azure.network.FirewallPolicy (v4)

Azure v4.42.0 (4.x), Mar 9 26

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

Example Usage

using Pulumi;
using Azure = Pulumi.Azure;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Azure.Network.FirewallPolicy("example", new Azure.Network.FirewallPolicyArgs
        {
            Location = "West Europe",
            ResourceGroupName = "example",
        });
    }

}

package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v4/go/azure/network"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewFirewallPolicy(ctx, "example", &network.FirewallPolicyArgs{
			Location:          pulumi.String("West Europe"),
			ResourceGroupName: pulumi.String("example"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Example coming soon!

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const example = new azure.network.FirewallPolicy("example", {
    location: "West Europe",
    resourceGroupName: "example",
});

import pulumi
import pulumi_azure as azure

example = azure.network.FirewallPolicy("example",
    location="West Europe",
    resource_group_name="example")

Example coming soon!

Create FirewallPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);

@overload
def FirewallPolicy(resource_name: str,
                   args: FirewallPolicyArgs,
                   opts: Optional[ResourceOptions] = None)

@overload
def FirewallPolicy(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   resource_group_name: Optional[str] = None,
                   name: Optional[str] = None,
                   identity: Optional[FirewallPolicyIdentityArgs] = None,
                   insights: Optional[FirewallPolicyInsightsArgs] = None,
                   intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                   location: Optional[str] = None,
                   base_policy_id: Optional[str] = None,
                   private_ip_ranges: Optional[Sequence[str]] = None,
                   dns: Optional[FirewallPolicyDnsArgs] = None,
                   sku: Optional[str] = None,
                   tags: Optional[Mapping[str, str]] = None,
                   threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
                   threat_intelligence_mode: Optional[str] = None,
                   tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None)

func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)

public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)

public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)

type: azure:network:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureFirewallPolicyResource = new Azure.Network.FirewallPolicy("azureFirewallPolicyResource", new()
{
    ResourceGroupName = "string",
    Name = "string",
    Identity = new Azure.Network.Inputs.FirewallPolicyIdentityArgs
    {
        Type = "string",
        PrincipalId = "string",
        TenantId = "string",
        UserAssignedIdentityIds = new[]
        {
            "string",
        },
    },
    Insights = new Azure.Network.Inputs.FirewallPolicyInsightsArgs
    {
        DefaultLogAnalyticsWorkspaceId = "string",
        Enabled = false,
        LogAnalyticsWorkspaces = new[]
        {
            new Azure.Network.Inputs.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs
            {
                FirewallLocation = "string",
                Id = "string",
            },
        },
        RetentionInDays = 0,
    },
    IntrusionDetection = new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
    {
        Mode = "string",
        SignatureOverrides = new[]
        {
            new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureOverrideArgs
            {
                Id = "string",
                State = "string",
            },
        },
        TrafficBypasses = new[]
        {
            new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionTrafficBypassArgs
            {
                Name = "string",
                Protocol = "string",
                Description = "string",
                DestinationAddresses = new[]
                {
                    "string",
                },
                DestinationIpGroups = new[]
                {
                    "string",
                },
                DestinationPorts = new[]
                {
                    "string",
                },
                SourceAddresses = new[]
                {
                    "string",
                },
                SourceIpGroups = new[]
                {
                    "string",
                },
            },
        },
    },
    Location = "string",
    BasePolicyId = "string",
    PrivateIpRanges = new[]
    {
        "string",
    },
    Dns = new Azure.Network.Inputs.FirewallPolicyDnsArgs
    {
        ProxyEnabled = false,
        Servers = new[]
        {
            "string",
        },
    },
    Sku = "string",
    Tags = 
    {
        { "string", "string" },
    },
    ThreatIntelligenceAllowlist = new Azure.Network.Inputs.FirewallPolicyThreatIntelligenceAllowlistArgs
    {
        Fqdns = new[]
        {
            "string",
        },
        IpAddresses = new[]
        {
            "string",
        },
    },
    ThreatIntelligenceMode = "string",
    TlsCertificate = new Azure.Network.Inputs.FirewallPolicyTlsCertificateArgs
    {
        KeyVaultSecretId = "string",
        Name = "string",
    },
});

