azure-native.network.AzureFirewall
Explore with Pulumi AI
Azure Firewall resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01.
Other available API versions: 2020-04-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01, 2024-03-01.
Example Usage
Create Azure Firewall
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(443),
ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
.name("apprulecoll")
.priority(110)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("Deny inbound rule")
.name("rule1")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(443)
.protocolType("Https")
.build())
.sourceAddresses(
"216.58.216.164",
"10.0.0.0/24")
.targetFqdns("www.test.com")
.build())
.build())
.azureFirewallName("azurefirewall")
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
.build())
.build())
.location("West US")
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("Dnat")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
.name("natrulecoll")
.priority(112)
.rules(
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all outbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("443")
.name("DNAT-HTTPS-traffic")
.protocols("TCP")
.sourceAddresses("*")
.translatedAddress("1.2.3.5")
.translatedPort("8443")
.build(),
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all inbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("80")
.name("DNAT-HTTP-traffic-With-FQDN")
.protocols("TCP")
.sourceAddresses("*")
.translatedFqdn("internalhttpserver")
.translatedPort("880")
.build())
.build())
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
.name("netrulecoll")
.priority(112)
.rules(
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports")
.destinationAddresses("*")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic")
.protocols("TCP")
.sourceAddresses(
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
.build(),
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports to amazon")
.destinationFqdns("www.amazon.com")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic-with-FQDN")
.protocols("TCP")
.sourceAddresses("10.2.4.12-10.2.4.255")
.build())
.build())
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_VNet")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{
"port": 443,
"protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
}],
"source_addresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"target_fqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location="West US",
nat_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"name": "natrulecoll",
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["443"],
"name": "DNAT-HTTPS-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_address": "1.2.3.5",
"translated_port": "8443",
},
{
"description": "D-NAT all inbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["80"],
"name": "DNAT-HTTP-traffic-With-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_fqdn": "internalhttpserver",
"translated_port": "880",
},
],
}],
network_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"name": "netrulecoll",
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destination_addresses": ["*"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
"description": "Block traffic based on source IPs and ports to amazon",
"destination_fqdns": ["www.amazon.com"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic-with-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["10.2.4.12-10.2.4.255"],
},
],
}],
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With Additional Properties
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
AdditionalProperties =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
AdditionalProperties: pulumi.StringMap{
"key1": pulumi.String("value1"),
"key2": pulumi.String("value2"),
},
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(443),
ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.additionalProperties(Map.ofEntries(
Map.entry("key1", "value1"),
Map.entry("key2", "value2")
))
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
.name("apprulecoll")
.priority(110)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("Deny inbound rule")
.name("rule1")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(443)
.protocolType("Https")
.build())
.sourceAddresses(
"216.58.216.164",
"10.0.0.0/24")
.targetFqdns("www.test.com")
.build())
.build())
.azureFirewallName("azurefirewall")
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
.build())
.build())
.location("West US")
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("Dnat")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
.name("natrulecoll")
.priority(112)
.rules(
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all outbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("443")
.name("DNAT-HTTPS-traffic")
.protocols("TCP")
.sourceAddresses("*")
.translatedAddress("1.2.3.5")
.translatedPort("8443")
.build(),
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all inbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("80")
.name("DNAT-HTTP-traffic-With-FQDN")
.protocols("TCP")
.sourceAddresses("*")
.translatedFqdn("internalhttpserver")
.translatedPort("880")
.build())
.build())
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
.name("netrulecoll")
.priority(112)
.rules(
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports")
.destinationAddresses("*")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic")
.protocols("TCP")
.sourceAddresses(
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
.build(),
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports to amazon")
.destinationFqdns("www.amazon.com")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic-with-FQDN")
.protocols("TCP")
.sourceAddresses("10.2.4.12-10.2.4.255")
.build())
.build())
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_VNet")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
additional_properties={
"key1": "value1",
"key2": "value2",
},
application_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{
"port": 443,
"protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
}],
"source_addresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"target_fqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location="West US",
nat_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"name": "natrulecoll",
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["443"],
"name": "DNAT-HTTPS-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_address": "1.2.3.5",
"translated_port": "8443",
},
{
"description": "D-NAT all inbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["80"],
"name": "DNAT-HTTP-traffic-With-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_fqdn": "internalhttpserver",
"translated_port": "880",
},
],
}],
network_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"name": "netrulecoll",
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destination_addresses": ["*"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
"description": "Block traffic based on source IPs and ports to amazon",
"destination_fqdns": ["www.amazon.com"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic-with-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["10.2.4.12-10.2.4.255"],
},
],
}],
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
additionalProperties: {
key1: "value1",
key2: "value2",
},
applicationRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
additionalProperties:
key1: value1
key2: value2
applicationRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With IpGroups
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(443),
ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
.name("apprulecoll")
.priority(110)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("Deny inbound rule")
.name("rule1")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(443)
.protocolType("Https")
.build())
.sourceAddresses(
"216.58.216.164",
"10.0.0.0/24")
.targetFqdns("www.test.com")
.build())
.build())
.azureFirewallName("azurefirewall")
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
.build())
.build())
.location("West US")
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("Dnat")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
.name("natrulecoll")
.priority(112)
.rules(
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all outbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("443")
.name("DNAT-HTTPS-traffic")
.protocols("TCP")
.sourceAddresses("*")
.translatedAddress("1.2.3.5")
.translatedPort("8443")
.build(),
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all inbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("80")
.name("DNAT-HTTP-traffic-With-FQDN")
.protocols("TCP")
.sourceAddresses("*")
.translatedFqdn("internalhttpserver")
.translatedPort("880")
.build())
.build())
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
.name("netrulecoll")
.priority(112)
.rules(
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports")
.destinationAddresses("*")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic")
.protocols("TCP")
.sourceAddresses(
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
.build(),
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports to amazon")
.destinationFqdns("www.amazon.com")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic-with-FQDN")
.protocols("TCP")
.sourceAddresses("10.2.4.12-10.2.4.255")
.build())
.build())
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_VNet")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{
"port": 443,
"protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
}],
"source_addresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"target_fqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location="West US",
nat_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"name": "natrulecoll",
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["443"],
"name": "DNAT-HTTPS-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_address": "1.2.3.5",
"translated_port": "8443",
},
{
"description": "D-NAT all inbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["80"],
"name": "DNAT-HTTP-traffic-With-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_fqdn": "internalhttpserver",
"translated_port": "880",
},
],
}],
network_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"name": "netrulecoll",
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destination_addresses": ["*"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
"description": "Block traffic based on source IPs and ports to amazon",
"destination_fqdns": ["www.amazon.com"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic-with-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["10.2.4.12-10.2.4.255"],
},
],
}],
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
natRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
natRuleCollections:
- action:
type: Dnat
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall With Zones
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US 2",
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
Zones = new[]
{
"1",
"2",
"3",
},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(443),
ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US 2"),
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
Zones: pulumi.StringArray{
pulumi.String("1"),
pulumi.String("2"),
pulumi.String("3"),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
.name("apprulecoll")
.priority(110)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("Deny inbound rule")
.name("rule1")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(443)
.protocolType("Https")
.build())
.sourceAddresses(
