insights block as defined below.
    intrusion_detection FirewallPolicyIntrusionDetectionArgs
    A intrusion_detection block as defined below.
    location str
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name str
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    private_ip_ranges Sequence[str]
    A list of private IP ranges to which traffic will not be SNAT.
    sku str
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sql_redirect_allowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Firewall Policy.
    threat_intelligence_allowlist FirewallPolicyThreatIntelligenceAllowlistArgs
    A threat_intelligence_allowlist block as defined below.
    threat_intelligence_mode str
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tls_certificate FirewallPolicyTlsCertificateArgs
    A tls_certificate block as defined below.
    resourceGroupName String
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    autoLearnPrivateRangesEnabled Boolean
    Whether enable auto learn private ip range.
    basePolicyId String
    The ID of the base Firewall Policy.
    dns Property Map
    A dns block as defined below.
    explicitProxy Property Map
    A explicit_proxy block as defined below.
    identity Property Map
    An identity block as defined below.
    insights Property Map
    An insights block as defined below.
    intrusionDetection Property Map
    A intrusion_detection block as defined below.
    location String
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name String
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges List<String>
    A list of private IP ranges to which traffic will not be SNAT.
    sku String
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed Boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Map<String>
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist Property Map
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode String
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate Property Map
    A tls_certificate block as defined below.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

    ChildPolicies List<string>
    A list of reference to child Firewall Policies of this Firewall Policy.
    Firewalls List<string>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleCollectionGroups List<string>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    ChildPolicies []string
    A list of reference to child Firewall Policies of this Firewall Policy.
    Firewalls []string
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    Id string
    The provider-assigned unique ID for this managed resource.
    RuleCollectionGroups []string
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    childPolicies List<String>
    A list of reference to child Firewall Policies of this Firewall Policy.
    firewalls List<String>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    id String
    The provider-assigned unique ID for this managed resource.
    ruleCollectionGroups List<String>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    childPolicies string[]
    A list of reference to child Firewall Policies of this Firewall Policy.
    firewalls string[]
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    id string
    The provider-assigned unique ID for this managed resource.
    ruleCollectionGroups string[]
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    child_policies Sequence[str]
    A list of reference to child Firewall Policies of this Firewall Policy.
    firewalls Sequence[str]
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    id str
    The provider-assigned unique ID for this managed resource.
    rule_collection_groups Sequence[str]
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    childPolicies List<String>
    A list of reference to child Firewall Policies of this Firewall Policy.
    firewalls List<String>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    id String
    The provider-assigned unique ID for this managed resource.
    ruleCollectionGroups List<String>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

