1. Packages
  2. Azure Native
  3. API Docs
  4. network
  5. FirewallPolicyDraft
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

azure-native.network.FirewallPolicyDraft

Explore with Pulumi AI

azure-native logo
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi

    FirewallPolicy Resource. Azure REST API version: 2023-11-01.

    Other available API versions: 2024-01-01, 2024-03-01.

    Example Usage

    create or update firewall policy draft

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    return await Deployment.RunAsync(() => 
    {
        var firewallPolicyDraft = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraft", new()
        {
            DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
            {
                EnableProxy = true,
                RequireProxyForNetworkRules = false,
                Servers = new[]
                {
                    "30.3.4.5",
                },
            },
            ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
            {
                EnableExplicitProxy = true,
                EnablePacFile = true,
                HttpPort = 8087,
                HttpsPort = 8087,
                PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
                PacFilePort = 8087,
            },
            FirewallPolicyName = "firewallPolicy",
            Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
            {
                IsEnabled = true,
                LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
                {
                    DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                    {
                        Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                    },
                    Workspaces = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "westus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                            },
                        },
                        new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                        {
                            Region = "eastus",
                            WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                            {
                                Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                            },
                        },
                    },
                },
                RetentionDays = 100,
            },
            IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
            {
                Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
                {
                    BypassTrafficSettings = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                        {
                            Description = "Rule 1",
                            DestinationAddresses = new[]
                            {
                                "5.6.7.8",
                            },
                            DestinationPorts = new[]
                            {
                                "*",
                            },
                            Name = "bypassRule1",
                            Protocol = AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                            SourceAddresses = new[]
                            {
                                "1.2.3.4",
                            },
                        },
                    },
                    SignatureOverrides = new[]
                    {
                        new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                        {
                            Id = "2525004",
                            Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Deny,
                        },
                    },
                },
                Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Alert,
                Profile = "Balanced",
            },
            ResourceGroupName = "rg1",
            Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
            {
                PrivateRanges = new[]
                {
                    "IANAPrivateRanges",
                },
            },
            Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
            {
                AllowSqlRedirect = true,
            },
            ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
            ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
            {
                Fqdns = new[]
                {
                    "*.microsoft.com",
                },
                IpAddresses = new[]
                {
                    "20.3.4.5",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraft", &network.FirewallPolicyDraftArgs{
    			DnsSettings: &network.DnsSettingsArgs{
    				EnableProxy:                 pulumi.Bool(true),
    				RequireProxyForNetworkRules: pulumi.Bool(false),
    				Servers: pulumi.StringArray{
    					pulumi.String("30.3.4.5"),
    				},
    			},
    			ExplicitProxy: &network.ExplicitProxyArgs{
    				EnableExplicitProxy: pulumi.Bool(true),
    				EnablePacFile:       pulumi.Bool(true),
    				HttpPort:            pulumi.Int(8087),
    				HttpsPort:           pulumi.Int(8087),
    				PacFile:             pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
    				PacFilePort:         pulumi.Int(8087),
    			},
    			FirewallPolicyName: pulumi.String("firewallPolicy"),
    			Insights: &network.FirewallPolicyInsightsArgs{
    				IsEnabled: pulumi.Bool(true),
    				LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
    					DefaultWorkspaceId: &network.SubResourceArgs{
    						Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
    					},
    					Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
    						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
    							Region: pulumi.String("westus"),
    							WorkspaceId: &network.SubResourceArgs{
    								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
    							},
    						},
    						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
    							Region: pulumi.String("eastus"),
    							WorkspaceId: &network.SubResourceArgs{
    								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
    							},
    						},
    					},
    				},
    				RetentionDays: pulumi.Int(100),
    			},
    			IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
    				Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
    					BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
    						&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
    							Description: pulumi.String("Rule 1"),
    							DestinationAddresses: pulumi.StringArray{
    								pulumi.String("5.6.7.8"),
    							},
    							DestinationPorts: pulumi.StringArray{
    								pulumi.String("*"),
    							},
    							Name:     pulumi.String("bypassRule1"),
    							Protocol: pulumi.String(network.FirewallPolicyIntrusionDetectionProtocolTCP),
    							SourceAddresses: pulumi.StringArray{
    								pulumi.String("1.2.3.4"),
    							},
    						},
    					},
    					SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
    						&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
    							Id:   pulumi.String("2525004"),
    							Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeDeny),
    						},
    					},
    				},
    				Mode:    pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeAlert),
    				Profile: pulumi.String("Balanced"),
    			},
    			ResourceGroupName: pulumi.String("rg1"),
    			Snat: &network.FirewallPolicySNATArgs{
    				PrivateRanges: pulumi.StringArray{
    					pulumi.String("IANAPrivateRanges"),
    				},
    			},
    			Sql: &network.FirewallPolicySQLArgs{
    				AllowSqlRedirect: pulumi.Bool(true),
    			},
    			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
    			ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
    				Fqdns: pulumi.StringArray{
    					pulumi.String("*.microsoft.com"),
    				},
    				IpAddresses: pulumi.StringArray{
    					pulumi.String("20.3.4.5"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azurenative.network.FirewallPolicyDraft;
    import com.pulumi.azurenative.network.FirewallPolicyDraftArgs;
    import com.pulumi.azurenative.network.inputs.DnsSettingsArgs;
    import com.pulumi.azurenative.network.inputs.ExplicitProxyArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicyInsightsArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicyLogAnalyticsResourcesArgs;
    import com.pulumi.azurenative.network.inputs.SubResourceArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionConfigurationArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicySNATArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicySQLArgs;
    import com.pulumi.azurenative.network.inputs.FirewallPolicyThreatIntelWhitelistArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var firewallPolicyDraft = new FirewallPolicyDraft("firewallPolicyDraft", FirewallPolicyDraftArgs.builder()
                .dnsSettings(DnsSettingsArgs.builder()
                    .enableProxy(true)
                    .requireProxyForNetworkRules(false)
                    .servers("30.3.4.5")
                    .build())
                .explicitProxy(ExplicitProxyArgs.builder()
                    .enableExplicitProxy(true)
                    .enablePacFile(true)
                    .httpPort(8087)
                    .httpsPort(8087)
                    .pacFile("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D")
                    .pacFilePort(8087)
                    .build())
                .firewallPolicyName("firewallPolicy")
                .insights(FirewallPolicyInsightsArgs.builder()
                    .isEnabled(true)
                    .logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
                        .defaultWorkspaceId(SubResourceArgs.builder()
                            .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")
                            .build())
                        .workspaces(                    
                            FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
                                .region("westus")
                                .workspaceId(SubResourceArgs.builder()
                                    .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1")
                                    .build())
                                .build(),
                            FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
                                .region("eastus")
                                .workspaceId(SubResourceArgs.builder()
                                    .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2")
                                    .build())
                                .build())
                        .build())
                    .retentionDays(100)
                    .build())
                .intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
                    .configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
                        .bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
                            .description("Rule 1")
                            .destinationAddresses("5.6.7.8")
                            .destinationPorts("*")
                            .name("bypassRule1")
                            .protocol("TCP")
                            .sourceAddresses("1.2.3.4")
                            .build())
                        .signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
                            .id("2525004")
                            .mode("Deny")
                            .build())
                        .build())
                    .mode("Alert")
                    .profile("Balanced")
                    .build())
                .resourceGroupName("rg1")
                .snat(FirewallPolicySNATArgs.builder()
                    .privateRanges("IANAPrivateRanges")
                    .build())
                .sql(FirewallPolicySQLArgs.builder()
                    .allowSqlRedirect(true)
                    .build())
                .threatIntelMode("Alert")
                .threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
                    .fqdns("*.microsoft.com")
                    .ipAddresses("20.3.4.5")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_azure_native as azure_native
    