"216.58.216.164",
"10.0.0.0/24")
.targetFqdns("www.test.com")
.build())
.build())
.azureFirewallName("azurefirewall")
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
.build())
.build())
.location("West US 2")
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("Dnat")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
.name("natrulecoll")
.priority(112)
.rules(
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all outbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("443")
.name("DNAT-HTTPS-traffic")
.protocols("TCP")
.sourceAddresses("*")
.translatedAddress("1.2.3.5")
.translatedPort("8443")
.build(),
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all inbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("80")
.name("DNAT-HTTP-traffic-With-FQDN")
.protocols("TCP")
.sourceAddresses("*")
.translatedFqdn("internalhttpserver")
.translatedPort("880")
.build())
.build())
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
.name("netrulecoll")
.priority(112)
.rules(
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports")
.destinationAddresses("*")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic")
.protocols("TCP")
.sourceAddresses(
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
.build(),
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports to amazon")
.destinationFqdns("www.amazon.com")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic-with-FQDN")
.protocols("TCP")
.sourceAddresses("10.2.4.12-10.2.4.255")
.build())
.build())
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_VNet")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones(
"1",
"2",
"3")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{
"port": 443,
"protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
}],
"source_addresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"target_fqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location="West US 2",
nat_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"name": "natrulecoll",
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["443"],
"name": "DNAT-HTTPS-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_address": "1.2.3.5",
"translated_port": "8443",
},
{
"description": "D-NAT all inbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["80"],
"name": "DNAT-HTTP-traffic-With-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_fqdn": "internalhttpserver",
"translated_port": "880",
},
],
}],
network_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"name": "netrulecoll",
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destination_addresses": ["*"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
"description": "Block traffic based on source IPs and ports to amazon",
"destination_fqdns": ["www.amazon.com"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic-with-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["10.2.4.12-10.2.4.255"],
},
],
}],
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
zones=[
"1",
"2",
"3",
])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US 2",
natRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
zones: [
"1",
"2",
"3",
],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US 2
natRuleCollections:
- action:
type: Dnat
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones:
- '1'
- '2'
- '3'
Create Azure Firewall With management subnet
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
Name = "apprulecoll",
Priority = 110,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "Deny inbound rule",
Name = "rule1",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 443,
ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
},
},
SourceAddresses = new[]
{
"216.58.216.164",
"10.0.0.0/24",
},
TargetFqdns = new[]
{
"www.test.com",
},
},
},
},
},
AzureFirewallName = "azurefirewall",
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
},
},
Location = "West US",
ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Name = "azureFirewallMgmtIpConfiguration",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
},
},
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
Name = "natrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all outbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"443",
},
Name = "DNAT-HTTPS-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedAddress = "1.2.3.5",
TranslatedPort = "8443",
},
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "D-NAT all inbound web traffic for inspection",
DestinationAddresses = new[]
{
"1.2.3.4",
},
DestinationPorts = new[]
{
"80",
},
Name = "DNAT-HTTP-traffic-With-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"*",
},
TranslatedFqdn = "internalhttpserver",
TranslatedPort = "880",
},
},
},
},
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
},
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
Name = "netrulecoll",
Priority = 112,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports",
DestinationAddresses = new[]
{
"*",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
},
},
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "Block traffic based on source IPs and ports to amazon",
DestinationFqdns = new[]
{
"www.amazon.com",
},
DestinationPorts = new[]
{
"443-444",
"8443",
},
Name = "L4-traffic-with-FQDN",
Protocols = new[]
{
AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
},
SourceAddresses = new[]
{
"10.2.4.12-10.2.4.255",
},
},
},
},
},
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
Name: pulumi.String("apprulecoll"),
Priority: pulumi.Int(110),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("Deny inbound rule"),
Name: pulumi.String("rule1"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(443),
ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("216.58.216.164"),
pulumi.String("10.0.0.0/24"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("www.test.com"),
},
},
},
},
},
AzureFirewallName: pulumi.String("azurefirewall"),
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
},
},
},
Location: pulumi.String("West US"),
ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
},
},
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
Name: pulumi.String("natrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443"),
},
Name: pulumi.String("DNAT-HTTPS-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedAddress: pulumi.String("1.2.3.5"),
TranslatedPort: pulumi.String("8443"),
},
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("80"),
},
Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("*"),
},
TranslatedFqdn: pulumi.String("internalhttpserver"),
TranslatedPort: pulumi.String("880"),
},
},
},
},
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
},
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
Name: pulumi.String("netrulecoll"),
Priority: pulumi.Int(112),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("*"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("192.168.1.1-192.168.1.12"),
pulumi.String("10.1.4.12-10.1.4.255"),
},
},
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
DestinationFqdns: pulumi.StringArray{
pulumi.String("www.amazon.com"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("443-444"),
pulumi.String("8443"),
},
Name: pulumi.String("L4-traffic-with-FQDN"),
Protocols: pulumi.StringArray{
pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("10.2.4.12-10.2.4.255"),
},
},
},
},
},
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
.name("apprulecoll")
.priority(110)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("Deny inbound rule")
.name("rule1")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(443)
.protocolType("Https")
.build())
.sourceAddresses(
"216.58.216.164",
"10.0.0.0/24")
.targetFqdns("www.test.com")
.build())
.build())
.azureFirewallName("azurefirewall")
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
.build())
.build())
.location("West US")
.managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
.name("azureFirewallMgmtIpConfiguration")
.publicIPAddress(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet")
.build())
.build())
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("Dnat")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
.name("natrulecoll")
.priority(112)
.rules(
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all outbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("443")
.name("DNAT-HTTPS-traffic")
.protocols("TCP")
.sourceAddresses("*")
.translatedAddress("1.2.3.5")
.translatedPort("8443")
.build(),
AzureFirewallNatRuleArgs.builder()
.description("D-NAT all inbound web traffic for inspection")
.destinationAddresses("1.2.3.4")
.destinationPorts("80")
.name("DNAT-HTTP-traffic-With-FQDN")
.protocols("TCP")
.sourceAddresses("*")
.translatedFqdn("internalhttpserver")
.translatedPort("880")
.build())
.build())
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("Deny")
.build())
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
.name("netrulecoll")
.priority(112)
.rules(
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports")
.destinationAddresses("*")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic")
.protocols("TCP")
.sourceAddresses(
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255")
.build(),
AzureFirewallNetworkRuleArgs.builder()
.description("Block traffic based on source IPs and ports to amazon")
.destinationFqdns("www.amazon.com")
.destinationPorts(
"443-444",
"8443")
.name("L4-traffic-with-FQDN")
.protocols("TCP")
.sourceAddresses("10.2.4.12-10.2.4.255")
.build())
.build())
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_VNet")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
application_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"name": "apprulecoll",
"priority": 110,
"rules": [{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{
"port": 443,
"protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
}],
"source_addresses": [
"216.58.216.164",
"10.0.0.0/24",
],
"target_fqdns": ["www.test.com"],
}],
}],
azure_firewall_name="azurefirewall",
ip_configurations=[{
"name": "azureFirewallIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location="West US",
management_ip_configuration={
"name": "azureFirewallMgmtIpConfiguration",
"public_ip_address": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
},
},
nat_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"name": "natrulecoll",
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["443"],
"name": "DNAT-HTTPS-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_address": "1.2.3.5",
"translated_port": "8443",
},
{
"description": "D-NAT all inbound web traffic for inspection",
"destination_addresses": ["1.2.3.4"],
"destination_ports": ["80"],
"name": "DNAT-HTTP-traffic-With-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["*"],
"translated_fqdn": "internalhttpserver",
"translated_port": "880",
},
],
}],
network_rule_collections=[{
"action": {
"type": azure_native.network.AzureFirewallRCActionType.DENY,
},
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"name": "netrulecoll",
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destination_addresses": ["*"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
"description": "Block traffic based on source IPs and ports to amazon",
"destination_fqdns": ["www.amazon.com"],
"destination_ports": [
"443-444",
"8443",
],
"name": "L4-traffic-with-FQDN",
"protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
"source_addresses": ["10.2.4.12-10.2.4.255"],
},
],
}],
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
applicationRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
name: "apprulecoll",
priority: 110,
rules: [{
description: "Deny inbound rule",
