We recommend using Azure Native.
azure.network.FirewallPolicy
Explore with Pulumi AI
Manages a Firewall Policy.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var exampleResourceGroup = new Azure.Core.ResourceGroup("exampleResourceGroup", new()
{
Location = "West Europe",
});
var exampleFirewallPolicy = new Azure.Network.FirewallPolicy("exampleFirewallPolicy", new()
{
ResourceGroupName = exampleResourceGroup.Name,
Location = exampleResourceGroup.Location,
});
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleResourceGroup, err := core.NewResourceGroup(ctx, "exampleResourceGroup", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = network.NewFirewallPolicy(ctx, "exampleFirewallPolicy", &network.FirewallPolicyArgs{
ResourceGroupName: exampleResourceGroup.Name,
Location: exampleResourceGroup.Location,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.FirewallPolicy;
import com.pulumi.azure.network.FirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.build());
}
}
import pulumi
import pulumi_azure as azure
example_resource_group = azure.core.ResourceGroup("exampleResourceGroup", location="West Europe")
example_firewall_policy = azure.network.FirewallPolicy("exampleFirewallPolicy",
resource_group_name=example_resource_group.name,
location=example_resource_group.location)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const exampleResourceGroup = new azure.core.ResourceGroup("exampleResourceGroup", {location: "West Europe"});
const exampleFirewallPolicy = new azure.network.FirewallPolicy("exampleFirewallPolicy", {
resourceGroupName: exampleResourceGroup.name,
location: exampleResourceGroup.location,
});
resources:
exampleResourceGroup:
type: azure:core:ResourceGroup
properties:
location: West Europe
exampleFirewallPolicy:
type: azure:network:FirewallPolicy
properties:
resourceGroupName: ${exampleResourceGroup.name}
location: ${exampleResourceGroup.location}
Create FirewallPolicy Resource
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
auto_learn_private_ranges_enabled: Optional[bool] = None,
base_policy_id: Optional[str] = None,
dns: Optional[FirewallPolicyDnsArgs] = None,
explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
identity: Optional[FirewallPolicyIdentityArgs] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
resource_group_name: Optional[str] = None,
sku: Optional[str] = None,
sql_redirect_allowed: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
threat_intelligence_mode: Optional[str] = None,
tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None)
@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure:network:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The FirewallPolicy resource accepts the following input properties:
- Resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Auto
Learn boolPrivate Ranges Enabled Whether enable auto learn private ip range.
- Base
Policy stringId The ID of the base Firewall Policy.
- Dns
Firewall
Policy Dns A
dns
block as defined below.- Explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- Identity
Firewall
Policy Identity An
identity
block as defined below.- Insights
Firewall
Policy Insights An
insights
block as defined below.- Intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- Location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip List<string>Ranges A list of private IP ranges to which traffic will not be SNAT.
- Sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- Sql
Redirect boolAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Dictionary<string, string>
A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- Threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- Tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- Resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Auto
Learn boolPrivate Ranges Enabled Whether enable auto learn private ip range.
- Base
Policy stringId The ID of the base Firewall Policy.
- Dns
Firewall
Policy Dns Args A
dns
block as defined below.- Explicit
Proxy FirewallPolicy Explicit Proxy Args A
explicit_proxy
block as defined below.- Identity
Firewall
Policy Identity Args An
identity
block as defined below.- Insights
Firewall
Policy Insights Args An
insights
block as defined below.- Intrusion
Detection FirewallPolicy Intrusion Detection Args A
intrusion_detection
block as defined below.- Location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip []stringRanges A list of private IP ranges to which traffic will not be SNAT.
- Sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- Sql
Redirect boolAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- map[string]string
A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist Args A
threat_intelligence_allowlist
block as defined below.- Threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- Tls
Certificate FirewallPolicy Tls Certificate Args A
tls_certificate
block as defined below.
- resource
Group StringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn BooleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy StringId The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns A
dns
block as defined below.- explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- identity
Firewall
Policy Identity An
identity
block as defined below.- insights
Firewall
Policy Insights An
insights
block as defined below.- intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- location String
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges A list of private IP ranges to which traffic will not be SNAT.