example, err := network.NewFirewallPolicy(ctx, "azureFirewallPolicyResource", &network.FirewallPolicyArgs{
	ResourceGroupName: pulumi.String("string"),
	Name:              pulumi.String("string"),
	Identity: &network.FirewallPolicyIdentityArgs{
		Type:        pulumi.String("string"),
		PrincipalId: pulumi.String("string"),
		TenantId:    pulumi.String("string"),
		UserAssignedIdentityIds: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Insights: &network.FirewallPolicyInsightsArgs{
		DefaultLogAnalyticsWorkspaceId: pulumi.String("string"),
		Enabled:                        pulumi.Bool(false),
		LogAnalyticsWorkspaces: network.FirewallPolicyInsightsLogAnalyticsWorkspaceArray{
			&network.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs{
				FirewallLocation: pulumi.String("string"),
				Id:               pulumi.String("string"),
			},
		},
		RetentionInDays: pulumi.Int(0),
	},
	IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
		Mode: pulumi.String("string"),
		SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureOverrideArray{
			&network.FirewallPolicyIntrusionDetectionSignatureOverrideArgs{
				Id:    pulumi.String("string"),
				State: pulumi.String("string"),
			},
		},
		TrafficBypasses: network.FirewallPolicyIntrusionDetectionTrafficBypassArray{
			&network.FirewallPolicyIntrusionDetectionTrafficBypassArgs{
				Name:        pulumi.String("string"),
				Protocol:    pulumi.String("string"),
				Description: pulumi.String("string"),
				DestinationAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				DestinationIpGroups: pulumi.StringArray{
					pulumi.String("string"),
				},
				DestinationPorts: pulumi.StringArray{
					pulumi.String("string"),
				},
				SourceAddresses: pulumi.StringArray{
					pulumi.String("string"),
				},
				SourceIpGroups: pulumi.StringArray{
					pulumi.String("string"),
				},
			},
		},
	},
	Location:     pulumi.String("string"),
	BasePolicyId: pulumi.String("string"),
	PrivateIpRanges: pulumi.StringArray{
		pulumi.String("string"),
	},
	Dns: &network.FirewallPolicyDnsArgs{
		ProxyEnabled: pulumi.Bool(false),
		Servers: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	Sku: pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ThreatIntelligenceAllowlist: &network.FirewallPolicyThreatIntelligenceAllowlistArgs{
		Fqdns: pulumi.StringArray{
			pulumi.String("string"),
		},
		IpAddresses: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	ThreatIntelligenceMode: pulumi.String("string"),
	TlsCertificate: &network.FirewallPolicyTlsCertificateArgs{
		KeyVaultSecretId: pulumi.String("string"),
		Name:             pulumi.String("string"),
	},
})

var azureFirewallPolicyResource = new com.pulumi.azure.network.FirewallPolicy("azureFirewallPolicyResource", com.pulumi.azure.network.FirewallPolicyArgs.builder()
    .resourceGroupName("string")
    .name("string")
    .identity(FirewallPolicyIdentityArgs.builder()
        .type("string")
        .principalId("string")
        .tenantId("string")
        .userAssignedIdentityIds("string")
        .build())
    .insights(FirewallPolicyInsightsArgs.builder()
        .defaultLogAnalyticsWorkspaceId("string")
        .enabled(false)
        .logAnalyticsWorkspaces(FirewallPolicyInsightsLogAnalyticsWorkspaceArgs.builder()
            .firewallLocation("string")
            .id("string")
            .build())
        .retentionInDays(0)
        .build())
    .intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
        .mode("string")
        .signatureOverrides(FirewallPolicyIntrusionDetectionSignatureOverrideArgs.builder()
            .id("string")
            .state("string")
            .build())
        .trafficBypasses(FirewallPolicyIntrusionDetectionTrafficBypassArgs.builder()
            .name("string")
            .protocol("string")
            .description("string")
            .destinationAddresses("string")
            .destinationIpGroups("string")
            .destinationPorts("string")
            .sourceAddresses("string")
            .sourceIpGroups("string")
            .build())
        .build())
    .location("string")
    .basePolicyId("string")
    .privateIpRanges("string")
    .dns(FirewallPolicyDnsArgs.builder()
        .proxyEnabled(false)
        .servers("string")
        .build())
    .sku("string")
    .tags(Map.of("string", "string"))
    .threatIntelligenceAllowlist(FirewallPolicyThreatIntelligenceAllowlistArgs.builder()
        .fqdns("string")
        .ipAddresses("string")
        .build())
    .threatIntelligenceMode("string")
    .tlsCertificate(FirewallPolicyTlsCertificateArgs.builder()
        .keyVaultSecretId("string")
        .name("string")
        .build())
    .build());