name: "rule1",
protocols: [{
port: 443,
protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
}],
sourceAddresses: [
"216.58.216.164",
"10.0.0.0/24",
],
targetFqdns: ["www.test.com"],
}],
}],
azureFirewallName: "azurefirewall",
ipConfigurations: [{
name: "azureFirewallIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
},
}],
location: "West US",
managementIpConfiguration: {
name: "azureFirewallMgmtIpConfiguration",
publicIPAddress: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
},
subnet: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
},
},
natRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
name: "natrulecoll",
priority: 112,
rules: [
{
description: "D-NAT all outbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["443"],
name: "DNAT-HTTPS-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedAddress: "1.2.3.5",
translatedPort: "8443",
},
{
description: "D-NAT all inbound web traffic for inspection",
destinationAddresses: ["1.2.3.4"],
destinationPorts: ["80"],
name: "DNAT-HTTP-traffic-With-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["*"],
translatedFqdn: "internalhttpserver",
translatedPort: "880",
},
],
}],
networkRuleCollections: [{
action: {
type: azure_native.network.AzureFirewallRCActionType.Deny,
},
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
name: "netrulecoll",
priority: 112,
rules: [
{
description: "Block traffic based on source IPs and ports",
destinationAddresses: ["*"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255",
],
},
{
description: "Block traffic based on source IPs and ports to amazon",
destinationFqdns: ["www.amazon.com"],
destinationPorts: [
"443-444",
"8443",
],
name: "L4-traffic-with-FQDN",
protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
sourceAddresses: ["10.2.4.12-10.2.4.255"],
},
],
}],
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
applicationRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
name: apprulecoll
priority: 110
rules:
- description: Deny inbound rule
name: rule1
protocols:
- port: 443
protocolType: Https
sourceAddresses:
- 216.58.216.164
- 10.0.0.0/24
targetFqdns:
- www.test.com
azureFirewallName: azurefirewall
ipConfigurations:
- name: azureFirewallIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
location: West US
managementIpConfiguration:
name: azureFirewallMgmtIpConfiguration
publicIPAddress:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
subnet:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
natRuleCollections:
- action:
type: Dnat
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
name: natrulecoll
priority: 112
rules:
- description: D-NAT all outbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '443'
name: DNAT-HTTPS-traffic
protocols:
- TCP
sourceAddresses:
- '*'
translatedAddress: 1.2.3.5
translatedPort: '8443'
- description: D-NAT all inbound web traffic for inspection
destinationAddresses:
- 1.2.3.4
destinationPorts:
- '80'
name: DNAT-HTTP-traffic-With-FQDN
protocols:
- TCP
sourceAddresses:
- '*'
translatedFqdn: internalhttpserver
translatedPort: '880'
networkRuleCollections:
- action:
type: Deny
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
name: netrulecoll
priority: 112
rules:
- description: Block traffic based on source IPs and ports
destinationAddresses:
- '*'
destinationPorts:
- 443-444
- '8443'
name: L4-traffic
protocols:
- TCP
sourceAddresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
- description: Block traffic based on source IPs and ports to amazon
destinationFqdns:
- www.amazon.com
destinationPorts:
- 443-444
- '8443'
name: L4-traffic-with-FQDN
protocols:
- TCP
sourceAddresses:
- 10.2.4.12-10.2.4.255
resourceGroupName: rg1
sku:
name: AZFW_VNet
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
zones: []
Create Azure Firewall in virtual Hub
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
{
AzureFirewallName = "azurefirewall",
FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
},
HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
{
PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
{
Addresses = new() { },
Count = 1,
},
},
Location = "West US",
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = AzureNative.Network.AzureFirewallSkuName.AZFW_Hub,
Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
},
Zones = new[] {},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
AzureFirewallName: pulumi.String("azurefirewall"),
FirewallPolicy: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"),
},
HubIPAddresses: &network.HubIPAddressesArgs{
PublicIPs: &network.HubPublicIPAddressesArgs{
Addresses: network.AzureFirewallPublicIPAddressArray{},
Count: pulumi.Int(1),
},
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String(network.AzureFirewallSkuName_AZFW_Hub),
Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
VirtualHub: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"),
},
Zones: pulumi.StringArray{},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.HubIPAddressesArgs;
import com.pulumi.azurenative.network.inputs.HubPublicIPAddressesArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
.azureFirewallName("azurefirewall")
.firewallPolicy(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1")
.build())
.hubIPAddresses(HubIPAddressesArgs.builder()
.publicIPs(HubPublicIPAddressesArgs.builder()
.addresses()
.count(1)
.build())
.build())
.location("West US")
.resourceGroupName("rg1")
.sku(AzureFirewallSkuArgs.builder()
.name("AZFW_Hub")
.tier("Standard")
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.virtualHub(SubResourceArgs.builder()
.id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1")
.build())
.zones()
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
azure_firewall_name="azurefirewall",
firewall_policy={
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
},
hub_ip_addresses={
"public_ips": {
"addresses": [],
"count": 1,
},
},
location="West US",
resource_group_name="rg1",
sku={
"name": azure_native.network.AzureFirewallSkuName.AZF_W_HUB,
"tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
virtual_hub={
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
},
zones=[])
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
azureFirewallName: "azurefirewall",
firewallPolicy: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
},
hubIPAddresses: {
publicIPs: {
addresses: [],
count: 1,
},
},
location: "West US",
resourceGroupName: "rg1",
sku: {
name: azure_native.network.AzureFirewallSkuName.AZFW_Hub,
tier: azure_native.network.AzureFirewallSkuTier.Standard,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
virtualHub: {
id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
},
zones: [],
});
resources:
azureFirewall:
type: azure-native:network:AzureFirewall
properties:
azureFirewallName: azurefirewall
firewallPolicy:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
hubIPAddresses:
publicIPs:
addresses: []
count: 1
location: West US
resourceGroupName: rg1
sku:
name: AZFW_Hub
tier: Standard
tags:
key1: value1
threatIntelMode: Alert
virtualHub:
id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
zones: []
Create AzureFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);
@overload
def AzureFirewall(resource_name: str,
args: AzureFirewallArgs,
opts: Optional[ResourceOptions] = None)
@overload
def AzureFirewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
location: Optional[str] = None,
firewall_policy: Optional[SubResourceArgs] = None,
hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
azure_firewall_name: Optional[str] = None,
additional_properties: Optional[Mapping[str, str]] = None,
id: Optional[str] = None,
network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
sku: Optional[AzureFirewallSkuArgs] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
virtual_hub: Optional[SubResourceArgs] = None,
zones: Optional[Sequence[str]] = None)
func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)
public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
public AzureFirewall(String name, AzureFirewallArgs args)
public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
type: azure-native:network:AzureFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azureFirewallResource = new AzureNative.Network.AzureFirewall("azureFirewallResource", new()
{
ResourceGroupName = "string",
ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Id = "string",
Name = "string",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
},
Location = "string",
FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
{
PrivateIPAddress = "string",
PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
{
Addresses = new[]
{
new AzureNative.Network.Inputs.AzureFirewallPublicIPAddressArgs
{
Address = "string",
},
},
Count = 0,
},
},
NatRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
{
Type = "string",
},
Id = "string",
Name = "string",
Priority = 0,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
{
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationPorts = new[]
{
"string",
},
Name = "string",
Protocols = new[]
{
"string",
},
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
TranslatedAddress = "string",
TranslatedFqdn = "string",
TranslatedPort = "string",
},
},
},
},
IpConfigurations = new[]
{
new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
{
Id = "string",
Name = "string",
PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Subnet = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
},
},
AzureFirewallName = "string",
AdditionalProperties =
{
{ "string", "string" },
},
Id = "string",
NetworkRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "string",
},
Id = "string",
Name = "string",
Priority = 0,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
{
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationFqdns = new[]
{
"string",
},
DestinationIpGroups = new[]
{
"string",
},
DestinationPorts = new[]
{
"string",
},
Name = "string",
Protocols = new[]
{
"string",
},
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
},
},
},
},
ApplicationRuleCollections = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
{
Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
{
Type = "string",
},
Id = "string",
Name = "string",
Priority = 0,
Rules = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
{
Description = "string",
FqdnTags = new[]
{
"string",
},
Name = "string",
Protocols = new[]
{
new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
{
Port = 0,
ProtocolType = "string",
},
},
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
TargetFqdns = new[]
{
"string",
},
},
},
},
},
Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
{
Name = "string",
Tier = "string",
},
Tags =
{
{ "string", "string" },
},
ThreatIntelMode = "string",
VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Zones = new[]
{
"string",
},
});
example, err := network.NewAzureFirewall(ctx, "azureFirewallResource", &network.AzureFirewallArgs{
ResourceGroupName: pulumi.String("string"),
ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
Id: pulumi.String("string"),
Name: pulumi.String("string"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
},
Location: pulumi.String("string"),
FirewallPolicy: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
HubIPAddresses: &network.HubIPAddressesArgs{
PrivateIPAddress: pulumi.String("string"),
PublicIPs: &network.HubPublicIPAddressesArgs{
Addresses: network.AzureFirewallPublicIPAddressArray{
&network.AzureFirewallPublicIPAddressArgs{
Address: pulumi.String("string"),
},
},
Count: pulumi.Int(0),
},
},
NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
&network.AzureFirewallNatRuleCollectionArgs{