- sku String
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect BooleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Map<String,String>
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence StringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn booleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy stringId The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns A
dns
block as defined below.- explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- identity
Firewall
Policy Identity An
identity
block as defined below.- insights
Firewall
Policy Insights An
insights
block as defined below.- intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip string[]Ranges A list of private IP ranges to which traffic will not be SNAT.
- sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect booleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- {[key: string]: string}
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- resource_
group_ strname The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto_
learn_ boolprivate_ ranges_ enabled Whether enable auto learn private ip range.
- base_
policy_ strid The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns Args A
dns
block as defined below.- explicit_
proxy FirewallPolicy Explicit Proxy Args A
explicit_proxy
block as defined below.- identity
Firewall
Policy Identity Args An
identity
block as defined below.- insights
Firewall
Policy Insights Args An
insights
block as defined below.- intrusion_
detection FirewallPolicy Intrusion Detection Args A
intrusion_detection
block as defined below.- location str
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name str
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private_
ip_ Sequence[str]ranges A list of private IP ranges to which traffic will not be SNAT.
- sku str
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql_
redirect_ boolallowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Mapping[str, str]
A mapping of tags which should be assigned to the Firewall Policy.
- threat_
intelligence_ Firewallallowlist Policy Threat Intelligence Allowlist Args A
threat_intelligence_allowlist
block as defined below.- threat_
intelligence_ strmode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls_
certificate FirewallPolicy Tls Certificate Args A
tls_certificate
block as defined below.
- resource
Group StringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn BooleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy StringId The ID of the base Firewall Policy.
- dns Property Map
A
dns
block as defined below.- explicit
Proxy Property Map A
explicit_proxy
block as defined below.- identity Property Map
An
identity
block as defined below.- insights Property Map
An
insights
block as defined below.- intrusion
Detection Property Map A
intrusion_detection
block as defined below.- location String
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges A list of private IP ranges to which traffic will not be SNAT.
- sku String
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect BooleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Map<String>
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence Property MapAllowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence StringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate Property Map A
tls_certificate
block as defined below.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Child
Policies List<string> A list of reference to child Firewall Policies of this Firewall Policy.
- Firewalls List<string>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
The provider-assigned unique ID for this managed resource.
- Rule
Collection List<string>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Child
Policies []string A list of reference to child Firewall Policies of this Firewall Policy.
- Firewalls []string
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
The provider-assigned unique ID for this managed resource.
- Rule
Collection []stringGroups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies List<String> A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls List<String>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
The provider-assigned unique ID for this managed resource.
- rule
Collection List<String>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies string[] A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls string[]
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id string
The provider-assigned unique ID for this managed resource.
- rule
Collection string[]Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child_
policies Sequence[str] A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls Sequence[str]
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id str
The provider-assigned unique ID for this managed resource.
- rule_
collection_ Sequence[str]groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies List<String> A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls List<String>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
The provider-assigned unique ID for this managed resource.
- rule
Collection List<String>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
Look up Existing FirewallPolicy Resource
Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_learn_private_ranges_enabled: Optional[bool] = None,
base_policy_id: Optional[str] = None,
child_policies: Optional[Sequence[str]] = None,
dns: Optional[FirewallPolicyDnsArgs] = None,
explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
firewalls: Optional[Sequence[str]] = None,
identity: Optional[FirewallPolicyIdentityArgs] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
resource_group_name: Optional[str] = None,
rule_collection_groups: Optional[Sequence[str]] = None,
sku: Optional[str] = None,
sql_redirect_allowed: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
threat_intelligence_mode: Optional[str] = None,
tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None) -> FirewallPolicy
func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auto
Learn boolPrivate Ranges Enabled Whether enable auto learn private ip range.
- Base
Policy stringId The ID of the base Firewall Policy.