azure_firewall_policy_resource = azure.network.FirewallPolicy("azureFirewallPolicyResource",
    resource_group_name="string",
    name="string",
    identity={
        "type": "string",
        "principal_id": "string",
        "tenant_id": "string",
        "user_assigned_identity_ids": ["string"],
    },
    insights={
        "default_log_analytics_workspace_id": "string",
        "enabled": False,
        "log_analytics_workspaces": [{
            "firewall_location": "string",
            "id": "string",
        }],
        "retention_in_days": 0,
    },
    intrusion_detection={
        "mode": "string",
        "signature_overrides": [{
            "id": "string",
            "state": "string",
        }],
        "traffic_bypasses": [{
            "name": "string",
            "protocol": "string",
            "description": "string",
            "destination_addresses": ["string"],
            "destination_ip_groups": ["string"],
            "destination_ports": ["string"],
            "source_addresses": ["string"],
            "source_ip_groups": ["string"],
        }],
    },
    location="string",
    base_policy_id="string",
    private_ip_ranges=["string"],
    dns={
        "proxy_enabled": False,
        "servers": ["string"],
    },
    sku="string",
    tags={
        "string": "string",
    },
    threat_intelligence_allowlist={
        "fqdns": ["string"],
        "ip_addresses": ["string"],
    },
    threat_intelligence_mode="string",
    tls_certificate={
        "key_vault_secret_id": "string",
        "name": "string",
    })

const azureFirewallPolicyResource = new azure.network.FirewallPolicy("azureFirewallPolicyResource", {
    resourceGroupName: "string",
    name: "string",
    identity: {
        type: "string",
        principalId: "string",
        tenantId: "string",
        userAssignedIdentityIds: ["string"],
    },
    insights: {
        defaultLogAnalyticsWorkspaceId: "string",
        enabled: false,
        logAnalyticsWorkspaces: [{
            firewallLocation: "string",
            id: "string",
        }],
        retentionInDays: 0,
    },
    intrusionDetection: {
        mode: "string",
        signatureOverrides: [{
            id: "string",
            state: "string",
        }],
        trafficBypasses: [{
            name: "string",
            protocol: "string",
            description: "string",
            destinationAddresses: ["string"],
            destinationIpGroups: ["string"],
            destinationPorts: ["string"],
            sourceAddresses: ["string"],
            sourceIpGroups: ["string"],
        }],
    },
    location: "string",
    basePolicyId: "string",
    privateIpRanges: ["string"],
    dns: {
        proxyEnabled: false,
        servers: ["string"],
    },
    sku: "string",
    tags: {
        string: "string",
    },
    threatIntelligenceAllowlist: {
        fqdns: ["string"],
        ipAddresses: ["string"],
    },
    threatIntelligenceMode: "string",
    tlsCertificate: {
        keyVaultSecretId: "string",
        name: "string",
    },
});

type: azure:network:FirewallPolicy
properties:
    basePolicyId: string
    dns:
        proxyEnabled: false
        servers:
            - string
    identity:
        principalId: string
        tenantId: string
        type: string
        userAssignedIdentityIds:
            - string
    insights:
        defaultLogAnalyticsWorkspaceId: string
        enabled: false
        logAnalyticsWorkspaces:
            - firewallLocation: string
              id: string
        retentionInDays: 0
    intrusionDetection:
        mode: string
        signatureOverrides:
            - id: string
              state: string
        trafficBypasses:
            - description: string
              destinationAddresses:
                - string
              destinationIpGroups:
                - string
              destinationPorts:
                - string
              name: string
              protocol: string
              sourceAddresses:
                - string
              sourceIpGroups:
                - string
    location: string
    name: string
    privateIpRanges:
        - string
    resourceGroupName: string
    sku: string
    tags:
        string: string
    threatIntelligenceAllowlist:
        fqdns:
            - string
        ipAddresses:
            - string
    threatIntelligenceMode: string
    tlsCertificate:
        keyVaultSecretId: string
        name: string

FirewallPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallPolicy resource accepts the following input properties:

ResourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
BasePolicyId string: The ID of the base Firewall Policy.
Dns FirewallPolicyDns: A dns block as defined below.
Identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
Insights FirewallPolicyInsights: An insights block as defined below.
IntrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
Location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
Name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
PrivateIpRanges List<string>: A list of private IP ranges to which traffic will not be SNAT.
Sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
Tags Dictionary<string, string>: A mapping of tags which should be assigned to the Firewall Policy.
ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
ThreatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
TlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

ResourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
BasePolicyId string: The ID of the base Firewall Policy.
Dns FirewallPolicyDnsArgs: A dns block as defined below.
Identity FirewallPolicyIdentityArgs: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
Insights FirewallPolicyInsightsArgs: An insights block as defined below.
IntrusionDetection FirewallPolicyIntrusionDetectionArgs: A intrusion_detection block as defined below.
Location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
Name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
PrivateIpRanges []string: A list of private IP ranges to which traffic will not be SNAT.
Sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
Tags map[string]string: A mapping of tags which should be assigned to the Firewall Policy.
ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlistArgs: A threat_intelligence_allowlist block as defined below.
ThreatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
TlsCertificate FirewallPolicyTlsCertificateArgs: A tls_certificate block as defined below.

resourceGroupName String: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
basePolicyId String: The ID of the base Firewall Policy.
dns FirewallPolicyDns: A dns block as defined below.
identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsights: An insights block as defined below.
intrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
location String: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name String: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges List<String>: A list of private IP ranges to which traffic will not be SNAT.
sku String: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Map<String,String>: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode String: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

resourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
basePolicyId string: The ID of the base Firewall Policy.
dns FirewallPolicyDns: A dns block as defined below.
identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsights: An insights block as defined below.
intrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges string[]: A list of private IP ranges to which traffic will not be SNAT.
sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags {[key: string]: string}: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

resource_group_name str: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
base_policy_id str: The ID of the base Firewall Policy.
dns FirewallPolicyDnsArgs: A dns block as defined below.
identity FirewallPolicyIdentityArgs: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsightsArgs: An insights block as defined below.
intrusion_detection FirewallPolicyIntrusionDetectionArgs: A intrusion_detection block as defined below.
location str: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name str: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
private_ip_ranges Sequence[str]: A list of private IP ranges to which traffic will not be SNAT.
sku str: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Mapping[str, str]: A mapping of tags which should be assigned to the Firewall Policy.
threat_intelligence_allowlist FirewallPolicyThreatIntelligenceAllowlistArgs: A threat_intelligence_allowlist block as defined below.
threat_intelligence_mode str: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tls_certificate FirewallPolicyTlsCertificateArgs: A tls_certificate block as defined below.

resourceGroupName String: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
basePolicyId String: The ID of the base Firewall Policy.
dns Property Map: A dns block as defined below.
identity Property Map: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights Property Map: An insights block as defined below.
intrusionDetection Property Map: A intrusion_detection block as defined below.
location String: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name String: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges List<String>: A list of private IP ranges to which traffic will not be SNAT.
sku String: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Map<String>: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist Property Map: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode String: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate Property Map: A tls_certificate block as defined below.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:

ChildPolicies List<string>: A list of reference to child Firewall Policies of this Firewall Policy.
Firewalls List<string>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
Id string: The provider-assigned unique ID for this managed resource.
RuleCollectionGroups List<string>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

ChildPolicies []string: A list of reference to child Firewall Policies of this Firewall Policy.
Firewalls []string: A list of references to Azure Firewalls that this Firewall Policy is associated with.
Id string: The provider-assigned unique ID for this managed resource.
RuleCollectionGroups []string: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

childPolicies List<String>: A list of reference to child Firewall Policies of this Firewall Policy.
firewalls List<String>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
id String: The provider-assigned unique ID for this managed resource.
ruleCollectionGroups List<String>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

childPolicies string[]: A list of reference to child Firewall Policies of this Firewall Policy.
firewalls string[]: A list of references to Azure Firewalls that this Firewall Policy is associated with.
id string: The provider-assigned unique ID for this managed resource.
ruleCollectionGroups string[]: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

child_policies Sequence[str]: A list of reference to child Firewall Policies of this Firewall Policy.
firewalls Sequence[str]: A list of references to Azure Firewalls that this Firewall Policy is associated with.
id str: The provider-assigned unique ID for this managed resource.
rule_collection_groups Sequence[str]: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

childPolicies List<String>: A list of reference to child Firewall Policies of this Firewall Policy.
firewalls List<String>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
id String: The provider-assigned unique ID for this managed resource.
ruleCollectionGroups List<String>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.