Action: &network.AzureFirewallNatRCActionArgs{
Type: pulumi.String("string"),
},
Id: pulumi.String("string"),
Name: pulumi.String("string"),
Priority: pulumi.Int(0),
Rules: network.AzureFirewallNatRuleArray{
&network.AzureFirewallNatRuleArgs{
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
TranslatedAddress: pulumi.String("string"),
TranslatedFqdn: pulumi.String("string"),
TranslatedPort: pulumi.String("string"),
},
},
},
},
IpConfigurations: network.AzureFirewallIPConfigurationArray{
&network.AzureFirewallIPConfigurationArgs{
Id: pulumi.String("string"),
Name: pulumi.String("string"),
PublicIPAddress: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Subnet: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
},
},
AzureFirewallName: pulumi.String("string"),
AdditionalProperties: pulumi.StringMap{
"string": pulumi.String("string"),
},
Id: pulumi.String("string"),
NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
&network.AzureFirewallNetworkRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String("string"),
},
Id: pulumi.String("string"),
Name: pulumi.String("string"),
Priority: pulumi.Int(0),
Rules: network.AzureFirewallNetworkRuleArray{
&network.AzureFirewallNetworkRuleArgs{
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationFqdns: pulumi.StringArray{
pulumi.String("string"),
},
DestinationIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Protocols: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
&network.AzureFirewallApplicationRuleCollectionArgs{
Action: &network.AzureFirewallRCActionArgs{
Type: pulumi.String("string"),
},
Id: pulumi.String("string"),
Name: pulumi.String("string"),
Priority: pulumi.Int(0),
Rules: network.AzureFirewallApplicationRuleArray{
&network.AzureFirewallApplicationRuleArgs{
Description: pulumi.String("string"),
FqdnTags: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Protocols: network.AzureFirewallApplicationRuleProtocolArray{
&network.AzureFirewallApplicationRuleProtocolArgs{
Port: pulumi.Int(0),
ProtocolType: pulumi.String("string"),
},
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
TargetFqdns: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
},
Sku: &network.AzureFirewallSkuArgs{
Name: pulumi.String("string"),
Tier: pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ThreatIntelMode: pulumi.String("string"),
VirtualHub: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Zones: pulumi.StringArray{
pulumi.String("string"),
},
})
var azureFirewallResource = new AzureFirewall("azureFirewallResource", AzureFirewallArgs.builder()
.resourceGroupName("string")
.managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
.id("string")
.name("string")
.publicIPAddress(SubResourceArgs.builder()
.id("string")
.build())
.subnet(SubResourceArgs.builder()
.id("string")
.build())
.build())
.location("string")
.firewallPolicy(SubResourceArgs.builder()
.id("string")
.build())
.hubIPAddresses(HubIPAddressesArgs.builder()
.privateIPAddress("string")
.publicIPs(HubPublicIPAddressesArgs.builder()
.addresses(AzureFirewallPublicIPAddressArgs.builder()
.address("string")
.build())
.count(0)
.build())
.build())
.natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
.action(AzureFirewallNatRCActionArgs.builder()
.type("string")
.build())
.id("string")
.name("string")
.priority(0)
.rules(AzureFirewallNatRuleArgs.builder()
.description("string")
.destinationAddresses("string")
.destinationPorts("string")
.name("string")
.protocols("string")
.sourceAddresses("string")
.sourceIpGroups("string")
.translatedAddress("string")
.translatedFqdn("string")
.translatedPort("string")
.build())
.build())
.ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
.id("string")
.name("string")
.publicIPAddress(SubResourceArgs.builder()
.id("string")
.build())
.subnet(SubResourceArgs.builder()
.id("string")
.build())
.build())
.azureFirewallName("string")
.additionalProperties(Map.of("string", "string"))
.id("string")
.networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("string")
.build())
.id("string")
.name("string")
.priority(0)
.rules(AzureFirewallNetworkRuleArgs.builder()
.description("string")
.destinationAddresses("string")
.destinationFqdns("string")
.destinationIpGroups("string")
.destinationPorts("string")
.name("string")
.protocols("string")
.sourceAddresses("string")
.sourceIpGroups("string")
.build())
.build())
.applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
.action(AzureFirewallRCActionArgs.builder()
.type("string")
.build())
.id("string")
.name("string")
.priority(0)
.rules(AzureFirewallApplicationRuleArgs.builder()
.description("string")
.fqdnTags("string")
.name("string")
.protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
.port(0)
.protocolType("string")
.build())
.sourceAddresses("string")
.sourceIpGroups("string")
.targetFqdns("string")
.build())
.build())
.sku(AzureFirewallSkuArgs.builder()
.name("string")
.tier("string")
.build())
.tags(Map.of("string", "string"))
.threatIntelMode("string")
.virtualHub(SubResourceArgs.builder()
.id("string")
.build())
.zones("string")
.build());
azure_firewall_resource = azure_native.network.AzureFirewall("azureFirewallResource",
resource_group_name="string",
management_ip_configuration={
"id": "string",
"name": "string",
"public_ip_address": {
"id": "string",
},
"subnet": {
"id": "string",
},
},
location="string",
firewall_policy={
"id": "string",
},
hub_ip_addresses={
"private_ip_address": "string",
"public_ips": {
"addresses": [{
"address": "string",
}],
"count": 0,
},
},
nat_rule_collections=[{
"action": {
"type": "string",
},
"id": "string",
"name": "string",
"priority": 0,
"rules": [{
"description": "string",
"destination_addresses": ["string"],
"destination_ports": ["string"],
"name": "string",
"protocols": ["string"],
"source_addresses": ["string"],
"source_ip_groups": ["string"],
"translated_address": "string",
"translated_fqdn": "string",
"translated_port": "string",
}],
}],
ip_configurations=[{
"id": "string",
"name": "string",
"public_ip_address": {
"id": "string",
},
"subnet": {
"id": "string",
},
}],
azure_firewall_name="string",
additional_properties={
"string": "string",
},
id="string",
network_rule_collections=[{
"action": {
"type": "string",
},
"id": "string",
"name": "string",
"priority": 0,
"rules": [{
"description": "string",
"destination_addresses": ["string"],
"destination_fqdns": ["string"],
"destination_ip_groups": ["string"],
"destination_ports": ["string"],
"name": "string",
"protocols": ["string"],
"source_addresses": ["string"],
"source_ip_groups": ["string"],
}],
}],
application_rule_collections=[{
"action": {
"type": "string",
},
"id": "string",
"name": "string",
"priority": 0,
"rules": [{
"description": "string",
"fqdn_tags": ["string"],
"name": "string",
"protocols": [{
"port": 0,
"protocol_type": "string",
}],
"source_addresses": ["string"],
"source_ip_groups": ["string"],
"target_fqdns": ["string"],
}],
}],
sku={
"name": "string",
"tier": "string",
},
tags={
"string": "string",
},
threat_intel_mode="string",
virtual_hub={
"id": "string",
},
zones=["string"])
const azureFirewallResource = new azure_native.network.AzureFirewall("azureFirewallResource", {
resourceGroupName: "string",
managementIpConfiguration: {
id: "string",
name: "string",
publicIPAddress: {
id: "string",
},
subnet: {
id: "string",
},
},
location: "string",
firewallPolicy: {
id: "string",
},
hubIPAddresses: {
privateIPAddress: "string",
publicIPs: {
addresses: [{
address: "string",
}],
count: 0,
},
},
natRuleCollections: [{
action: {
type: "string",
},
id: "string",
name: "string",
priority: 0,
rules: [{
description: "string",
destinationAddresses: ["string"],
destinationPorts: ["string"],
name: "string",
protocols: ["string"],
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
translatedAddress: "string",
translatedFqdn: "string",
translatedPort: "string",
}],
}],
ipConfigurations: [{
id: "string",
name: "string",
publicIPAddress: {
id: "string",
},
subnet: {
id: "string",
},
}],
azureFirewallName: "string",
additionalProperties: {
string: "string",
},
id: "string",
networkRuleCollections: [{
action: {
type: "string",
},
id: "string",
name: "string",
priority: 0,
rules: [{
description: "string",
destinationAddresses: ["string"],
destinationFqdns: ["string"],
destinationIpGroups: ["string"],
destinationPorts: ["string"],
name: "string",
protocols: ["string"],
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
}],
}],
applicationRuleCollections: [{
action: {
type: "string",
},
id: "string",
name: "string",
priority: 0,
rules: [{
description: "string",
fqdnTags: ["string"],
name: "string",
protocols: [{
port: 0,
protocolType: "string",
}],
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
targetFqdns: ["string"],
}],
}],
sku: {
name: "string",
tier: "string",
},
tags: {
string: "string",
},
threatIntelMode: "string",
virtualHub: {
id: "string",
},
zones: ["string"],
});
type: azure-native:network:AzureFirewall
properties:
additionalProperties:
string: string
applicationRuleCollections:
- action:
type: string
id: string
name: string
priority: 0
rules:
- description: string
fqdnTags:
- string
name: string
protocols:
- port: 0
protocolType: string
sourceAddresses:
- string
sourceIpGroups:
- string
targetFqdns:
- string
azureFirewallName: string
firewallPolicy:
id: string
hubIPAddresses:
privateIPAddress: string
publicIPs:
addresses:
- address: string
count: 0
id: string
ipConfigurations:
- id: string
name: string
publicIPAddress:
id: string
subnet:
id: string
location: string
managementIpConfiguration:
id: string
name: string
publicIPAddress:
id: string
subnet:
id: string
natRuleCollections:
- action:
type: string
id: string
name: string
priority: 0
rules:
- description: string
destinationAddresses:
- string
destinationPorts:
- string
name: string
protocols:
- string
sourceAddresses:
- string
sourceIpGroups:
- string
translatedAddress: string
translatedFqdn: string
translatedPort: string
networkRuleCollections:
- action:
type: string
id: string
name: string
priority: 0
rules:
- description: string
destinationAddresses:
- string
destinationFqdns:
- string
destinationIpGroups:
- string
destinationPorts:
- string
name: string
protocols:
- string
sourceAddresses:
- string
sourceIpGroups:
- string
resourceGroupName: string
sku:
name: string
tier: string
tags:
string: string
threatIntelMode: string
virtualHub:
id: string
zones:
- string
AzureFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AzureFirewall resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group.
- Additional
Properties Dictionary<string, string> - The additional properties used to further config this azure firewall.
- Application
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Application Rule Collection> - Collection of application rule collections used by Azure Firewall.
- Azure
Firewall stringName - The name of the Azure Firewall.
- Firewall
Policy Pulumi.Azure Native. Network. Inputs. Sub Resource - The firewallPolicy associated with this azure firewall.
- Hub
IPAddresses Pulumi.Azure Native. Network. Inputs. Hub IPAddresses - IP addresses associated with AzureFirewall.
- Id string
- Resource ID.
- Ip
Configurations List<Pulumi.Azure Native. Network. Inputs. Azure Firewall IPConfiguration> - IP configuration of the Azure Firewall resource.
- Location string
- Resource location.
- Management
Ip Pulumi.Configuration Azure Native. Network. Inputs. Azure Firewall IPConfiguration - IP configuration of the Azure Firewall used for management traffic.
- Nat
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Nat Rule Collection> - Collection of NAT rule collections used by Azure Firewall.