    Look up Existing FirewallPolicy Resource

    Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            auto_learn_private_ranges_enabled: Optional[bool] = None,
            base_policy_id: Optional[str] = None,
            child_policies: Optional[Sequence[str]] = None,
            dns: Optional[FirewallPolicyDnsArgs] = None,
            explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
            firewalls: Optional[Sequence[str]] = None,
            identity: Optional[FirewallPolicyIdentityArgs] = None,
            insights: Optional[FirewallPolicyInsightsArgs] = None,
            intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
            location: Optional[str] = None,
            name: Optional[str] = None,
            private_ip_ranges: Optional[Sequence[str]] = None,
            resource_group_name: Optional[str] = None,
            rule_collection_groups: Optional[Sequence[str]] = None,
            sku: Optional[str] = None,
            sql_redirect_allowed: Optional[bool] = None,
            tags: Optional[Mapping[str, str]] = None,
            threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
            threat_intelligence_mode: Optional[str] = None,
            tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None) -> FirewallPolicy
    func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
    public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
    public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AutoLearnPrivateRangesEnabled bool
    Whether enable auto learn private ip range.
    BasePolicyId string
    The ID of the base Firewall Policy.
    ChildPolicies List<string>
    A list of reference to child Firewall Policies of this Firewall Policy.
    Dns FirewallPolicyDns
    A dns block as defined below.
    ExplicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    Firewalls List<string>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    Identity FirewallPolicyIdentity
    An identity block as defined below.
    Insights FirewallPolicyInsights
    An insights block as defined below.
    IntrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    Location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    Name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    PrivateIpRanges List<string>
    A list of private IP ranges to which traffic will not be SNAT.
    ResourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    RuleCollectionGroups List<string>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    Sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    SqlRedirectAllowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    Tags Dictionary<string, string>
    A mapping of tags which should be assigned to the Firewall Policy.
    ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    ThreatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    TlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    AutoLearnPrivateRangesEnabled bool
    Whether enable auto learn private ip range.
    BasePolicyId string
    The ID of the base Firewall Policy.
    ChildPolicies []string
    A list of reference to child Firewall Policies of this Firewall Policy.
    Dns FirewallPolicyDnsArgs
    A dns block as defined below.
    ExplicitProxy FirewallPolicyExplicitProxyArgs
    A explicit_proxy block as defined below.
    Firewalls []string
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    Identity FirewallPolicyIdentityArgs
    An identity block as defined below.
    Insights FirewallPolicyInsightsArgs
    An insights block as defined below.
    IntrusionDetection FirewallPolicyIntrusionDetectionArgs
    A intrusion_detection block as defined below.
    Location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    Name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    PrivateIpRanges []string
    A list of private IP ranges to which traffic will not be SNAT.
    ResourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    RuleCollectionGroups []string
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    Sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    SqlRedirectAllowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    Tags map[string]string
    A mapping of tags which should be assigned to the Firewall Policy.
    ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlistArgs
    A threat_intelligence_allowlist block as defined below.
    ThreatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    TlsCertificate FirewallPolicyTlsCertificateArgs
    A tls_certificate block as defined below.
    autoLearnPrivateRangesEnabled Boolean
    Whether enable auto learn private ip range.
    basePolicyId String
    The ID of the base Firewall Policy.
    childPolicies List<String>
    A list of reference to child Firewall Policies of this Firewall Policy.
    dns FirewallPolicyDns
    A dns block as defined below.
    explicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    firewalls List<String>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    identity FirewallPolicyIdentity
    An identity block as defined below.
    insights FirewallPolicyInsights
    An insights block as defined below.
    intrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    location String
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name String
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges List<String>