    firewall_policy_draft = azure_native.network.FirewallPolicyDraft("firewallPolicyDraft",
        dns_settings={
            "enable_proxy": True,
            "require_proxy_for_network_rules": False,
            "servers": ["30.3.4.5"],
        },
        explicit_proxy={
            "enable_explicit_proxy": True,
            "enable_pac_file": True,
            "http_port": 8087,
            "https_port": 8087,
            "pac_file": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
            "pac_file_port": 8087,
        },
        firewall_policy_name="firewallPolicy",
        insights={
            "is_enabled": True,
            "log_analytics_resources": {
                "default_workspace_id": {
                    "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                },
                "workspaces": [
                    {
                        "region": "westus",
                        "workspace_id": {
                            "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        },
                    },
                    {
                        "region": "eastus",
                        "workspace_id": {
                            "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        },
                    },
                ],
            },
            "retention_days": 100,
        },
        intrusion_detection={
            "configuration": {
                "bypass_traffic_settings": [{
                    "description": "Rule 1",
                    "destination_addresses": ["5.6.7.8"],
                    "destination_ports": ["*"],
                    "name": "bypassRule1",
                    "protocol": azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                    "source_addresses": ["1.2.3.4"],
                }],
                "signature_overrides": [{
                    "id": "2525004",
                    "mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.DENY,
                }],
            },
            "mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.ALERT,
            "profile": "Balanced",
        },
        resource_group_name="rg1",
        snat={
            "private_ranges": ["IANAPrivateRanges"],
        },
        sql={
            "allow_sql_redirect": True,
        },
        threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
        threat_intel_whitelist={
            "fqdns": ["*.microsoft.com"],
            "ip_addresses": ["20.3.4.5"],
        })
    
    import * as pulumi from "@pulumi/pulumi";
    import * as azure_native from "@pulumi/azure-native";
    
    const firewallPolicyDraft = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraft", {
        dnsSettings: {
            enableProxy: true,
            requireProxyForNetworkRules: false,
            servers: ["30.3.4.5"],
        },
        explicitProxy: {
            enableExplicitProxy: true,
            enablePacFile: true,
            httpPort: 8087,
            httpsPort: 8087,
            pacFile: "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
            pacFilePort: 8087,
        },
        firewallPolicyName: "firewallPolicy",
        insights: {
            isEnabled: true,
            logAnalyticsResources: {
                defaultWorkspaceId: {
                    id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                },
                workspaces: [
                    {
                        region: "westus",
                        workspaceId: {
                            id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        },
                    },
                    {
                        region: "eastus",
                        workspaceId: {
                            id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        },
                    },
                ],
            },
            retentionDays: 100,
        },
        intrusionDetection: {
            configuration: {
                bypassTrafficSettings: [{
                    description: "Rule 1",
                    destinationAddresses: ["5.6.7.8"],
                    destinationPorts: ["*"],
                    name: "bypassRule1",
                    protocol: azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                    sourceAddresses: ["1.2.3.4"],
                }],
                signatureOverrides: [{
                    id: "2525004",
                    mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Deny,
                }],
            },
            mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Alert,
            profile: "Balanced",
        },
        resourceGroupName: "rg1",
        snat: {
            privateRanges: ["IANAPrivateRanges"],
        },
        sql: {
            allowSqlRedirect: true,
        },
        threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
        threatIntelWhitelist: {
            fqdns: ["*.microsoft.com"],
            ipAddresses: ["20.3.4.5"],
        },
    });
    