- Child
Policies List<string> A list of reference to child Firewall Policies of this Firewall Policy.
- Dns
Firewall
Policy Dns A
dns
block as defined below.- Explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- Firewalls List<string>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Identity
Firewall
Policy Identity An
identity
block as defined below.- Insights
Firewall
Policy Insights An
insights
block as defined below.- Intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- Location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip List<string>Ranges A list of private IP ranges to which traffic will not be SNAT.
- Resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Rule
Collection List<string>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- Sql
Redirect boolAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Dictionary<string, string>
A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- Threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- Tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- Auto
Learn boolPrivate Ranges Enabled Whether enable auto learn private ip range.
- Base
Policy stringId The ID of the base Firewall Policy.
- Child
Policies []string A list of reference to child Firewall Policies of this Firewall Policy.
- Dns
Firewall
Policy Dns Args A
dns
block as defined below.- Explicit
Proxy FirewallPolicy Explicit Proxy Args A
explicit_proxy
block as defined below.- Firewalls []string
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Identity
Firewall
Policy Identity Args An
identity
block as defined below.- Insights
Firewall
Policy Insights Args An
insights
block as defined below.- Intrusion
Detection FirewallPolicy Intrusion Detection Args A
intrusion_detection
block as defined below.- Location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip []stringRanges A list of private IP ranges to which traffic will not be SNAT.
- Resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Rule
Collection []stringGroups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- Sql
Redirect boolAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- map[string]string
A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist Args A
threat_intelligence_allowlist
block as defined below.- Threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- Tls
Certificate FirewallPolicy Tls Certificate Args A
tls_certificate
block as defined below.
- auto
Learn BooleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy StringId The ID of the base Firewall Policy.
- child
Policies List<String> A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns A
dns
block as defined below.- explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- firewalls List<String>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity An
identity
block as defined below.- insights
Firewall
Policy Insights An
insights
block as defined below.- intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- location String
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges A list of private IP ranges to which traffic will not be SNAT.
- resource
Group StringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection List<String>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku String
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect BooleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Map<String,String>
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence StringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- auto
Learn booleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy stringId The ID of the base Firewall Policy.
- child
Policies string[] A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns A
dns
block as defined below.- explicit
Proxy FirewallPolicy Explicit Proxy A
explicit_proxy
block as defined below.- firewalls string[]
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity An
identity
block as defined below.- insights
Firewall
Policy Insights An
insights
block as defined below.- intrusion
Detection FirewallPolicy Intrusion Detection A
intrusion_detection
block as defined below.- location string
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name string
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip string[]Ranges A list of private IP ranges to which traffic will not be SNAT.
- resource
Group stringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection string[]Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku string
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect booleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- {[key: string]: string}
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence stringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate FirewallPolicy Tls Certificate A
tls_certificate
block as defined below.
- auto_
learn_ boolprivate_ ranges_ enabled Whether enable auto learn private ip range.
- base_
policy_ strid The ID of the base Firewall Policy.
- child_
policies Sequence[str] A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns Args A
dns
block as defined below.- explicit_
proxy FirewallPolicy Explicit Proxy Args A
explicit_proxy
block as defined below.- firewalls Sequence[str]
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity Args An
identity
block as defined below.- insights
Firewall
Policy Insights Args An
insights
block as defined below.- intrusion_
detection FirewallPolicy Intrusion Detection Args A
intrusion_detection
block as defined below.- location str
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name str
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private_
ip_ Sequence[str]ranges A list of private IP ranges to which traffic will not be SNAT.
- resource_
group_ strname The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule_
collection_ Sequence[str]groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku str
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql_
redirect_ boolallowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Mapping[str, str]
A mapping of tags which should be assigned to the Firewall Policy.
- threat_
intelligence_ Firewallallowlist Policy Threat Intelligence Allowlist Args A
threat_intelligence_allowlist
block as defined below.- threat_
intelligence_ strmode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls_
certificate FirewallPolicy Tls Certificate Args A
tls_certificate
block as defined below.