- Network
Rule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Network Rule Collection> - Collection of network rule collections used by Azure Firewall.
- Sku
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Sku - The Azure Firewall Resource SKU.
- Dictionary<string, string>
- Resource tags.
- Threat
Intel string | Pulumi.Mode Azure Native. Network. Azure Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Virtual
Hub Pulumi.Azure Native. Network. Inputs. Sub Resource - The virtualHub to which the firewall belongs.
- Zones List<string>
- A list of availability zones denoting where the resource needs to come from.
- Resource
Group stringName - The name of the resource group.
- Additional
Properties map[string]string - The additional properties used to further config this azure firewall.
- Application
Rule []AzureCollections Firewall Application Rule Collection Args - Collection of application rule collections used by Azure Firewall.
- Azure
Firewall stringName - The name of the Azure Firewall.
- Firewall
Policy SubResource Args - The firewallPolicy associated with this azure firewall.
- Hub
IPAddresses HubIPAddresses Args - IP addresses associated with AzureFirewall.
- Id string
- Resource ID.
- Ip
Configurations []AzureFirewall IPConfiguration Args - IP configuration of the Azure Firewall resource.
- Location string
- Resource location.
- Management
Ip AzureConfiguration Firewall IPConfiguration Args - IP configuration of the Azure Firewall used for management traffic.
- Nat
Rule []AzureCollections Firewall Nat Rule Collection Args - Collection of NAT rule collections used by Azure Firewall.
- Network
Rule []AzureCollections Firewall Network Rule Collection Args - Collection of network rule collections used by Azure Firewall.
- Sku
Azure
Firewall Sku Args - The Azure Firewall Resource SKU.
- map[string]string
- Resource tags.
- Threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Virtual
Hub SubResource Args - The virtualHub to which the firewall belongs.
- Zones []string
- A list of availability zones denoting where the resource needs to come from.
- resource
Group StringName - The name of the resource group.
- additional
Properties Map<String,String> - The additional properties used to further config this azure firewall.
- application
Rule List<AzureCollections Firewall Application Rule Collection> - Collection of application rule collections used by Azure Firewall.
- azure
Firewall StringName - The name of the Azure Firewall.
- firewall
Policy SubResource - The firewallPolicy associated with this azure firewall.
- hub
IPAddresses HubIPAddresses - IP addresses associated with AzureFirewall.
- id String
- Resource ID.
- ip
Configurations List<AzureFirewall IPConfiguration> - IP configuration of the Azure Firewall resource.
- location String
- Resource location.
- management
Ip AzureConfiguration Firewall IPConfiguration - IP configuration of the Azure Firewall used for management traffic.
- nat
Rule List<AzureCollections Firewall Nat Rule Collection> - Collection of NAT rule collections used by Azure Firewall.
- network
Rule List<AzureCollections Firewall Network Rule Collection> - Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku - The Azure Firewall Resource SKU.
- Map<String,String>
- Resource tags.
- threat
Intel String | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- virtual
Hub SubResource - The virtualHub to which the firewall belongs.
- zones List<String>
- A list of availability zones denoting where the resource needs to come from.
- resource
Group stringName - The name of the resource group.
- additional
Properties {[key: string]: string} - The additional properties used to further config this azure firewall.
- application
Rule AzureCollections Firewall Application Rule Collection[] - Collection of application rule collections used by Azure Firewall.
- azure
Firewall stringName - The name of the Azure Firewall.
- firewall
Policy SubResource - The firewallPolicy associated with this azure firewall.
- hub
IPAddresses HubIPAddresses - IP addresses associated with AzureFirewall.
- id string
- Resource ID.
- ip
Configurations AzureFirewall IPConfiguration[] - IP configuration of the Azure Firewall resource.
- location string
- Resource location.
- management
Ip AzureConfiguration Firewall IPConfiguration - IP configuration of the Azure Firewall used for management traffic.
- nat
Rule AzureCollections Firewall Nat Rule Collection[] - Collection of NAT rule collections used by Azure Firewall.
- network
Rule AzureCollections Firewall Network Rule Collection[] - Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku - The Azure Firewall Resource SKU.
- {[key: string]: string}
- Resource tags.
- threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- virtual
Hub SubResource - The virtualHub to which the firewall belongs.
- zones string[]
- A list of availability zones denoting where the resource needs to come from.
- resource_
group_ strname - The name of the resource group.
- additional_
properties Mapping[str, str] - The additional properties used to further config this azure firewall.
- application_
rule_ Sequence[Azurecollections Firewall Application Rule Collection Args] - Collection of application rule collections used by Azure Firewall.
- azure_
firewall_ strname - The name of the Azure Firewall.
- firewall_
policy SubResource Args - The firewallPolicy associated with this azure firewall.
- hub_
ip_ Hubaddresses IPAddresses Args - IP addresses associated with AzureFirewall.
- id str
- Resource ID.
- ip_
configurations Sequence[AzureFirewall IPConfiguration Args] - IP configuration of the Azure Firewall resource.
- location str
- Resource location.
- management_
ip_ Azureconfiguration Firewall IPConfiguration Args - IP configuration of the Azure Firewall used for management traffic.
- nat_
rule_ Sequence[Azurecollections Firewall Nat Rule Collection Args] - Collection of NAT rule collections used by Azure Firewall.
- network_
rule_ Sequence[Azurecollections Firewall Network Rule Collection Args] - Collection of network rule collections used by Azure Firewall.
- sku
Azure
Firewall Sku Args - The Azure Firewall Resource SKU.
- Mapping[str, str]
- Resource tags.
- threat_
intel_ str | Azuremode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- virtual_
hub SubResource Args - The virtualHub to which the firewall belongs.
- zones Sequence[str]
- A list of availability zones denoting where the resource needs to come from.
- resource
Group StringName - The name of the resource group.
- additional
Properties Map<String> - The additional properties used to further config this azure firewall.
- application
Rule List<Property Map>Collections - Collection of application rule collections used by Azure Firewall.
- azure
Firewall StringName - The name of the Azure Firewall.
- firewall
Policy Property Map - The firewallPolicy associated with this azure firewall.
- hub
IPAddresses Property Map - IP addresses associated with AzureFirewall.
- id String
- Resource ID.
- ip
Configurations List<Property Map> - IP configuration of the Azure Firewall resource.
- location String
- Resource location.
- management
Ip Property MapConfiguration - IP configuration of the Azure Firewall used for management traffic.
- nat
Rule List<Property Map>Collections - Collection of NAT rule collections used by Azure Firewall.
- network
Rule List<Property Map>Collections - Collection of network rule collections used by Azure Firewall.
- sku Property Map
- The Azure Firewall Resource SKU.
- Map<String>
- Resource tags.
- threat
Intel String | "Alert" | "Deny" | "Off"Mode - The operation mode for Threat Intelligence.
- virtual
Hub Property Map - The virtualHub to which the firewall belongs.
- zones List<String>
- A list of availability zones denoting where the resource needs to come from.
Outputs
All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ip
Groups List<Pulumi.Azure Native. Network. Outputs. Azure Firewall Ip Groups Response> - IpGroups associated with AzureFirewall.
- Name string
- Resource name.
- Provisioning
State string - The provisioning state of the Azure firewall resource.
- Type string
- Resource type.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Id string
- The provider-assigned unique ID for this managed resource.
- Ip
Groups []AzureFirewall Ip Groups Response - IpGroups associated with AzureFirewall.
- Name string
- Resource name.
- Provisioning
State string - The provisioning state of the Azure firewall resource.
- Type string
- Resource type.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- id String
- The provider-assigned unique ID for this managed resource.
- ip
Groups List<AzureFirewall Ip Groups Response> - IpGroups associated with AzureFirewall.
- name String
- Resource name.
- provisioning
State String - The provisioning state of the Azure firewall resource.
- type String
- Resource type.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- id string
- The provider-assigned unique ID for this managed resource.
- ip
Groups AzureFirewall Ip Groups Response[] - IpGroups associated with AzureFirewall.
- name string
- Resource name.
- provisioning
State string - The provisioning state of the Azure firewall resource.
- type string
- Resource type.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- id str
- The provider-assigned unique ID for this managed resource.
- ip_
groups Sequence[AzureFirewall Ip Groups Response] - IpGroups associated with AzureFirewall.
- name str
- Resource name.
- provisioning_
state str - The provisioning state of the Azure firewall resource.
- type str
- Resource type.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- id String
- The provider-assigned unique ID for this managed resource.
- ip
Groups List<Property Map> - IpGroups associated with AzureFirewall.
- name String
- Resource name.
- provisioning
State String - The provisioning state of the Azure firewall resource.
- type String
- Resource type.
Supporting Types
AzureFirewallApplicationRule, AzureFirewallApplicationRuleArgs
- Description string
- Description of the rule.
- List<string>
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol> - Array of ApplicationRuleProtocols.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Target
Fqdns List<string> - List of FQDNs for this rule.
- Description string
- Description of the rule.