    A list of private IP ranges to which traffic will not be SNAT.
    resourceGroupName String
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    ruleCollectionGroups List<String>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    sku String
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed Boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Map<String,String>
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode String
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    autoLearnPrivateRangesEnabled boolean
    Whether enable auto learn private ip range.
    basePolicyId string
    The ID of the base Firewall Policy.
    childPolicies string[]
    A list of reference to child Firewall Policies of this Firewall Policy.
    dns FirewallPolicyDns
    A dns block as defined below.
    explicitProxy FirewallPolicyExplicitProxy
    A explicit_proxy block as defined below.
    firewalls string[]
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    identity FirewallPolicyIdentity
    An identity block as defined below.
    insights FirewallPolicyInsights
    An insights block as defined below.
    intrusionDetection FirewallPolicyIntrusionDetection
    A intrusion_detection block as defined below.
    location string
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name string
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges string[]
    A list of private IP ranges to which traffic will not be SNAT.
    resourceGroupName string
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    ruleCollectionGroups string[]
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    sku string
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags {[key: string]: string}
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode string
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate FirewallPolicyTlsCertificate
    A tls_certificate block as defined below.
    auto_learn_private_ranges_enabled bool
    Whether enable auto learn private ip range.
    base_policy_id str
    The ID of the base Firewall Policy.
    child_policies Sequence[str]
    A list of reference to child Firewall Policies of this Firewall Policy.
    dns FirewallPolicyDnsArgs
    A dns block as defined below.
    explicit_proxy FirewallPolicyExplicitProxyArgs
    A explicit_proxy block as defined below.
    firewalls Sequence[str]
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    identity FirewallPolicyIdentityArgs
    An identity block as defined below.
    insights FirewallPolicyInsightsArgs
    An insights block as defined below.
    intrusion_detection FirewallPolicyIntrusionDetectionArgs
    A intrusion_detection block as defined below.
    location str
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name str
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    private_ip_ranges Sequence[str]
    A list of private IP ranges to which traffic will not be SNAT.
    resource_group_name str
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    rule_collection_groups Sequence[str]
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    sku str
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sql_redirect_allowed bool
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Mapping[str, str]
    A mapping of tags which should be assigned to the Firewall Policy.
    threat_intelligence_allowlist FirewallPolicyThreatIntelligenceAllowlistArgs
    A threat_intelligence_allowlist block as defined below.
    threat_intelligence_mode str
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tls_certificate FirewallPolicyTlsCertificateArgs
    A tls_certificate block as defined below.
    autoLearnPrivateRangesEnabled Boolean
    Whether enable auto learn private ip range.
    basePolicyId String
    The ID of the base Firewall Policy.
    childPolicies List<String>
    A list of reference to child Firewall Policies of this Firewall Policy.
    dns Property Map
    A dns block as defined below.
    explicitProxy Property Map
    A explicit_proxy block as defined below.
    firewalls List<String>
    A list of references to Azure Firewalls that this Firewall Policy is associated with.
    identity Property Map
    An identity block as defined below.
    insights Property Map
    An insights block as defined below.
    intrusionDetection Property Map
    A intrusion_detection block as defined below.
    location String
    The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    name String
    The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
    privateIpRanges List<String>
    A list of private IP ranges to which traffic will not be SNAT.
    resourceGroupName String
    The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
    ruleCollectionGroups List<String>
    A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
    sku String
    The SKU Tier of the Firewall Policy. Possible values are Standard, Premium and Basic. Defaults to Standard. Changing this forces a new Firewall Policy to be created.
    sqlRedirectAllowed Boolean
    Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between 11000-11999.
    tags Map<String>
    A mapping of tags which should be assigned to the Firewall Policy.
    threatIntelligenceAllowlist Property Map
    A threat_intelligence_allowlist block as defined below.
    threatIntelligenceMode String
    The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
    tlsCertificate Property Map
    A tls_certificate block as defined below.