- auto
Learn BooleanPrivate Ranges Enabled Whether enable auto learn private ip range.
- base
Policy StringId The ID of the base Firewall Policy.
- child
Policies List<String> A list of reference to child Firewall Policies of this Firewall Policy.
- dns Property Map
A
dns
block as defined below.- explicit
Proxy Property Map A
explicit_proxy
block as defined below.- firewalls List<String>
A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity Property Map
An
identity
block as defined below.- insights Property Map
An
insights
block as defined below.- intrusion
Detection Property Map A
intrusion_detection
block as defined below.- location String
The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges A list of private IP ranges to which traffic will not be SNAT.
- resource
Group StringName The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection List<String>Groups A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku String
The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Changing this forces a new Firewall Policy to be created.- sql
Redirect BooleanAllowed Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
.- Map<String>
A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence Property MapAllowlist A
threat_intelligence_allowlist
block as defined below.- threat
Intelligence StringMode The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
.- tls
Certificate Property Map A
tls_certificate
block as defined below.
Supporting Types
FirewallPolicyDns, FirewallPolicyDnsArgs
- Proxy
Enabled bool Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- Servers List<string>
A list of custom DNS servers' IP addresses.
- Proxy
Enabled bool Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- Servers []string
A list of custom DNS servers' IP addresses.
- proxy
Enabled Boolean Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- servers List<String>
A list of custom DNS servers' IP addresses.
- proxy
Enabled boolean Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- servers string[]
A list of custom DNS servers' IP addresses.
- proxy_
enabled bool Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- servers Sequence[str]
A list of custom DNS servers' IP addresses.
- proxy
Enabled Boolean Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
.- servers List<String>
A list of custom DNS servers' IP addresses.
FirewallPolicyExplicitProxy, FirewallPolicyExplicitProxyArgs
- Enable
Pac boolFile Whether the pac file port and url need to be provided.
- Enabled bool
Whether the explicit proxy is enabled for this Firewall Policy.
- Http
Port int The port number for explicit http protocol.
- Https
Port int The port number for explicit proxy https protocol.
- Pac
File string Specifies a SAS URL for PAC file.
- Pac
File intPort Specifies a port number for firewall to serve PAC file.
- Enable
Pac boolFile Whether the pac file port and url need to be provided.
- Enabled bool
Whether the explicit proxy is enabled for this Firewall Policy.
- Http
Port int The port number for explicit http protocol.
- Https
Port int The port number for explicit proxy https protocol.
- Pac
File string Specifies a SAS URL for PAC file.
- Pac
File intPort Specifies a port number for firewall to serve PAC file.
- enable
Pac BooleanFile Whether the pac file port and url need to be provided.
- enabled Boolean
Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port Integer The port number for explicit http protocol.
- https
Port Integer The port number for explicit proxy https protocol.
- pac
File String Specifies a SAS URL for PAC file.
- pac
File IntegerPort Specifies a port number for firewall to serve PAC file.
- enable
Pac booleanFile Whether the pac file port and url need to be provided.
- enabled boolean
Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port number The port number for explicit http protocol.
- https
Port number The port number for explicit proxy https protocol.
- pac
File string Specifies a SAS URL for PAC file.
- pac
File numberPort Specifies a port number for firewall to serve PAC file.
- enable_
pac_ boolfile Whether the pac file port and url need to be provided.
- enabled bool
Whether the explicit proxy is enabled for this Firewall Policy.
- http_
port int The port number for explicit http protocol.
- https_
port int The port number for explicit proxy https protocol.
- pac_
file str Specifies a SAS URL for PAC file.
- pac_
file_ intport Specifies a port number for firewall to serve PAC file.
- enable
Pac BooleanFile Whether the pac file port and url need to be provided.
- enabled Boolean
Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port Number The port number for explicit http protocol.
- https
Port Number The port number for explicit proxy https protocol.
- pac
File String Specifies a SAS URL for PAC file.
- pac
File NumberPort Specifies a port number for firewall to serve PAC file.