    resources:
      firewallPolicyDraft:
        type: azure-native:network:FirewallPolicyDraft
        properties:
          dnsSettings:
            enableProxy: true
            requireProxyForNetworkRules: false
            servers:
              - 30.3.4.5
          explicitProxy:
            enableExplicitProxy: true
            enablePacFile: true
            httpPort: 8087
            httpsPort: 8087
            pacFile: https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D
            pacFilePort: 8087
          firewallPolicyName: firewallPolicy
          insights:
            isEnabled: true
            logAnalyticsResources:
              defaultWorkspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
              workspaces:
                - region: westus
                  workspaceId:
                    id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
                - region: eastus
                  workspaceId:
                    id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
            retentionDays: 100
          intrusionDetection:
            configuration:
              bypassTrafficSettings:
                - description: Rule 1
                  destinationAddresses:
                    - 5.6.7.8
                  destinationPorts:
                    - '*'
                  name: bypassRule1
                  protocol: TCP
                  sourceAddresses:
                    - 1.2.3.4
              signatureOverrides:
                - id: '2525004'
                  mode: Deny
            mode: Alert
            profile: Balanced
          resourceGroupName: rg1
          snat:
            privateRanges:
              - IANAPrivateRanges
          sql:
            allowSqlRedirect: true
          threatIntelMode: Alert
          threatIntelWhitelist:
            fqdns:
              - '*.microsoft.com'
            ipAddresses:
              - 20.3.4.5
    

    Create FirewallPolicyDraft Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new FirewallPolicyDraft(name: string, args: FirewallPolicyDraftArgs, opts?: CustomResourceOptions);
    @overload
    def FirewallPolicyDraft(resource_name: str,
                            args: FirewallPolicyDraftArgs,
                            opts: Optional[ResourceOptions] = None)
    
    @overload
    def FirewallPolicyDraft(resource_name: str,
                            opts: Optional[ResourceOptions] = None,
                            firewall_policy_name: Optional[str] = None,
                            resource_group_name: Optional[str] = None,
                            intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                            explicit_proxy: Optional[ExplicitProxyArgs] = None,
                            id: Optional[str] = None,
                            insights: Optional[FirewallPolicyInsightsArgs] = None,
                            base_policy: Optional[SubResourceArgs] = None,
                            location: Optional[str] = None,
                            dns_settings: Optional[DnsSettingsArgs] = None,
                            snat: Optional[FirewallPolicySNATArgs] = None,
                            sql: Optional[FirewallPolicySQLArgs] = None,
                            tags: Optional[Mapping[str, str]] = None,
                            threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                            threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None)
    func NewFirewallPolicyDraft(ctx *Context, name string, args FirewallPolicyDraftArgs, opts ...ResourceOption) (*FirewallPolicyDraft, error)
    public FirewallPolicyDraft(string name, FirewallPolicyDraftArgs args, CustomResourceOptions? opts = null)
    public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args)
    public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args, CustomResourceOptions options)
    
    type: azure-native:network:FirewallPolicyDraft
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args FirewallPolicyDraftArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args FirewallPolicyDraftArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args FirewallPolicyDraftArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args FirewallPolicyDraftArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args FirewallPolicyDraftArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var firewallPolicyDraftResource = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraftResource", new()
    {
        FirewallPolicyName = "string",
        ResourceGroupName = "string",
        IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
        {
            Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
            {
                BypassTrafficSettings = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                    {
                        Description = "string",
                        DestinationAddresses = new[]
                        {
                            "string",
                        },
                        DestinationIpGroups = new[]
                        {
                            "string",
                        },
                        DestinationPorts = new[]
                        {
                            "string",
                        },
                        Name = "string",
                        Protocol = "string",
                        SourceAddresses = new[]
                        {
                            "string",
                        },
                        SourceIpGroups = new[]
                        {
                            "string",
                        },
                    },
                },
                PrivateRanges = new[]
                {
                    "string",
                },
                SignatureOverrides = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                    {
                        Id = "string",
                        Mode = "string",
                    },
                },
            },
            Mode = "string",
            Profile = "string",
        },
        ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
        {
            EnableExplicitProxy = false,
            EnablePacFile = false,
            HttpPort = 0,
            HttpsPort = 0,
            PacFile = "string",
            PacFilePort = 0,
        },
        Id = "string",
        Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
        {
            IsEnabled = false,
            LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
            {
                DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "string",
                },
                Workspaces = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                    {
                        Region = "string",
                        WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                        {
                            Id = "string",
                        },
                    },
                },
            },
            RetentionDays = 0,
        },
        BasePolicy = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "string",
        },
        Location = "string",
        DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
        {
            EnableProxy = false,
            RequireProxyForNetworkRules = false,
            Servers = new[]
            {
                "string",
            },
        },
        Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
        {
            AutoLearnPrivateRanges = "string",
            PrivateRanges = new[]
            {
                "string",
            },
        },
        Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
        {
            AllowSqlRedirect = false,
        },
        Tags = 
        {
            { "string", "string" },
        },
        ThreatIntelMode = "string",
        ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
        {
            Fqdns = new[]
            {
                "string",
            },
            IpAddresses = new[]
            {
                "string",
            },
        },
    });
    