Look up Existing FirewallPolicy Resource

Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        base_policy_id: Optional[str] = None,
        child_policies: Optional[Sequence[str]] = None,
        dns: Optional[FirewallPolicyDnsArgs] = None,
        firewalls: Optional[Sequence[str]] = None,
        identity: Optional[FirewallPolicyIdentityArgs] = None,
        insights: Optional[FirewallPolicyInsightsArgs] = None,
        intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
        location: Optional[str] = None,
        name: Optional[str] = None,
        private_ip_ranges: Optional[Sequence[str]] = None,
        resource_group_name: Optional[str] = None,
        rule_collection_groups: Optional[Sequence[str]] = None,
        sku: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
        threat_intelligence_mode: Optional[str] = None,
        tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None) -> FirewallPolicy

func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)

public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)

public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)

resources:  _:    type: azure:network:FirewallPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

BasePolicyId string: The ID of the base Firewall Policy.
ChildPolicies List<string>: A list of reference to child Firewall Policies of this Firewall Policy.
Dns FirewallPolicyDns: A dns block as defined below.
Firewalls List<string>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
Identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
Insights FirewallPolicyInsights: An insights block as defined below.
IntrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
Location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
Name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
PrivateIpRanges List<string>: A list of private IP ranges to which traffic will not be SNAT.
ResourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
RuleCollectionGroups List<string>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
Sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
Tags Dictionary<string, string>: A mapping of tags which should be assigned to the Firewall Policy.
ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
ThreatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
TlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

BasePolicyId string: The ID of the base Firewall Policy.
ChildPolicies []string: A list of reference to child Firewall Policies of this Firewall Policy.
Dns FirewallPolicyDnsArgs: A dns block as defined below.
Firewalls []string: A list of references to Azure Firewalls that this Firewall Policy is associated with.
Identity FirewallPolicyIdentityArgs: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
Insights FirewallPolicyInsightsArgs: An insights block as defined below.
IntrusionDetection FirewallPolicyIntrusionDetectionArgs: A intrusion_detection block as defined below.
Location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
Name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
PrivateIpRanges []string: A list of private IP ranges to which traffic will not be SNAT.
ResourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
RuleCollectionGroups []string: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
Sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
Tags map[string]string: A mapping of tags which should be assigned to the Firewall Policy.
ThreatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlistArgs: A threat_intelligence_allowlist block as defined below.
ThreatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
TlsCertificate FirewallPolicyTlsCertificateArgs: A tls_certificate block as defined below.

basePolicyId String: The ID of the base Firewall Policy.
childPolicies List<String>: A list of reference to child Firewall Policies of this Firewall Policy.
dns FirewallPolicyDns: A dns block as defined below.
firewalls List<String>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsights: An insights block as defined below.
intrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
location String: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name String: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges List<String>: A list of private IP ranges to which traffic will not be SNAT.
resourceGroupName String: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
ruleCollectionGroups List<String>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
sku String: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Map<String,String>: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode String: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

basePolicyId string: The ID of the base Firewall Policy.
childPolicies string[]: A list of reference to child Firewall Policies of this Firewall Policy.
dns FirewallPolicyDns: A dns block as defined below.
firewalls string[]: A list of references to Azure Firewalls that this Firewall Policy is associated with.
identity FirewallPolicyIdentity: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsights: An insights block as defined below.
intrusionDetection FirewallPolicyIntrusionDetection: A intrusion_detection block as defined below.
location string: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name string: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges string[]: A list of private IP ranges to which traffic will not be SNAT.
resourceGroupName string: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
ruleCollectionGroups string[]: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
sku string: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags {[key: string]: string}: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist FirewallPolicyThreatIntelligenceAllowlist: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode string: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate FirewallPolicyTlsCertificate: A tls_certificate block as defined below.

base_policy_id str: The ID of the base Firewall Policy.
child_policies Sequence[str]: A list of reference to child Firewall Policies of this Firewall Policy.
dns FirewallPolicyDnsArgs: A dns block as defined below.
firewalls Sequence[str]: A list of references to Azure Firewalls that this Firewall Policy is associated with.
identity FirewallPolicyIdentityArgs: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights FirewallPolicyInsightsArgs: An insights block as defined below.
intrusion_detection FirewallPolicyIntrusionDetectionArgs: A intrusion_detection block as defined below.
location str: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name str: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
private_ip_ranges Sequence[str]: A list of private IP ranges to which traffic will not be SNAT.
resource_group_name str: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
rule_collection_groups Sequence[str]: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
sku str: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Mapping[str, str]: A mapping of tags which should be assigned to the Firewall Policy.
threat_intelligence_allowlist FirewallPolicyThreatIntelligenceAllowlistArgs: A threat_intelligence_allowlist block as defined below.
threat_intelligence_mode str: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tls_certificate FirewallPolicyTlsCertificateArgs: A tls_certificate block as defined below.