    Supporting Types

    FirewallPolicyDns, FirewallPolicyDnsArgs

    ProxyEnabled bool
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    Servers List<string>
    A list of custom DNS servers' IP addresses.
    ProxyEnabled bool
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    Servers []string
    A list of custom DNS servers' IP addresses.
    proxyEnabled Boolean
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    servers List<String>
    A list of custom DNS servers' IP addresses.
    proxyEnabled boolean
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    servers string[]
    A list of custom DNS servers' IP addresses.
    proxy_enabled bool
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    servers Sequence[str]
    A list of custom DNS servers' IP addresses.
    proxyEnabled Boolean
    Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
    servers List<String>
    A list of custom DNS servers' IP addresses.

    FirewallPolicyExplicitProxy, FirewallPolicyExplicitProxyArgs

    EnablePacFile bool
    Whether the pac file port and url need to be provided.
    Enabled bool
    Whether the explicit proxy is enabled for this Firewall Policy.
    HttpPort int
    The port number for explicit http protocol.
    HttpsPort int
    The port number for explicit proxy https protocol.
    PacFile string
    Specifies a SAS URL for PAC file.
    PacFilePort int
    Specifies a port number for firewall to serve PAC file.
    EnablePacFile bool
    Whether the pac file port and url need to be provided.
    Enabled bool
    Whether the explicit proxy is enabled for this Firewall Policy.
    HttpPort int
    The port number for explicit http protocol.
    HttpsPort int
    The port number for explicit proxy https protocol.
    PacFile string
    Specifies a SAS URL for PAC file.
    PacFilePort int
    Specifies a port number for firewall to serve PAC file.
    enablePacFile Boolean
    Whether the pac file port and url need to be provided.
    enabled Boolean
    Whether the explicit proxy is enabled for this Firewall Policy.
    httpPort Integer
    The port number for explicit http protocol.
    httpsPort Integer
    The port number for explicit proxy https protocol.
    pacFile String
    Specifies a SAS URL for PAC file.
    pacFilePort Integer
    Specifies a port number for firewall to serve PAC file.
    enablePacFile boolean
    Whether the pac file port and url need to be provided.
    enabled boolean
    Whether the explicit proxy is enabled for this Firewall Policy.
    httpPort number
    The port number for explicit http protocol.
    httpsPort number
    The port number for explicit proxy https protocol.
    pacFile string
    Specifies a SAS URL for PAC file.
    pacFilePort number
    Specifies a port number for firewall to serve PAC file.
    enable_pac_file bool
    Whether the pac file port and url need to be provided.
    enabled bool
    Whether the explicit proxy is enabled for this Firewall Policy.
    http_port int
    The port number for explicit http protocol.
    https_port int
    The port number for explicit proxy https protocol.
    pac_file str
    Specifies a SAS URL for PAC file.
    pac_file_port int
    Specifies a port number for firewall to serve PAC file.
    enablePacFile Boolean
    Whether the pac file port and url need to be provided.
    enabled Boolean
    Whether the explicit proxy is enabled for this Firewall Policy.
    httpPort Number
    The port number for explicit http protocol.
    httpsPort Number
    The port number for explicit proxy https protocol.
    pacFile String
    Specifies a SAS URL for PAC file.
    pacFilePort Number
    Specifies a port number for firewall to serve PAC file.

    FirewallPolicyIdentity, FirewallPolicyIdentityArgs

    Type string
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    IdentityIds List<string>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    PrincipalId string
    TenantId string
    Type string
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    IdentityIds []string
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    PrincipalId string
    TenantId string
    type String
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    identityIds List<String>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    principalId String
    tenantId String
    type string
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    identityIds string[]
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    principalId string
    tenantId string
    type str
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    identity_ids Sequence[str]
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    principal_id str
    tenant_id str
    type String
    Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is UserAssigned.
    identityIds List<String>
    Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
    principalId String
    tenantId String

    FirewallPolicyInsights, FirewallPolicyInsightsArgs

    DefaultLogAnalyticsWorkspaceId string
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    Enabled bool
    Whether the insights functionality is enabled for this Firewall Policy.
    LogAnalyticsWorkspaces List<FirewallPolicyInsightsLogAnalyticsWorkspace>
    A list of log_analytics_workspace block as defined below.
    RetentionInDays int
    The log retention period in days.
    DefaultLogAnalyticsWorkspaceId string
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    Enabled bool
    Whether the insights functionality is enabled for this Firewall Policy.
    LogAnalyticsWorkspaces []FirewallPolicyInsightsLogAnalyticsWorkspace
    A list of log_analytics_workspace block as defined below.
    RetentionInDays int
    The log retention period in days.
    defaultLogAnalyticsWorkspaceId String
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    enabled Boolean
    Whether the insights functionality is enabled for this Firewall Policy.
    logAnalyticsWorkspaces List<FirewallPolicyInsightsLogAnalyticsWorkspace>
    A list of log_analytics_workspace block as defined below.
    retentionInDays Integer
    The log retention period in days.
    defaultLogAnalyticsWorkspaceId string
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    enabled boolean
    Whether the insights functionality is enabled for this Firewall Policy.
    logAnalyticsWorkspaces FirewallPolicyInsightsLogAnalyticsWorkspace[]
    A list of log_analytics_workspace block as defined below.
    retentionInDays number
    The log retention period in days.
    default_log_analytics_workspace_id str
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    enabled bool
    Whether the insights functionality is enabled for this Firewall Policy.
    log_analytics_workspaces Sequence[FirewallPolicyInsightsLogAnalyticsWorkspace]
    A list of log_analytics_workspace block as defined below.
    retention_in_days int
    The log retention period in days.
    defaultLogAnalyticsWorkspaceId String
    The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
    enabled Boolean
    Whether the insights functionality is enabled for this Firewall Policy.
    logAnalyticsWorkspaces List<Property Map>
    A list of log_analytics_workspace block as defined below.
    retentionInDays Number
    The log retention period in days.