    example, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraftResource", &network.FirewallPolicyDraftArgs{
    	FirewallPolicyName: pulumi.String("string"),
    	ResourceGroupName:  pulumi.String("string"),
    	IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
    		Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
    			BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
    				&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
    					Description: pulumi.String("string"),
    					DestinationAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					DestinationPorts: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					Name:     pulumi.String("string"),
    					Protocol: pulumi.String("string"),
    					SourceAddresses: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    					SourceIpGroups: pulumi.StringArray{
    						pulumi.String("string"),
    					},
    				},
    			},
    			PrivateRanges: pulumi.StringArray{
    				pulumi.String("string"),
    			},
    			SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
    				&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
    					Id:   pulumi.String("string"),
    					Mode: pulumi.String("string"),
    				},
    			},
    		},
    		Mode:    pulumi.String("string"),
    		Profile: pulumi.String("string"),
    	},
    	ExplicitProxy: &network.ExplicitProxyArgs{
    		EnableExplicitProxy: pulumi.Bool(false),
    		EnablePacFile:       pulumi.Bool(false),
    		HttpPort:            pulumi.Int(0),
    		HttpsPort:           pulumi.Int(0),
    		PacFile:             pulumi.String("string"),
    		PacFilePort:         pulumi.Int(0),
    	},
    	Id: pulumi.String("string"),
    	Insights: &network.FirewallPolicyInsightsArgs{
    		IsEnabled: pulumi.Bool(false),
    		LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
    			DefaultWorkspaceId: &network.SubResourceArgs{
    				Id: pulumi.String("string"),
    			},
    			Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
    				&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
    					Region: pulumi.String("string"),
    					WorkspaceId: &network.SubResourceArgs{
    						Id: pulumi.String("string"),
    					},
    				},
    			},
    		},
    		RetentionDays: pulumi.Int(0),
    	},
    	BasePolicy: &network.SubResourceArgs{
    		Id: pulumi.String("string"),
    	},
    	Location: pulumi.String("string"),
    	DnsSettings: &network.DnsSettingsArgs{
    		EnableProxy:                 pulumi.Bool(false),
    		RequireProxyForNetworkRules: pulumi.Bool(false),
    		Servers: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Snat: &network.FirewallPolicySNATArgs{
    		AutoLearnPrivateRanges: pulumi.String("string"),
    		PrivateRanges: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    	Sql: &network.FirewallPolicySQLArgs{
    		AllowSqlRedirect: pulumi.Bool(false),
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	ThreatIntelMode: pulumi.String("string"),
    	ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
    		Fqdns: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    		IpAddresses: pulumi.StringArray{
    			pulumi.String("string"),
    		},
    	},
    })
    
    var firewallPolicyDraftResource = new FirewallPolicyDraft("firewallPolicyDraftResource", FirewallPolicyDraftArgs.builder()
        .firewallPolicyName("string")
        .resourceGroupName("string")
        .intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
            .configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
                .bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
                    .description("string")
                    .destinationAddresses("string")
                    .destinationIpGroups("string")
                    .destinationPorts("string")
                    .name("string")
                    .protocol("string")
                    .sourceAddresses("string")
                    .sourceIpGroups("string")
                    .build())
                .privateRanges("string")
                .signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
                    .id("string")
                    .mode("string")
                    .build())
                .build())
            .mode("string")
            .profile("string")
            .build())
        .explicitProxy(ExplicitProxyArgs.builder()
            .enableExplicitProxy(false)
            .enablePacFile(false)
            .httpPort(0)
            .httpsPort(0)
            .pacFile("string")
            .pacFilePort(0)
            .build())
        .id("string")
        .insights(FirewallPolicyInsightsArgs.builder()
            .isEnabled(false)
            .logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
                .defaultWorkspaceId(SubResourceArgs.builder()
                    .id("string")
                    .build())
                .workspaces(FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
                    .region("string")
                    .workspaceId(SubResourceArgs.builder()
                        .id("string")
                        .build())
                    .build())
                .build())
            .retentionDays(0)
            .build())
        .basePolicy(SubResourceArgs.builder()
            .id("string")
            .build())
        .location("string")
        .dnsSettings(DnsSettingsArgs.builder()
            .enableProxy(false)
            .requireProxyForNetworkRules(false)
            .servers("string")
            .build())
        .snat(FirewallPolicySNATArgs.builder()
            .autoLearnPrivateRanges("string")
            .privateRanges("string")
            .build())
        .sql(FirewallPolicySQLArgs.builder()
            .allowSqlRedirect(false)
            .build())
        .tags(Map.of("string", "string"))
        .threatIntelMode("string")
        .threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
            .fqdns("string")
            .ipAddresses("string")
            .build())
        .build());
    