basePolicyId String: The ID of the base Firewall Policy.
childPolicies List<String>: A list of reference to child Firewall Policies of this Firewall Policy.
dns Property Map: A dns block as defined below.
firewalls List<String>: A list of references to Azure Firewalls that this Firewall Policy is associated with.
identity Property Map: An identity block as defined below. Changing this forces a new Firewall Policy to be created.
insights Property Map: An insights block as defined below.
intrusionDetection Property Map: A intrusion_detection block as defined below.
location String: The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
name String: The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
privateIpRanges List<String>: A list of private IP ranges to which traffic will not be SNAT.
resourceGroupName String: The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
ruleCollectionGroups List<String>: A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
sku String: The SKU Tier of the Firewall Policy. Possible values are Standard, Premium. Changing this forces a new Firewall Policy to be created.
tags Map<String>: A mapping of tags which should be assigned to the Firewall Policy.
threatIntelligenceAllowlist Property Map: A threat_intelligence_allowlist block as defined below.
threatIntelligenceMode String: The operation mode for Threat Intelligence. Possible values are Alert, Deny and Off. Defaults to Alert.
tlsCertificate Property Map: A tls_certificate block as defined below.

Supporting Types

FirewallPolicyDns, FirewallPolicyDnsArgs

NetworkRuleFqdnEnabled bool: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
ProxyEnabled bool: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
Servers List<string>: A list of custom DNS servers' IP addresses.

NetworkRuleFqdnEnabled bool: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
ProxyEnabled bool: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
Servers []string: A list of custom DNS servers' IP addresses.

networkRuleFqdnEnabled Boolean: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
proxyEnabled Boolean: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
servers List<String>: A list of custom DNS servers' IP addresses.

networkRuleFqdnEnabled boolean: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
proxyEnabled boolean: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
servers string[]: A list of custom DNS servers' IP addresses.

network_rule_fqdn_enabled bool: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
proxy_enabled bool: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
servers Sequence[str]: A list of custom DNS servers' IP addresses.

networkRuleFqdnEnabled Boolean: Should the network rule fqdn be enabled?
Deprecated: This property has been deprecated as the service team has removed it from all API versions and is no longer supported by Azure. It will be removed in v3.0 of the provider.
proxyEnabled Boolean: Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to false.
servers List<String>: A list of custom DNS servers' IP addresses.

FirewallPolicyIdentity, FirewallPolicyIdentityArgs

Type string: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
PrincipalId string
TenantId string
UserAssignedIdentityIds List<string>: Specifies a list of user assigned managed identities.

Type string: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
PrincipalId string
TenantId string
UserAssignedIdentityIds []string: Specifies a list of user assigned managed identities.

type String: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
principalId String
tenantId String
userAssignedIdentityIds List<String>: Specifies a list of user assigned managed identities.

type string: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
principalId string
tenantId string
userAssignedIdentityIds string[]: Specifies a list of user assigned managed identities.

type str: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
principal_id str
tenant_id str
user_assigned_identity_ids Sequence[str]: Specifies a list of user assigned managed identities.

type String: Type of the identity. At the moment only "UserAssigned" is supported. Changing this forces a new Firewall Policy to be created.
principalId String
tenantId String
userAssignedIdentityIds List<String>: Specifies a list of user assigned managed identities.

FirewallPolicyInsights, FirewallPolicyInsightsArgs

DefaultLogAnalyticsWorkspaceId string: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
Enabled bool: Whether the insights functionality is enabled for this Firewall Policy.
LogAnalyticsWorkspaces List<FirewallPolicyInsightsLogAnalyticsWorkspace>: A list of log_analytics_workspace block as defined below.
RetentionInDays int: The log retention period in days.

DefaultLogAnalyticsWorkspaceId string: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
Enabled bool: Whether the insights functionality is enabled for this Firewall Policy.
LogAnalyticsWorkspaces []FirewallPolicyInsightsLogAnalyticsWorkspace: A list of log_analytics_workspace block as defined below.
RetentionInDays int: The log retention period in days.

defaultLogAnalyticsWorkspaceId String: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
enabled Boolean: Whether the insights functionality is enabled for this Firewall Policy.
logAnalyticsWorkspaces List<FirewallPolicyInsightsLogAnalyticsWorkspace>: A list of log_analytics_workspace block as defined below.
retentionInDays Integer: The log retention period in days.

defaultLogAnalyticsWorkspaceId string: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
enabled boolean: Whether the insights functionality is enabled for this Firewall Policy.
logAnalyticsWorkspaces FirewallPolicyInsightsLogAnalyticsWorkspace[]: A list of log_analytics_workspace block as defined below.
retentionInDays number: The log retention period in days.

default_log_analytics_workspace_id str: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
enabled bool: Whether the insights functionality is enabled for this Firewall Policy.
log_analytics_workspaces Sequence[FirewallPolicyInsightsLogAnalyticsWorkspace]: A list of log_analytics_workspace block as defined below.
retention_in_days int: The log retention period in days.

defaultLogAnalyticsWorkspaceId String: The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the log_analytics_workspace.
enabled Boolean: Whether the insights functionality is enabled for this Firewall Policy.
logAnalyticsWorkspaces List<Property Map>: A list of log_analytics_workspace block as defined below.
retentionInDays Number: The log retention period in days.