    FirewallPolicyInsightsLogAnalyticsWorkspace, FirewallPolicyInsightsLogAnalyticsWorkspaceArgs

    FirewallLocation string
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    Id string
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.
    FirewallLocation string
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    Id string
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.
    firewallLocation String
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    id String
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.
    firewallLocation string
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    id string
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.
    firewall_location str
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    id str
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.
    firewallLocation String
    The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
    id String
    The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

    FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

    Mode string
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    PrivateRanges List<string>
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    SignatureOverrides List<FirewallPolicyIntrusionDetectionSignatureOverride>
    One or more signature_overrides blocks as defined below.
    TrafficBypasses List<FirewallPolicyIntrusionDetectionTrafficBypass>
    One or more traffic_bypass blocks as defined below.
    Mode string
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    PrivateRanges []string
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureOverride
    One or more signature_overrides blocks as defined below.
    TrafficBypasses []FirewallPolicyIntrusionDetectionTrafficBypass
    One or more traffic_bypass blocks as defined below.
    mode String
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    privateRanges List<String>
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureOverride>
    One or more signature_overrides blocks as defined below.
    trafficBypasses List<FirewallPolicyIntrusionDetectionTrafficBypass>
    One or more traffic_bypass blocks as defined below.
    mode string
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    privateRanges string[]
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    signatureOverrides FirewallPolicyIntrusionDetectionSignatureOverride[]
    One or more signature_overrides blocks as defined below.
    trafficBypasses FirewallPolicyIntrusionDetectionTrafficBypass[]
    One or more traffic_bypass blocks as defined below.
    mode str
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    private_ranges Sequence[str]
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureOverride]
    One or more signature_overrides blocks as defined below.
    traffic_bypasses Sequence[FirewallPolicyIntrusionDetectionTrafficBypass]
    One or more traffic_bypass blocks as defined below.
    mode String
    In which mode you want to run intrusion detection: Off, Alert or Deny.
    privateRanges List<String>
    A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
    signatureOverrides List<Property Map>
    One or more signature_overrides blocks as defined below.
    trafficBypasses List<Property Map>
    One or more traffic_bypass blocks as defined below.

    FirewallPolicyIntrusionDetectionSignatureOverride, FirewallPolicyIntrusionDetectionSignatureOverrideArgs

    Id string
    12-digit number (id) which identifies your signature.
    State string
    state can be any of Off, Alert or Deny.
    Id string
    12-digit number (id) which identifies your signature.
    State string
    state can be any of Off, Alert or Deny.
    id String
    12-digit number (id) which identifies your signature.
    state String
    state can be any of Off, Alert or Deny.
    id string
    12-digit number (id) which identifies your signature.
    state string
    state can be any of Off, Alert or Deny.
    id str
    12-digit number (id) which identifies your signature.
    state str
    state can be any of Off, Alert or Deny.
    id String
    12-digit number (id) which identifies your signature.
    state String
    state can be any of Off, Alert or Deny.