- []string
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
[]Azure
Firewall Application Rule Protocol - Array of ApplicationRuleProtocols.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- Target
Fqdns []string - List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols
List<Azure
Firewall Application Rule Protocol> - Array of ApplicationRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- target
Fqdns List<String> - List of FQDNs for this rule.
- description string
- Description of the rule.
- string[]
- List of FQDN Tags for this rule.
- name string
- Name of the application rule.
- protocols
Azure
Firewall Application Rule Protocol[] - Array of ApplicationRuleProtocols.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- target
Fqdns string[] - List of FQDNs for this rule.
- description str
- Description of the rule.
- Sequence[str]
- List of FQDN Tags for this rule.
- name str
- Name of the application rule.
- protocols
Sequence[Azure
Firewall Application Rule Protocol] - Array of ApplicationRuleProtocols.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- target_
fqdns Sequence[str] - List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols List<Property Map>
- Array of ApplicationRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- target
Fqdns List<String> - List of FQDNs for this rule.
AzureFirewallApplicationRuleCollection, AzureFirewallApplicationRuleCollectionArgs
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule> - Collection of rules used by a application rule collection.
- Action
Azure
Firewall RCAction - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
[]Azure
Firewall Application Rule - Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the application rule collection resource.
- rules
List<Azure
Firewall Application Rule> - Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the application rule collection resource.
- rules
Azure
Firewall Application Rule[] - Collection of rules used by a application rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the application rule collection resource.
- rules
Sequence[Azure
Firewall Application Rule] - Collection of rules used by a application rule collection.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the application rule collection resource.
- rules List<Property Map>
- Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleCollectionResponse, AzureFirewallApplicationRuleCollectionResponseArgs
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the application rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction Response - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Response> - Collection of rules used by a application rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the application rule collection resource.
- Action
Azure
Firewall RCAction Response - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
[]Azure
Firewall Application Rule Response - Collection of rules used by a application rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the application rule collection resource.
- rules
List<Azure
Firewall Application Rule Response> - Collection of rules used by a application rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State string - The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the application rule collection resource.
- rules
Azure
Firewall Application Rule Response[] - Collection of rules used by a application rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str - The provisioning state of the application rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the application rule collection resource.
- rules
Sequence[Azure
Firewall Application Rule Response] - Collection of rules used by a application rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the application rule collection resource.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the application rule collection resource.
- rules List<Property Map>
- Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleProtocol, AzureFirewallApplicationRuleProtocolArgs
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string | Pulumi.Azure Native. Network. Azure Firewall Application Rule Protocol Type - Protocol type.
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string | AzureFirewall Application Rule Protocol Type - Protocol type.
- port Integer
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String | AzureFirewall Application Rule Protocol Type - Protocol type.
- port number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type string | AzureFirewall Application Rule Protocol Type - Protocol type.
- port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_
type str | AzureFirewall Application Rule Protocol Type - Protocol type.
- port Number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String | "Http" | "Https" | "Mssql" - Protocol type.
AzureFirewallApplicationRuleProtocolResponse, AzureFirewallApplicationRuleProtocolResponseArgs
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string - Protocol type.
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- Protocol
Type string - Protocol type.
- port Integer
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String - Protocol type.
- port number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type string - Protocol type.
- port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_
type str - Protocol type.
- port Number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol
Type String - Protocol type.
AzureFirewallApplicationRuleProtocolType, AzureFirewallApplicationRuleProtocolTypeArgs
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- Azure
Firewall Application Rule Protocol Type Http - Http
- Azure
Firewall Application Rule Protocol Type Https - Https
- Azure
Firewall Application Rule Protocol Type Mssql - Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- HTTP
- Http
- HTTPS
- Https
- MSSQL
- Mssql
- "Http"
- Http
- "Https"
- Https
- "Mssql"
- Mssql
AzureFirewallApplicationRuleResponse, AzureFirewallApplicationRuleResponseArgs
- Description string
- Description of the rule.
- List<string>
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol Response> - Array of ApplicationRuleProtocols.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Target
Fqdns List<string> - List of FQDNs for this rule.
- Description string
- Description of the rule.
- []string
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
[]Azure
Firewall Application Rule Protocol Response - Array of ApplicationRuleProtocols.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- Target
Fqdns []string - List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols
List<Azure
Firewall Application Rule Protocol Response> - Array of ApplicationRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- target
Fqdns List<String> - List of FQDNs for this rule.
- description string
- Description of the rule.
- string[]
- List of FQDN Tags for this rule.
- name string
- Name of the application rule.
- protocols
Azure
Firewall Application Rule Protocol Response[] - Array of ApplicationRuleProtocols.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- target
Fqdns string[] - List of FQDNs for this rule.
- description str
- Description of the rule.
- Sequence[str]
- List of FQDN Tags for this rule.
- name str
- Name of the application rule.
- protocols
Sequence[Azure
Firewall Application Rule Protocol Response] - Array of ApplicationRuleProtocols.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- target_
fqdns Sequence[str] - List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols List<Property Map>
- Array of ApplicationRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- target
Fqdns List<String> - List of FQDNs for this rule.
AzureFirewallIPConfiguration, AzureFirewallIPConfigurationArgs
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.
Azure Native. Network. Inputs. Sub Resource - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress SubResource - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Sub
Resource - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id string
- Resource ID.
- name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id str
- Resource ID.
- name str
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_
ip_ Subaddress Resource - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress Property Map - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIPConfigurationResponse, AzureFirewallIPConfigurationResponseArgs
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Private
IPAddress string - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- Provisioning
State string - The provisioning state of the Azure firewall IP configuration resource.
- Type string
- Type of the resource.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource Response - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.
Azure Native. Network. Inputs. Sub Resource Response - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Private
IPAddress string - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- Provisioning
State string - The provisioning state of the Azure firewall IP configuration resource.
- Type string
- Type of the resource.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- Public
IPAddress SubResource Response - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Sub
Resource Response - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- private
IPAddress String - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State String - The provisioning state of the Azure firewall IP configuration resource.
- type String
- Type of the resource.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Response - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- private
IPAddress string - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State string - The provisioning state of the Azure firewall IP configuration resource.
- type string
- Type of the resource.
- id string
- Resource ID.
- name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress SubResource Response - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- private_
ip_ straddress - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning_
state str - The provisioning state of the Azure firewall IP configuration resource.
- type str
- Type of the resource.
- id str
- Resource ID.
- name str
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_
ip_ Subaddress Resource Response - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
Sub
Resource Response - Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- private
IPAddress String - The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning
State String - The provisioning state of the Azure firewall IP configuration resource.
- type String
- Type of the resource.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public
IPAddress Property Map - Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIpGroupsResponse, AzureFirewallIpGroupsResponseArgs
- Change
Number string - The iteration number.
- Id string
- Resource ID.
- Change
Number string - The iteration number.
- Id string
- Resource ID.
- change
Number String - The iteration number.
- id String
- Resource ID.
- change
Number string - The iteration number.
- id string
- Resource ID.
- change_
number str - The iteration number.
- id str
- Resource ID.
- change
Number String - The iteration number.
- id String
- Resource ID.
AzureFirewallNatRCAction, AzureFirewallNatRCActionArgs
- Type
string | Pulumi.
Azure Native. Network. Azure Firewall Nat RCAction Type - The type of action.
- Type
string | Azure
Firewall Nat RCAction Type - The type of action.
- type
String | Azure
Firewall Nat RCAction Type - The type of action.
- type
string | Azure
Firewall Nat RCAction Type - The type of action.
- type
str | Azure
Firewall Nat RCAction Type - The type of action.
- type String | "Snat" | "Dnat"
- The type of action.
AzureFirewallNatRCActionResponse, AzureFirewallNatRCActionResponseArgs
- Type string
- The type of action.
- Type string
- The type of action.
- type String
- The type of action.
- type string
- The type of action.
- type str
- The type of action.
- type String
- The type of action.
AzureFirewallNatRCActionType, AzureFirewallNatRCActionTypeArgs
- Snat
- Snat
- Dnat
- Dnat
- Azure
Firewall Nat RCAction Type Snat - Snat
- Azure
Firewall Nat RCAction Type Dnat - Dnat
- Snat
- Snat
- Dnat
- Dnat
- Snat
- Snat
- Dnat
- Dnat
- SNAT
- Snat
- DNAT
- Dnat
- "Snat"
- Snat
- "Dnat"
- Dnat
AzureFirewallNatRule, AzureFirewallNatRuleArgs
- Description string
- Description of the rule.
- Destination
Addresses List<string> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports List<string> - List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols
List<Union<string, Pulumi.
Azure Native. Network. Azure Firewall Network Rule Protocol>> - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Translated
Address string - The translated address for this NAT rule.
- Translated
Fqdn string - The translated FQDN for this NAT rule.
- Translated
Port string - The translated port for this NAT rule.
- Description string
- Description of the rule.
- Destination
Addresses []string - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports []string - List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- Translated
Address string - The translated address for this NAT rule.
- Translated
Fqdn string - The translated FQDN for this NAT rule.