FirewallPolicyInsightsLogAnalyticsWorkspace, FirewallPolicyInsightsLogAnalyticsWorkspaceArgs

FirewallLocation string: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
Id string: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

FirewallLocation string: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
Id string: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

firewallLocation String: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
id String: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

firewallLocation string: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
id string: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

firewall_location str: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
id str: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

firewallLocation String: The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
id String: The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the firewall_location.

FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

Mode string: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
SignatureOverrides List<FirewallPolicyIntrusionDetectionSignatureOverride>: One or more signature_overrides blocks as defined below.
TrafficBypasses List<FirewallPolicyIntrusionDetectionTrafficBypass>: One or more traffic_bypass blocks as defined below.

Mode string: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureOverride: One or more signature_overrides blocks as defined below.
TrafficBypasses []FirewallPolicyIntrusionDetectionTrafficBypass: One or more traffic_bypass blocks as defined below.

mode String: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureOverride>: One or more signature_overrides blocks as defined below.
trafficBypasses List<FirewallPolicyIntrusionDetectionTrafficBypass>: One or more traffic_bypass blocks as defined below.

mode string: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
signatureOverrides FirewallPolicyIntrusionDetectionSignatureOverride[]: One or more signature_overrides blocks as defined below.
trafficBypasses FirewallPolicyIntrusionDetectionTrafficBypass[]: One or more traffic_bypass blocks as defined below.

mode str: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureOverride]: One or more signature_overrides blocks as defined below.
traffic_bypasses Sequence[FirewallPolicyIntrusionDetectionTrafficBypass]: One or more traffic_bypass blocks as defined below.

mode String: In which mode you want to run intrusion detection: "Off", "Alert" or "Deny".
signatureOverrides List<Property Map>: One or more signature_overrides blocks as defined below.
trafficBypasses List<Property Map>: One or more traffic_bypass blocks as defined below.

FirewallPolicyIntrusionDetectionSignatureOverride, FirewallPolicyIntrusionDetectionSignatureOverrideArgs

Id string: 12-digit number (id) which identifies your signature.
State string: state can be any of "Off", "Alert" or "Deny".

Id string: 12-digit number (id) which identifies your signature.
State string: state can be any of "Off", "Alert" or "Deny".

id String: 12-digit number (id) which identifies your signature.
state String: state can be any of "Off", "Alert" or "Deny".

id string: 12-digit number (id) which identifies your signature.
state string: state can be any of "Off", "Alert" or "Deny".

id str: 12-digit number (id) which identifies your signature.
state str: state can be any of "Off", "Alert" or "Deny".

id String: 12-digit number (id) which identifies your signature.
state String: state can be any of "Off", "Alert" or "Deny".

FirewallPolicyIntrusionDetectionTrafficBypass, FirewallPolicyIntrusionDetectionTrafficBypassArgs

Name string: The name which should be used for this bypass traffic setting.
Protocol string: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
Description string: The description for this bypass traffic setting.
DestinationAddresses List<string>: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
DestinationIpGroups List<string>: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
DestinationPorts List<string>: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
SourceAddresses List<string>: Specifies a list of source addresses that shall be bypassed by intrusion detection.
SourceIpGroups List<string>: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