    firewall_policy_draft_resource = azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource",
        firewall_policy_name="string",
        resource_group_name="string",
        intrusion_detection={
            "configuration": {
                "bypass_traffic_settings": [{
                    "description": "string",
                    "destination_addresses": ["string"],
                    "destination_ip_groups": ["string"],
                    "destination_ports": ["string"],
                    "name": "string",
                    "protocol": "string",
                    "source_addresses": ["string"],
                    "source_ip_groups": ["string"],
                }],
                "private_ranges": ["string"],
                "signature_overrides": [{
                    "id": "string",
                    "mode": "string",
                }],
            },
            "mode": "string",
            "profile": "string",
        },
        explicit_proxy={
            "enable_explicit_proxy": False,
            "enable_pac_file": False,
            "http_port": 0,
            "https_port": 0,
            "pac_file": "string",
            "pac_file_port": 0,
        },
        id="string",
        insights={
            "is_enabled": False,
            "log_analytics_resources": {
                "default_workspace_id": {
                    "id": "string",
                },
                "workspaces": [{
                    "region": "string",
                    "workspace_id": {
                        "id": "string",
                    },
                }],
            },
            "retention_days": 0,
        },
        base_policy={
            "id": "string",
        },
        location="string",
        dns_settings={
            "enable_proxy": False,
            "require_proxy_for_network_rules": False,
            "servers": ["string"],
        },
        snat={
            "auto_learn_private_ranges": "string",
            "private_ranges": ["string"],
        },
        sql={
            "allow_sql_redirect": False,
        },
        tags={
            "string": "string",
        },
        threat_intel_mode="string",
        threat_intel_whitelist={
            "fqdns": ["string"],
            "ip_addresses": ["string"],
        })
    
    const firewallPolicyDraftResource = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource", {
        firewallPolicyName: "string",
        resourceGroupName: "string",
        intrusionDetection: {
            configuration: {
                bypassTrafficSettings: [{
                    description: "string",
                    destinationAddresses: ["string"],
                    destinationIpGroups: ["string"],
                    destinationPorts: ["string"],
                    name: "string",
                    protocol: "string",
                    sourceAddresses: ["string"],
                    sourceIpGroups: ["string"],
                }],
                privateRanges: ["string"],
                signatureOverrides: [{
                    id: "string",
                    mode: "string",
                }],
            },
            mode: "string",
            profile: "string",
        },
        explicitProxy: {
            enableExplicitProxy: false,
            enablePacFile: false,
            httpPort: 0,
            httpsPort: 0,
            pacFile: "string",
            pacFilePort: 0,
        },
        id: "string",
        insights: {
            isEnabled: false,
            logAnalyticsResources: {
                defaultWorkspaceId: {
                    id: "string",
                },
                workspaces: [{
                    region: "string",
                    workspaceId: {
                        id: "string",
                    },
                }],
            },
            retentionDays: 0,
        },
        basePolicy: {
            id: "string",
        },
        location: "string",
        dnsSettings: {
            enableProxy: false,
            requireProxyForNetworkRules: false,
            servers: ["string"],
        },
        snat: {
            autoLearnPrivateRanges: "string",
            privateRanges: ["string"],
        },
        sql: {
            allowSqlRedirect: false,
        },
        tags: {
            string: "string",
        },
        threatIntelMode: "string",
        threatIntelWhitelist: {
            fqdns: ["string"],
            ipAddresses: ["string"],
        },
    });
    
    type: azure-native:network:FirewallPolicyDraft
    properties:
        basePolicy:
            id: string
        dnsSettings:
            enableProxy: false
            requireProxyForNetworkRules: false
            servers:
                - string
        explicitProxy:
            enableExplicitProxy: false
            enablePacFile: false
            httpPort: 0
            httpsPort: 0
            pacFile: string
            pacFilePort: 0
        firewallPolicyName: string
        id: string
        insights:
            isEnabled: false
            logAnalyticsResources:
                defaultWorkspaceId:
                    id: string
                workspaces:
                    - region: string
                      workspaceId:
                        id: string
            retentionDays: 0
        intrusionDetection:
            configuration:
                bypassTrafficSettings:
                    - description: string
                      destinationAddresses:
                        - string
                      destinationIpGroups:
                        - string
                      destinationPorts:
                        - string
                      name: string
                      protocol: string
                      sourceAddresses:
                        - string
                      sourceIpGroups:
                        - string
                privateRanges:
                    - string
                signatureOverrides:
                    - id: string
                      mode: string
            mode: string
            profile: string
        location: string
        resourceGroupName: string
        snat:
            autoLearnPrivateRanges: string
            privateRanges:
                - string
        sql:
            allowSqlRedirect: false
        tags:
            string: string
        threatIntelMode: string
        threatIntelWhitelist:
            fqdns:
                - string
            ipAddresses:
                - string
    

    FirewallPolicyDraft Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The FirewallPolicyDraft resource accepts the following input properties:

    FirewallPolicyName string
    The name of the Firewall Policy.
    ResourceGroupName string
    The name of the resource group.
    BasePolicy Pulumi.AzureNative.Network.Inputs.SubResource
    The parent firewall policy from which rules are inherited.
    DnsSettings Pulumi.AzureNative.Network.Inputs.DnsSettings
    DNS Proxy Settings definition.
    ExplicitProxy Pulumi.AzureNative.Network.Inputs.ExplicitProxy
    Explicit Proxy Settings definition.
    Id string
    Resource ID.
    Insights Pulumi.AzureNative.Network.Inputs.FirewallPolicyInsights
    Insights on Firewall Policy.
    IntrusionDetection Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetection
    The configuration for Intrusion detection.
    Location string
    Resource location.
    Snat Pulumi.AzureNative.Network.Inputs.FirewallPolicySNAT
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    Sql Pulumi.AzureNative.Network.Inputs.FirewallPolicySQL
    SQL Settings definition.
    Tags Dictionary<string, string>
    Resource tags.
    ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    ThreatIntelWhitelist Pulumi.AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelist
    ThreatIntel Whitelist for Firewall Policy.
    FirewallPolicyName string
    The name of the Firewall Policy.
    ResourceGroupName string
    The name of the resource group.
    BasePolicy SubResourceArgs
    The parent firewall policy from which rules are inherited.
    DnsSettings DnsSettingsArgs
    DNS Proxy Settings definition.
    ExplicitProxy ExplicitProxyArgs
    Explicit Proxy Settings definition.
    Id string
    Resource ID.
    Insights FirewallPolicyInsightsArgs
    Insights on Firewall Policy.
    IntrusionDetection FirewallPolicyIntrusionDetectionArgs
    The configuration for Intrusion detection.
    Location string
    Resource location.
    Snat FirewallPolicySNATArgs
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    Sql FirewallPolicySQLArgs
    SQL Settings definition.
    Tags map[string]string
    Resource tags.
    ThreatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    ThreatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs
    ThreatIntel Whitelist for Firewall Policy.
    firewallPolicyName String
    The name of the Firewall Policy.
    resourceGroupName String
    The name of the resource group.
    basePolicy SubResource
    The parent firewall policy from which rules are inherited.
    dnsSettings DnsSettings
    DNS Proxy Settings definition.
    explicitProxy ExplicitProxy
    Explicit Proxy Settings definition.
    id String
    Resource ID.
    insights FirewallPolicyInsights
    Insights on Firewall Policy.
    intrusionDetection FirewallPolicyIntrusionDetection
    The configuration for Intrusion detection.
    location String
    Resource location.
    snat FirewallPolicySNAT
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    sql FirewallPolicySQL
    SQL Settings definition.
    tags Map<String,String>
    Resource tags.
    threatIntelMode String | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    threatIntelWhitelist FirewallPolicyThreatIntelWhitelist
    ThreatIntel Whitelist for Firewall Policy.
    firewallPolicyName string
    The name of the Firewall Policy.
    resourceGroupName string
    The name of the resource group.
    basePolicy SubResource
    The parent firewall policy from which rules are inherited.
    dnsSettings DnsSettings
    DNS Proxy Settings definition.
    explicitProxy ExplicitProxy
    Explicit Proxy Settings definition.
    id string
    Resource ID.
    insights FirewallPolicyInsights
    Insights on Firewall Policy.
    intrusionDetection FirewallPolicyIntrusionDetection
    The configuration for Intrusion detection.
    location string
    Resource location.
    snat FirewallPolicySNAT
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    sql FirewallPolicySQL
    SQL Settings definition.
    tags {[key: string]: string}
    Resource tags.
    threatIntelMode string | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    threatIntelWhitelist FirewallPolicyThreatIntelWhitelist
    ThreatIntel Whitelist for Firewall Policy.
    firewall_policy_name str
    The name of the Firewall Policy.
    resource_group_name str
    The name of the resource group.
    base_policy SubResourceArgs
    The parent firewall policy from which rules are inherited.
    dns_settings DnsSettingsArgs
    DNS Proxy Settings definition.
    explicit_proxy ExplicitProxyArgs
    Explicit Proxy Settings definition.
    id str
    Resource ID.
    insights FirewallPolicyInsightsArgs
    Insights on Firewall Policy.
    intrusion_detection FirewallPolicyIntrusionDetectionArgs
    The configuration for Intrusion detection.
    location str
    Resource location.
    snat FirewallPolicySNATArgs
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    sql FirewallPolicySQLArgs
    SQL Settings definition.
    tags Mapping[str, str]
    Resource tags.
    threat_intel_mode str | AzureFirewallThreatIntelMode
    The operation mode for Threat Intelligence.
    threat_intel_whitelist FirewallPolicyThreatIntelWhitelistArgs
    ThreatIntel Whitelist for Firewall Policy.
    firewallPolicyName String
    The name of the Firewall Policy.
    resourceGroupName String
    The name of the resource group.
    basePolicy Property Map
    The parent firewall policy from which rules are inherited.
    dnsSettings Property Map
    DNS Proxy Settings definition.
    explicitProxy Property Map
    Explicit Proxy Settings definition.
    id String
    Resource ID.
    insights Property Map
    Insights on Firewall Policy.
    intrusionDetection Property Map
    The configuration for Intrusion detection.
    location String
    Resource location.
    snat Property Map
    The private IP addresses/IP ranges to which traffic will not be SNAT.
    sql Property Map
    SQL Settings definition.
    tags Map<String>
    Resource tags.
    threatIntelMode String | "Alert" | "Deny" | "Off"
    The operation mode for Threat Intelligence.
    threatIntelWhitelist Property Map
    ThreatIntel Whitelist for Firewall Policy.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the FirewallPolicyDraft resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name.
    Type string
    Resource type.
    Id string
    The provider-assigned unique ID for this managed resource.
    Name string
    Resource name.
    Type string
    Resource type.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name.
    type String
    Resource type.
    id string
    The provider-assigned unique ID for this managed resource.
    name string
    Resource name.
    type string
    Resource type.
    id str
    The provider-assigned unique ID for this managed resource.
    name str
    Resource name.
    type str
    Resource type.
    id String
    The provider-assigned unique ID for this managed resource.
    name String
    Resource name.
    type String
    Resource type.