FirewallPolicyIdentity, FirewallPolicyIdentityArgs
- Identity
Ids List<string> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- Type string
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
- Identity
Ids []string Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- Type string
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
- identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- type String
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
- identity
Ids string[] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- type string
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
- identity_
ids Sequence[str] Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- type str
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
- identity
Ids List<String> Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- type String
Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
.
FirewallPolicyInsights, FirewallPolicyInsightsArgs
- Default
Log stringAnalytics Workspace Id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- Enabled bool
Whether the insights functionality is enabled for this Firewall Policy.
- Log
Analytics List<FirewallWorkspaces Policy Insights Log Analytics Workspace> A list of
log_analytics_workspace
block as defined below.- Retention
In intDays The log retention period in days.
- Default
Log stringAnalytics Workspace Id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- Enabled bool
Whether the insights functionality is enabled for this Firewall Policy.
- Log
Analytics []FirewallWorkspaces Policy Insights Log Analytics Workspace A list of
log_analytics_workspace
block as defined below.- Retention
In intDays The log retention period in days.
- default
Log StringAnalytics Workspace Id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- enabled Boolean
Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics List<FirewallWorkspaces Policy Insights Log Analytics Workspace> A list of
log_analytics_workspace
block as defined below.- retention
In IntegerDays The log retention period in days.
- default
Log stringAnalytics Workspace Id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- enabled boolean
Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics FirewallWorkspaces Policy Insights Log Analytics Workspace[] A list of
log_analytics_workspace
block as defined below.- retention
In numberDays The log retention period in days.
- default_
log_ stranalytics_ workspace_ id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- enabled bool
Whether the insights functionality is enabled for this Firewall Policy.
- log_
analytics_ Sequence[Firewallworkspaces Policy Insights Log Analytics Workspace] A list of
log_analytics_workspace
block as defined below.- retention_
in_ intdays The log retention period in days.
- default
Log StringAnalytics Workspace Id The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
.- enabled Boolean
Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics List<Property Map>Workspaces A list of
log_analytics_workspace
block as defined below.- retention
In NumberDays The log retention period in days.
FirewallPolicyInsightsLogAnalyticsWorkspace, FirewallPolicyInsightsLogAnalyticsWorkspaceArgs
- Firewall
Location string The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- Id string
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- Firewall
Location string The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- Id string
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location String The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id String
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location string The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id string
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall_
location str The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id str
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location String The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id String
The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs
- Mode string
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- Private
Ranges List<string> A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- Signature
Overrides List<FirewallPolicy Intrusion Detection Signature Override> One or more
signature_overrides
blocks as defined below.- Traffic
Bypasses List<FirewallPolicy Intrusion Detection Traffic Bypass> One or more
traffic_bypass
blocks as defined below.
- Mode string
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- Private
Ranges []string A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Override One or more
signature_overrides
blocks as defined below.- Traffic
Bypasses []FirewallPolicy Intrusion Detection Traffic Bypass One or more
traffic_bypass
blocks as defined below.
- mode String
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- private
Ranges List<String> A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Override> One or more
signature_overrides
blocks as defined below.- traffic
Bypasses List<FirewallPolicy Intrusion Detection Traffic Bypass> One or more
traffic_bypass
blocks as defined below.
- mode string
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- private
Ranges string[] A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides FirewallPolicy Intrusion Detection Signature Override[] One or more
signature_overrides
blocks as defined below.- traffic
Bypasses FirewallPolicy Intrusion Detection Traffic Bypass[] One or more
traffic_bypass
blocks as defined below.
- mode str
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- private_
ranges Sequence[str] A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Override] One or more
signature_overrides
blocks as defined below.- traffic_
bypasses Sequence[FirewallPolicy Intrusion Detection Traffic Bypass] One or more
traffic_bypass
blocks as defined below.
- mode String
In which mode you want to run intrusion detection:
Off
,Alert
orDeny
.- private
Ranges List<String> A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides List<Property Map> One or more
signature_overrides
blocks as defined below.- traffic
Bypasses List<Property Map> One or more
traffic_bypass
blocks as defined below.