Name string: The name which should be used for this bypass traffic setting.
Protocol string: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
Description string: The description for this bypass traffic setting.
DestinationAddresses []string: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
DestinationIpGroups []string: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
DestinationPorts []string: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
SourceAddresses []string: Specifies a list of source addresses that shall be bypassed by intrusion detection.
SourceIpGroups []string: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

name String: The name which should be used for this bypass traffic setting.
protocol String: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
description String: The description for this bypass traffic setting.
destinationAddresses List<String>: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
destinationIpGroups List<String>: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
destinationPorts List<String>: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
sourceAddresses List<String>: Specifies a list of source addresses that shall be bypassed by intrusion detection.
sourceIpGroups List<String>: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

name string: The name which should be used for this bypass traffic setting.
protocol string: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
description string: The description for this bypass traffic setting.
destinationAddresses string[]: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
destinationIpGroups string[]: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
destinationPorts string[]: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
sourceAddresses string[]: Specifies a list of source addresses that shall be bypassed by intrusion detection.
sourceIpGroups string[]: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

name str: The name which should be used for this bypass traffic setting.
protocol str: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
description str: The description for this bypass traffic setting.
destination_addresses Sequence[str]: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
destination_ip_groups Sequence[str]: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
destination_ports Sequence[str]: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
source_addresses Sequence[str]: Specifies a list of source addresses that shall be bypassed by intrusion detection.
source_ip_groups Sequence[str]: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

name String: The name which should be used for this bypass traffic setting.
protocol String: The protocols any of "ANY", "TCP", "ICMP", "UDP" that shall be bypassed by intrusion detection.
description String: The description for this bypass traffic setting.
destinationAddresses List<String>: Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
destinationIpGroups List<String>: Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
destinationPorts List<String>: Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
sourceAddresses List<String>: Specifies a list of source addresses that shall be bypassed by intrusion detection.
sourceIpGroups List<String>: Specifies a list of source ip groups that shall be bypassed by intrusion detection.

FirewallPolicyThreatIntelligenceAllowlist, FirewallPolicyThreatIntelligenceAllowlistArgs

Fqdns List<string>: A list of FQDNs that will be skipped for threat detection.
IpAddresses List<string>: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

Fqdns []string: A list of FQDNs that will be skipped for threat detection.
IpAddresses []string: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

fqdns List<String>: A list of FQDNs that will be skipped for threat detection.
ipAddresses List<String>: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

fqdns string[]: A list of FQDNs that will be skipped for threat detection.
ipAddresses string[]: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

fqdns Sequence[str]: A list of FQDNs that will be skipped for threat detection.
ip_addresses Sequence[str]: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

fqdns List<String>: A list of FQDNs that will be skipped for threat detection.
ipAddresses List<String>: A list of IP addresses or CIDR ranges that will be skipped for threat detection.

FirewallPolicyTlsCertificate, FirewallPolicyTlsCertificateArgs

KeyVaultSecretId string: The ID of the Key Vault, where the secret or certificate is stored.
Name string: The name of the certificate.

KeyVaultSecretId string: The ID of the Key Vault, where the secret or certificate is stored.
Name string: The name of the certificate.

keyVaultSecretId String: The ID of the Key Vault, where the secret or certificate is stored.
name String: The name of the certificate.

keyVaultSecretId string: The ID of the Key Vault, where the secret or certificate is stored.
name string: The name of the certificate.

key_vault_secret_id str: The ID of the Key Vault, where the secret or certificate is stored.
name str: The name of the certificate.

keyVaultSecretId String: The ID of the Key Vault, where the secret or certificate is stored.
name String: The name of the certificate.

Import

Firewall Policies can be imported using the resource id, e.g.

 $ pulumi import azure:network/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/firewallPolicies/policy1

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Azure Classic pulumi/pulumi-azure
License: Apache-2.0
Notes: This Pulumi package is based on the azurerm Terraform Provider.

We recommend using Azure Native.

Viewing docs for Azure v4.42.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi

Go to latest version

Schema (JSON)

pulumi/pulumi-azure

azure.network.FirewallPolicy

On this page

On this page

Example Usage

Create FirewallPolicy Resource

Constructor syntax

Parameters

Constructor example

FirewallPolicy Resource Properties

Inputs

Outputs

Look up Existing FirewallPolicy Resource

Supporting Types

FirewallPolicyDns, FirewallPolicyDnsArgs

FirewallPolicyIdentity, FirewallPolicyIdentityArgs

FirewallPolicyInsights, FirewallPolicyInsightsArgs

FirewallPolicyInsightsLogAnalyticsWorkspace, FirewallPolicyInsightsLogAnalyticsWorkspaceArgs

FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

FirewallPolicyIntrusionDetectionSignatureOverride, FirewallPolicyIntrusionDetectionSignatureOverrideArgs

FirewallPolicyIntrusionDetectionTrafficBypass, FirewallPolicyIntrusionDetectionTrafficBypassArgs

FirewallPolicyThreatIntelligenceAllowlist, FirewallPolicyThreatIntelligenceAllowlistArgs

FirewallPolicyTlsCertificate, FirewallPolicyTlsCertificateArgs

Import

Package Details

On this page

On this page