    Supporting Types

    AutoLearnPrivateRangesMode, AutoLearnPrivateRangesModeArgs

    Enabled
    Enabled
    Disabled
    Disabled
    AutoLearnPrivateRangesModeEnabled
    Enabled
    AutoLearnPrivateRangesModeDisabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    Enabled
    Enabled
    Disabled
    Disabled
    ENABLED
    Enabled
    DISABLED
    Disabled
    "Enabled"
    Enabled
    "Disabled"
    Disabled

    AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs

    Alert
    Alert
    Deny
    Deny
    Off
    Off
    AzureFirewallThreatIntelModeAlert
    Alert
    AzureFirewallThreatIntelModeDeny
    Deny
    AzureFirewallThreatIntelModeOff
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    ALERT
    Alert
    DENY
    Deny
    OFF
    Off
    "Alert"
    Alert
    "Deny"
    Deny
    "Off"
    Off

    DnsSettings, DnsSettingsArgs

    EnableProxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    RequireProxyForNetworkRules bool
    FQDNs in Network Rules are supported when set to true.
    Servers List<string>
    List of Custom DNS Servers.
    EnableProxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    RequireProxyForNetworkRules bool
    FQDNs in Network Rules are supported when set to true.
    Servers []string
    List of Custom DNS Servers.
    enableProxy Boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules Boolean
    FQDNs in Network Rules are supported when set to true.
    servers List<String>
    List of Custom DNS Servers.
    enableProxy boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules boolean
    FQDNs in Network Rules are supported when set to true.
    servers string[]
    List of Custom DNS Servers.
    enable_proxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    require_proxy_for_network_rules bool
    FQDNs in Network Rules are supported when set to true.
    servers Sequence[str]
    List of Custom DNS Servers.
    enableProxy Boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules Boolean
    FQDNs in Network Rules are supported when set to true.
    servers List<String>
    List of Custom DNS Servers.

    DnsSettingsResponse, DnsSettingsResponseArgs

    EnableProxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    RequireProxyForNetworkRules bool
    FQDNs in Network Rules are supported when set to true.
    Servers List<string>
    List of Custom DNS Servers.
    EnableProxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    RequireProxyForNetworkRules bool
    FQDNs in Network Rules are supported when set to true.
    Servers []string
    List of Custom DNS Servers.
    enableProxy Boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules Boolean
    FQDNs in Network Rules are supported when set to true.
    servers List<String>
    List of Custom DNS Servers.
    enableProxy boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules boolean
    FQDNs in Network Rules are supported when set to true.
    servers string[]
    List of Custom DNS Servers.
    enable_proxy bool
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    require_proxy_for_network_rules bool
    FQDNs in Network Rules are supported when set to true.
    servers Sequence[str]
    List of Custom DNS Servers.
    enableProxy Boolean
    Enable DNS Proxy on Firewalls attached to the Firewall Policy.
    requireProxyForNetworkRules Boolean
    FQDNs in Network Rules are supported when set to true.
    servers List<String>
    List of Custom DNS Servers.

    ExplicitProxy, ExplicitProxyArgs

    EnableExplicitProxy bool
    When set to true, explicit proxy mode is enabled.
    EnablePacFile bool
    When set to true, pac file port and url needs to be provided.
    HttpPort int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    HttpsPort int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    PacFile string
    SAS URL for PAC file.
    PacFilePort int
    Port number for firewall to serve PAC file.
    EnableExplicitProxy bool
    When set to true, explicit proxy mode is enabled.
    EnablePacFile bool
    When set to true, pac file port and url needs to be provided.
    HttpPort int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    HttpsPort int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    PacFile string
    SAS URL for PAC file.
    PacFilePort int
    Port number for firewall to serve PAC file.
    enableExplicitProxy Boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile Boolean
    When set to true, pac file port and url needs to be provided.
    httpPort Integer
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort Integer
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile String
    SAS URL for PAC file.
    pacFilePort Integer
    Port number for firewall to serve PAC file.
    enableExplicitProxy boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile boolean
    When set to true, pac file port and url needs to be provided.
    httpPort number
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort number
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile string
    SAS URL for PAC file.
    pacFilePort number
    Port number for firewall to serve PAC file.
    enable_explicit_proxy bool
    When set to true, explicit proxy mode is enabled.
    enable_pac_file bool
    When set to true, pac file port and url needs to be provided.
    http_port int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    https_port int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pac_file str
    SAS URL for PAC file.
    pac_file_port int
    Port number for firewall to serve PAC file.
    enableExplicitProxy Boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile Boolean
    When set to true, pac file port and url needs to be provided.
    httpPort Number
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort Number
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile String
    SAS URL for PAC file.
    pacFilePort Number
    Port number for firewall to serve PAC file.