FirewallPolicyIntrusionDetectionSignatureOverride, FirewallPolicyIntrusionDetectionSignatureOverrideArgs
FirewallPolicyIntrusionDetectionTrafficBypass, FirewallPolicyIntrusionDetectionTrafficBypassArgs
- Name string
The name which should be used for this bypass traffic setting.
- Protocol string
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- Description string
The description for this bypass traffic setting.
- Destination
Addresses List<string> Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- Destination
Ip List<string>Groups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- Destination
Ports List<string> Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- Source
Addresses List<string> Specifies a list of source addresses that shall be bypassed by intrusion detection.
- Source
Ip List<string>Groups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- Name string
The name which should be used for this bypass traffic setting.
- Protocol string
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- Description string
The description for this bypass traffic setting.
- Destination
Addresses []string Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- Destination
Ip []stringGroups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- Destination
Ports []string Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- Source
Addresses []string Specifies a list of source addresses that shall be bypassed by intrusion detection.
- Source
Ip []stringGroups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name String
The name which should be used for this bypass traffic setting.
- protocol String
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- description String
The description for this bypass traffic setting.
- destination
Addresses List<String> Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip List<String>Groups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports List<String> Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses List<String> Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip List<String>Groups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name string
The name which should be used for this bypass traffic setting.
- protocol string
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- description string
The description for this bypass traffic setting.
- destination
Addresses string[] Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip string[]Groups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports string[] Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses string[] Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip string[]Groups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name str
The name which should be used for this bypass traffic setting.
- protocol str
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- description str
The description for this bypass traffic setting.
- destination_
addresses Sequence[str] Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination_
ip_ Sequence[str]groups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination_
ports Sequence[str] Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source_
addresses Sequence[str] Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source_
ip_ Sequence[str]groups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name String
The name which should be used for this bypass traffic setting.
- protocol String
The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection.- description String
The description for this bypass traffic setting.
- destination
Addresses List<String> Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip List<String>Groups Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports List<String> Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses List<String> Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip List<String>Groups Specifies a list of source IP groups that shall be bypassed by intrusion detection.
FirewallPolicyThreatIntelligenceAllowlist, FirewallPolicyThreatIntelligenceAllowlistArgs
- Fqdns List<string>
A list of FQDNs that will be skipped for threat detection.
- Ip
Addresses List<string> A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- Fqdns []string
A list of FQDNs that will be skipped for threat detection.
- Ip
Addresses []string A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns List<String>
A list of FQDNs that will be skipped for threat detection.
- ip
Addresses List<String> A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns string[]
A list of FQDNs that will be skipped for threat detection.
- ip
Addresses string[] A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns Sequence[str]
A list of FQDNs that will be skipped for threat detection.
- ip_
addresses Sequence[str] A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns List<String>
A list of FQDNs that will be skipped for threat detection.
- ip
Addresses List<String> A list of IP addresses or CIDR ranges that will be skipped for threat detection.
FirewallPolicyTlsCertificate, FirewallPolicyTlsCertificateArgs
- Key
Vault stringSecret Id The ID of the Key Vault, where the secret or certificate is stored.
- Name string
The name of the certificate.
- Key
Vault stringSecret Id The ID of the Key Vault, where the secret or certificate is stored.
- Name string
The name of the certificate.
- key
Vault StringSecret Id The ID of the Key Vault, where the secret or certificate is stored.
- name String
The name of the certificate.
- key
Vault stringSecret Id The ID of the Key Vault, where the secret or certificate is stored.
- name string
The name of the certificate.
- key_
vault_ strsecret_ id The ID of the Key Vault, where the secret or certificate is stored.
- name str
The name of the certificate.
- key
Vault StringSecret Id The ID of the Key Vault, where the secret or certificate is stored.
- name String
The name of the certificate.
Import
Firewall Policies can be imported using the resource id
, e.g.
$ pulumi import azure:network/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/firewallPolicies/policy1
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurerm
Terraform Provider.