    FirewallPolicyIntrusionDetectionTrafficBypass, FirewallPolicyIntrusionDetectionTrafficBypassArgs

    Name string
    The name which should be used for this bypass traffic setting.
    Protocol string
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    Description string
    The description for this bypass traffic setting.
    DestinationAddresses List<string>
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    DestinationIpGroups List<string>
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    DestinationPorts List<string>
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    SourceAddresses List<string>
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    SourceIpGroups List<string>
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.
    Name string
    The name which should be used for this bypass traffic setting.
    Protocol string
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    Description string
    The description for this bypass traffic setting.
    DestinationAddresses []string
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    DestinationIpGroups []string
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    DestinationPorts []string
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    SourceAddresses []string
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    SourceIpGroups []string
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.
    name String
    The name which should be used for this bypass traffic setting.
    protocol String
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    description String
    The description for this bypass traffic setting.
    destinationAddresses List<String>
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    destinationIpGroups List<String>
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    destinationPorts List<String>
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    sourceAddresses List<String>
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    sourceIpGroups List<String>
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.
    name string
    The name which should be used for this bypass traffic setting.
    protocol string
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    description string
    The description for this bypass traffic setting.
    destinationAddresses string[]
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    destinationIpGroups string[]
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    destinationPorts string[]
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    sourceAddresses string[]
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    sourceIpGroups string[]
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.
    name str
    The name which should be used for this bypass traffic setting.
    protocol str
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    description str
    The description for this bypass traffic setting.
    destination_addresses Sequence[str]
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    destination_ip_groups Sequence[str]
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    destination_ports Sequence[str]
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    source_addresses Sequence[str]
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    source_ip_groups Sequence[str]
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.
    name String
    The name which should be used for this bypass traffic setting.
    protocol String
    The protocols any of ANY, TCP, ICMP, UDP that shall be bypassed by intrusion detection.
    description String
    The description for this bypass traffic setting.
    destinationAddresses List<String>
    Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
    destinationIpGroups List<String>
    Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
    destinationPorts List<String>
    Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
    sourceAddresses List<String>
    Specifies a list of source addresses that shall be bypassed by intrusion detection.
    sourceIpGroups List<String>
    Specifies a list of source IP groups that shall be bypassed by intrusion detection.

    FirewallPolicyThreatIntelligenceAllowlist, FirewallPolicyThreatIntelligenceAllowlistArgs

    Fqdns List<string>
    A list of FQDNs that will be skipped for threat detection.
    IpAddresses List<string>
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.
    Fqdns []string
    A list of FQDNs that will be skipped for threat detection.
    IpAddresses []string
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.
    fqdns List<String>
    A list of FQDNs that will be skipped for threat detection.
    ipAddresses List<String>
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.
    fqdns string[]
    A list of FQDNs that will be skipped for threat detection.
    ipAddresses string[]
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.
    fqdns Sequence[str]
    A list of FQDNs that will be skipped for threat detection.
    ip_addresses Sequence[str]
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.
    fqdns List<String>
    A list of FQDNs that will be skipped for threat detection.
    ipAddresses List<String>
    A list of IP addresses or CIDR ranges that will be skipped for threat detection.

    FirewallPolicyTlsCertificate, FirewallPolicyTlsCertificateArgs

    KeyVaultSecretId string
    The ID of the Key Vault, where the secret or certificate is stored.
    Name string
    The name of the certificate.
    KeyVaultSecretId string
    The ID of the Key Vault, where the secret or certificate is stored.
    Name string
    The name of the certificate.
    keyVaultSecretId String
    The ID of the Key Vault, where the secret or certificate is stored.
    name String
    The name of the certificate.
    keyVaultSecretId string
    The ID of the Key Vault, where the secret or certificate is stored.
    name string
    The name of the certificate.
    key_vault_secret_id str
    The ID of the Key Vault, where the secret or certificate is stored.
    name str
    The name of the certificate.
    keyVaultSecretId String
    The ID of the Key Vault, where the secret or certificate is stored.
    name String
    The name of the certificate.

    Import

    Firewall Policies can be imported using the resource id, e.g.

    $ pulumi import azure:network/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/firewallPolicies/policy1
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Classic pulumi/pulumi-azure
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azurerm Terraform Provider.
    azure logo

    We recommend using Azure Native.

    Azure Classic v6.8.0 published on Monday, Nov 4, 2024 by Pulumi