- Translated
Port string - The translated port for this NAT rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the NAT rule.
- protocols
List<Either<String,Azure
Firewall Network Rule Protocol>> - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- translated
Address String - The translated address for this NAT rule.
- translated
Fqdn String - The translated FQDN for this NAT rule.
- translated
Port String - The translated port for this NAT rule.
- description string
- Description of the rule.
- destination
Addresses string[] - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports string[] - List of destination ports.
- name string
- Name of the NAT rule.
- protocols
(string | Azure
Firewall Network Rule Protocol)[] - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- translated
Address string - The translated address for this NAT rule.
- translated
Fqdn string - The translated FQDN for this NAT rule.
- translated
Port string - The translated port for this NAT rule.
- description str
- Description of the rule.
- destination_
addresses Sequence[str] - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_
ports Sequence[str] - List of destination ports.
- name str
- Name of the NAT rule.
- protocols
Sequence[Union[str, Azure
Firewall Network Rule Protocol]] - Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- translated_
address str - The translated address for this NAT rule.
- translated_
fqdn str - The translated FQDN for this NAT rule.
- translated_
port str - The translated port for this NAT rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- translated
Address String - The translated address for this NAT rule.
- translated
Fqdn String - The translated FQDN for this NAT rule.
- translated
Port String - The translated port for this NAT rule.
AzureFirewallNatRuleCollection, AzureFirewallNatRuleCollectionArgs
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat RCAction - The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat Rule> - Collection of rules used by a NAT rule collection.
- Action
Azure
Firewall Nat RCAction - The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
[]Azure
Firewall Nat Rule - Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction - The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the NAT rule collection resource.
- rules
List<Azure
Firewall Nat Rule> - Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction - The action type of a NAT rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the NAT rule collection resource.
- rules
Azure
Firewall Nat Rule[] - Collection of rules used by a NAT rule collection.
- action
Azure
Firewall Nat RCAction - The action type of a NAT rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the NAT rule collection resource.
- rules
Sequence[Azure
Firewall Nat Rule] - Collection of rules used by a NAT rule collection.
- action Property Map
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the NAT rule collection resource.
- rules List<Property Map>
- Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleCollectionResponse, AzureFirewallNatRuleCollectionResponseArgs
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the NAT rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat RCAction Response - The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Nat Rule Response> - Collection of rules used by a NAT rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the NAT rule collection resource.
- Action
Azure
Firewall Nat RCAction Response - The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
[]Azure
Firewall Nat Rule Response - Collection of rules used by a NAT rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response - The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the NAT rule collection resource.
- rules
List<Azure
Firewall Nat Rule Response> - Collection of rules used by a NAT rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State string - The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response - The action type of a NAT rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the NAT rule collection resource.
- rules
Azure
Firewall Nat Rule Response[] - Collection of rules used by a NAT rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str - The provisioning state of the NAT rule collection resource.
- action
Azure
Firewall Nat RCAction Response - The action type of a NAT rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the NAT rule collection resource.
- rules
Sequence[Azure
Firewall Nat Rule Response] - Collection of rules used by a NAT rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the NAT rule collection resource.
- action Property Map
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the NAT rule collection resource.
- rules List<Property Map>
- Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleResponse, AzureFirewallNatRuleResponseArgs
- Description string
- Description of the rule.
- Destination
Addresses List<string> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports List<string> - List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols List<string>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Translated
Address string - The translated address for this NAT rule.
- Translated
Fqdn string - The translated FQDN for this NAT rule.
- Translated
Port string - The translated port for this NAT rule.
- Description string
- Description of the rule.
- Destination
Addresses []string - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- Destination
Ports []string - List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- Translated
Address string - The translated address for this NAT rule.
- Translated
Fqdn string - The translated FQDN for this NAT rule.
- Translated
Port string - The translated port for this NAT rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- translated
Address String - The translated address for this NAT rule.
- translated
Fqdn String - The translated FQDN for this NAT rule.
- translated
Port String - The translated port for this NAT rule.
- description string
- Description of the rule.
- destination
Addresses string[] - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports string[] - List of destination ports.
- name string
- Name of the NAT rule.
- protocols string[]
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- translated
Address string - The translated address for this NAT rule.
- translated
Fqdn string - The translated FQDN for this NAT rule.
- translated
Port string - The translated port for this NAT rule.
- description str
- Description of the rule.
- destination_
addresses Sequence[str] - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_
ports Sequence[str] - List of destination ports.
- name str
- Name of the NAT rule.
- protocols Sequence[str]
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- translated_
address str - The translated address for this NAT rule.
- translated_
fqdn str - The translated FQDN for this NAT rule.
- translated_
port str - The translated port for this NAT rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- translated
Address String - The translated address for this NAT rule.
- translated
Fqdn String - The translated FQDN for this NAT rule.
- translated
Port String - The translated port for this NAT rule.
AzureFirewallNetworkRule, AzureFirewallNetworkRuleArgs
- Description string
- Description of the rule.
- Destination
Addresses List<string> - List of destination IP addresses.
- Destination
Fqdns List<string> - List of destination FQDNs.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports.
- Name string
- Name of the network rule.
- Protocols
List<Union<string, Pulumi.
Azure Native. Network. Azure Firewall Network Rule Protocol>> - Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the rule.
- Destination
Addresses []string - List of destination IP addresses.
- Destination
Fqdns []string - List of destination FQDNs.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports.
- Name string
- Name of the network rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses.
- destination
Fqdns List<String> - List of destination FQDNs.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the network rule.
- protocols
List<Either<String,Azure
Firewall Network Rule Protocol>> - Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the rule.
- destination
Addresses string[] - List of destination IP addresses.
- destination
Fqdns string[] - List of destination FQDNs.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports.
- name string
- Name of the network rule.
- protocols
(string | Azure
Firewall Network Rule Protocol)[] - Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the rule.
- destination_
addresses Sequence[str] - List of destination IP addresses.
- destination_
fqdns Sequence[str] - List of destination FQDNs.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports.
- name str
- Name of the network rule.
- protocols
Sequence[Union[str, Azure
Firewall Network Rule Protocol]] - Array of AzureFirewallNetworkRuleProtocols.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses.
- destination
Fqdns List<String> - List of destination FQDNs.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the network rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
- Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
AzureFirewallNetworkRuleCollection, AzureFirewallNetworkRuleCollectionArgs
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Network Rule> - Collection of rules used by a network rule collection.
- Action
Azure
Firewall RCAction - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
[]Azure
Firewall Network Rule - Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the network rule collection resource.
- rules
List<Azure
Firewall Network Rule> - Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the network rule collection resource.
- rules
Azure
Firewall Network Rule[] - Collection of rules used by a network rule collection.
- action
Azure
Firewall RCAction - The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the network rule collection resource.
- rules
Sequence[Azure
Firewall Network Rule] - Collection of rules used by a network rule collection.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the network rule collection resource.
- rules List<Property Map>
- Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleCollectionResponse, AzureFirewallNetworkRuleCollectionResponseArgs
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the network rule collection resource.
- Action
Pulumi.
Azure Native. Network. Inputs. Azure Firewall RCAction Response - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Network Rule Response> - Collection of rules used by a network rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Provisioning
State string - The provisioning state of the network rule collection resource.
- Action
Azure
Firewall RCAction Response - The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
[]Azure
Firewall Network Rule Response - Collection of rules used by a network rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the network rule collection resource.
- rules
List<Azure
Firewall Network Rule Response> - Collection of rules used by a network rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State string - The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the network rule collection resource.
- rules
Azure
Firewall Network Rule Response[] - Collection of rules used by a network rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_
state str - The provisioning state of the network rule collection resource.
- action
Azure
Firewall RCAction Response - The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the network rule collection resource.
- rules
Sequence[Azure
Firewall Network Rule Response] - Collection of rules used by a network rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioning
State String - The provisioning state of the network rule collection resource.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the network rule collection resource.
- rules List<Property Map>
- Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleProtocol, AzureFirewallNetworkRuleProtocolArgs
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- Azure
Firewall Network Rule Protocol TCP - TCP
- Azure
Firewall Network Rule Protocol UDP - UDP
- Azure
Firewall Network Rule Protocol Any - Any
- Azure
Firewall Network Rule Protocol ICMP - ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- ANY
- Any
- ICMP
- ICMP
- "TCP"
- TCP
- "UDP"
- UDP
- "Any"
- Any
- "ICMP"
- ICMP
AzureFirewallNetworkRuleResponse, AzureFirewallNetworkRuleResponseArgs
- Description string
- Description of the rule.
- Destination
Addresses List<string> - List of destination IP addresses.
- Destination
Fqdns List<string> - List of destination FQDNs.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports.
- Name string
- Name of the network rule.
- Protocols List<string>
- Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses List<string> - List of source IP addresses for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the rule.
- Destination
Addresses []string - List of destination IP addresses.
- Destination
Fqdns []string - List of destination FQDNs.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports.
- Name string
- Name of the network rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols.
- Source
Addresses []string - List of source IP addresses for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses.
- destination
Fqdns List<String> - List of destination FQDNs.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the network rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the rule.
- destination
Addresses string[] - List of destination IP addresses.
- destination
Fqdns string[] - List of destination FQDNs.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports.
- name string
- Name of the network rule.
- protocols string[]
- Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses string[] - List of source IP addresses for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the rule.
- destination_
addresses Sequence[str] - List of destination IP addresses.
- destination_
fqdns Sequence[str] - List of destination FQDNs.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports.
- name str
- Name of the network rule.
- protocols Sequence[str]
- Array of AzureFirewallNetworkRuleProtocols.
- source_
addresses Sequence[str] - List of source IP addresses for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the rule.
- destination
Addresses List<String> - List of destination IP addresses.
- destination
Fqdns List<String> - List of destination FQDNs.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports.
- name String
- Name of the network rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols.
- source
Addresses List<String> - List of source IP addresses for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
AzureFirewallPublicIPAddress, AzureFirewallPublicIPAddressArgs
- Address string
- Public IP Address value.
- Address string
- Public IP Address value.
- address String
- Public IP Address value.
- address string
- Public IP Address value.
- address str
- Public IP Address value.
- address String
- Public IP Address value.
AzureFirewallPublicIPAddressResponse, AzureFirewallPublicIPAddressResponseArgs
- Address string
- Public IP Address value.
- Address string
- Public IP Address value.
- address String
- Public IP Address value.
- address string
- Public IP Address value.
- address str
- Public IP Address value.
- address String
- Public IP Address value.
AzureFirewallRCAction, AzureFirewallRCActionArgs
- Type
string | Pulumi.
Azure Native. Network. Azure Firewall RCAction Type - The type of action.
- Type
string | Azure
Firewall RCAction Type - The type of action.
- type
String | Azure
Firewall RCAction Type - The type of action.
- type
string | Azure
Firewall RCAction Type - The type of action.
- type
str | Azure
Firewall RCAction Type - The type of action.
- type String | "Allow" | "Deny"
- The type of action.
AzureFirewallRCActionResponse, AzureFirewallRCActionResponseArgs
- Type string
- The type of action.
- Type string
- The type of action.
- type String
- The type of action.
- type string
- The type of action.
- type str
- The type of action.
- type String
- The type of action.
AzureFirewallRCActionType, AzureFirewallRCActionTypeArgs
- Allow
- Allow
- Deny
- Deny
- Azure
Firewall RCAction Type Allow - Allow
- Azure
Firewall RCAction Type Deny - Deny
- Allow
- Allow
- Deny
- Deny
- Allow
- Allow
- Deny
- Deny
- ALLOW
- Allow
- DENY
- Deny
- "Allow"
- Allow
- "Deny"
- Deny
AzureFirewallSku, AzureFirewallSkuArgs
- Name
string | Pulumi.
Azure Native. Network. Azure Firewall Sku Name - Name of an Azure Firewall SKU.
- Tier
string | Pulumi.
Azure Native. Network. Azure Firewall Sku Tier - Tier of an Azure Firewall.
- Name
string | Azure
Firewall Sku Name - Name of an Azure Firewall SKU.
- Tier
string | Azure
Firewall Sku Tier - Tier of an Azure Firewall.
- name
String | Azure
Firewall Sku Name - Name of an Azure Firewall SKU.
- tier
String | Azure
Firewall Sku Tier - Tier of an Azure Firewall.
- name
string | Azure
Firewall Sku Name - Name of an Azure Firewall SKU.
- tier
string | Azure
Firewall Sku Tier - Tier of an Azure Firewall.
- name
str | Azure
Firewall Sku Name - Name of an Azure Firewall SKU.
- tier
str | Azure
Firewall Sku Tier - Tier of an Azure Firewall.
- name String | "AZFW_VNet" | "AZFW_Hub"
- Name of an Azure Firewall SKU.
- tier String | "Standard" | "Premium" | "Basic"
- Tier of an Azure Firewall.
AzureFirewallSkuName, AzureFirewallSkuNameArgs
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- Azure
Firewall Sku Name_AZFW_VNet - AZFW_VNet
- Azure
Firewall Sku Name_AZFW_Hub - AZFW_Hub
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- AZF_W_V_NET
- AZFW_VNet
- AZF_W_HUB
- AZFW_Hub
- "AZFW_VNet"
- AZFW_VNet
- "AZFW_Hub"
- AZFW_Hub
AzureFirewallSkuResponse, AzureFirewallSkuResponseArgs
AzureFirewallSkuTier, AzureFirewallSkuTierArgs
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- Azure
Firewall Sku Tier Standard - Standard
- Azure
Firewall Sku Tier Premium - Premium
- Azure
Firewall Sku Tier Basic - Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- STANDARD
- Standard
- PREMIUM
- Premium
- BASIC
- Basic
- "Standard"
- Standard
- "Premium"
- Premium
- "Basic"
- Basic
AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Azure
Firewall Threat Intel Mode Alert - Alert
- Azure
Firewall Threat Intel Mode Deny - Deny
- Azure
Firewall Threat Intel Mode Off - Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- ALERT
- Alert
- DENY
- Deny
- OFF
- Off
- "Alert"
- Alert
- "Deny"
- Deny
- "Off"
- Off
HubIPAddresses, HubIPAddressesArgs
- Private
IPAddress string - Private IP Address associated with azure firewall.
- Public
IPs Pulumi.Azure Native. Network. Inputs. Hub Public IPAddresses - Public IP addresses associated with azure firewall.
- Private
IPAddress string - Private IP Address associated with azure firewall.
- Public
IPs HubPublic IPAddresses - Public IP addresses associated with azure firewall.
- private
IPAddress String - Private IP Address associated with azure firewall.
- public
IPs HubPublic IPAddresses - Public IP addresses associated with azure firewall.
- private
IPAddress string - Private IP Address associated with azure firewall.
- public
IPs HubPublic IPAddresses - Public IP addresses associated with azure firewall.
- private_
ip_ straddress - Private IP Address associated with azure firewall.
- public_
ips HubPublic IPAddresses - Public IP addresses associated with azure firewall.
- private
IPAddress String - Private IP Address associated with azure firewall.
- public
IPs Property Map - Public IP addresses associated with azure firewall.
HubIPAddressesResponse, HubIPAddressesResponseArgs
- Private
IPAddress string - Private IP Address associated with azure firewall.
- Public
IPs Pulumi.Azure Native. Network. Inputs. Hub Public IPAddresses Response - Public IP addresses associated with azure firewall.
- Private
IPAddress string - Private IP Address associated with azure firewall.
- Public
IPs HubPublic IPAddresses Response - Public IP addresses associated with azure firewall.
- private
IPAddress String - Private IP Address associated with azure firewall.
- public
IPs HubPublic IPAddresses Response - Public IP addresses associated with azure firewall.
- private
IPAddress string - Private IP Address associated with azure firewall.
- public
IPs HubPublic IPAddresses Response - Public IP addresses associated with azure firewall.
- private_
ip_ straddress - Private IP Address associated with azure firewall.
- public_
ips HubPublic IPAddresses Response - Public IP addresses associated with azure firewall.
- private
IPAddress String - Private IP Address associated with azure firewall.
- public
IPs Property Map - Public IP addresses associated with azure firewall.
HubPublicIPAddresses, HubPublicIPAddressesArgs
- Addresses
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Public IPAddress> - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- Addresses
[]Azure
Firewall Public IPAddress - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- addresses
List<Azure
Firewall Public IPAddress> - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Integer
- The number of Public IP addresses associated with azure firewall.
- addresses
Azure
Firewall Public IPAddress[] - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count number
- The number of Public IP addresses associated with azure firewall.
- addresses
Sequence[Azure
Firewall Public IPAddress] - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count int
- The number of Public IP addresses associated with azure firewall.
- addresses List<Property Map>
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Number
- The number of Public IP addresses associated with azure firewall.
HubPublicIPAddressesResponse, HubPublicIPAddressesResponseArgs
- Addresses
List<Pulumi.
Azure Native. Network. Inputs. Azure Firewall Public IPAddress Response> - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- Addresses
[]Azure
Firewall Public IPAddress Response - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- addresses
List<Azure
Firewall Public IPAddress Response> - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Integer
- The number of Public IP addresses associated with azure firewall.
- addresses
Azure
Firewall Public IPAddress Response[] - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count number
- The number of Public IP addresses associated with azure firewall.
- addresses
Sequence[Azure
Firewall Public IPAddress Response] - The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count int
- The number of Public IP addresses associated with azure firewall.
- addresses List<Property Map>
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Number
- The number of Public IP addresses associated with azure firewall.
SubResource, SubResourceArgs
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id str
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
SubResourceResponse, SubResourceResponseArgs
- Id string
- Resource ID.
- Id string
- Resource ID.
- id String
- Resource ID.
- id string
- Resource ID.
- id str
- Resource ID.
- id String
- Resource ID.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:network:AzureFirewall azurefirewall /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0