    ExplicitProxyResponse, ExplicitProxyResponseArgs

    EnableExplicitProxy bool
    When set to true, explicit proxy mode is enabled.
    EnablePacFile bool
    When set to true, pac file port and url needs to be provided.
    HttpPort int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    HttpsPort int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    PacFile string
    SAS URL for PAC file.
    PacFilePort int
    Port number for firewall to serve PAC file.
    EnableExplicitProxy bool
    When set to true, explicit proxy mode is enabled.
    EnablePacFile bool
    When set to true, pac file port and url needs to be provided.
    HttpPort int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    HttpsPort int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    PacFile string
    SAS URL for PAC file.
    PacFilePort int
    Port number for firewall to serve PAC file.
    enableExplicitProxy Boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile Boolean
    When set to true, pac file port and url needs to be provided.
    httpPort Integer
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort Integer
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile String
    SAS URL for PAC file.
    pacFilePort Integer
    Port number for firewall to serve PAC file.
    enableExplicitProxy boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile boolean
    When set to true, pac file port and url needs to be provided.
    httpPort number
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort number
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile string
    SAS URL for PAC file.
    pacFilePort number
    Port number for firewall to serve PAC file.
    enable_explicit_proxy bool
    When set to true, explicit proxy mode is enabled.
    enable_pac_file bool
    When set to true, pac file port and url needs to be provided.
    http_port int
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    https_port int
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pac_file str
    SAS URL for PAC file.
    pac_file_port int
    Port number for firewall to serve PAC file.
    enableExplicitProxy Boolean
    When set to true, explicit proxy mode is enabled.
    enablePacFile Boolean
    When set to true, pac file port and url needs to be provided.
    httpPort Number
    Port number for explicit proxy http protocol, cannot be greater than 64000.
    httpsPort Number
    Port number for explicit proxy https protocol, cannot be greater than 64000.
    pacFile String
    SAS URL for PAC file.
    pacFilePort Number
    Port number for firewall to serve PAC file.

    FirewallPolicyInsights, FirewallPolicyInsightsArgs

    IsEnabled bool
    A flag to indicate if the insights are enabled on the policy.
    LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResources
    Workspaces needed to configure the Firewall Policy Insights.
    RetentionDays int
    Number of days the insights should be enabled on the policy.
    IsEnabled bool
    A flag to indicate if the insights are enabled on the policy.
    LogAnalyticsResources FirewallPolicyLogAnalyticsResources
    Workspaces needed to configure the Firewall Policy Insights.
    RetentionDays int
    Number of days the insights should be enabled on the policy.
    isEnabled Boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources FirewallPolicyLogAnalyticsResources
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays Integer
    Number of days the insights should be enabled on the policy.
    isEnabled boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources FirewallPolicyLogAnalyticsResources
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays number
    Number of days the insights should be enabled on the policy.
    is_enabled bool
    A flag to indicate if the insights are enabled on the policy.
    log_analytics_resources FirewallPolicyLogAnalyticsResources
    Workspaces needed to configure the Firewall Policy Insights.
    retention_days int
    Number of days the insights should be enabled on the policy.
    isEnabled Boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources Property Map
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays Number
    Number of days the insights should be enabled on the policy.

    FirewallPolicyInsightsResponse, FirewallPolicyInsightsResponseArgs

    IsEnabled bool
    A flag to indicate if the insights are enabled on the policy.
    LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesResponse
    Workspaces needed to configure the Firewall Policy Insights.
    RetentionDays int
    Number of days the insights should be enabled on the policy.
    IsEnabled bool
    A flag to indicate if the insights are enabled on the policy.
    LogAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse
    Workspaces needed to configure the Firewall Policy Insights.
    RetentionDays int
    Number of days the insights should be enabled on the policy.
    isEnabled Boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays Integer
    Number of days the insights should be enabled on the policy.
    isEnabled boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays number
    Number of days the insights should be enabled on the policy.
    is_enabled bool
    A flag to indicate if the insights are enabled on the policy.
    log_analytics_resources FirewallPolicyLogAnalyticsResourcesResponse
    Workspaces needed to configure the Firewall Policy Insights.
    retention_days int
    Number of days the insights should be enabled on the policy.
    isEnabled Boolean
    A flag to indicate if the insights are enabled on the policy.
    logAnalyticsResources Property Map
    Workspaces needed to configure the Firewall Policy Insights.
    retentionDays Number
    Number of days the insights should be enabled on the policy.

    FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

    Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfiguration
    Intrusion detection configuration properties.
    Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    Profile string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProfileType
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    Configuration FirewallPolicyIntrusionDetectionConfiguration
    Intrusion detection configuration properties.
    Mode string | FirewallPolicyIntrusionDetectionStateType
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    Profile string | FirewallPolicyIntrusionDetectionProfileType
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfiguration
    Intrusion detection configuration properties.
    mode String | FirewallPolicyIntrusionDetectionStateType
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile String | FirewallPolicyIntrusionDetectionProfileType
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfiguration
    Intrusion detection configuration properties.
    mode string | FirewallPolicyIntrusionDetectionStateType
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile string | FirewallPolicyIntrusionDetectionProfileType
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfiguration
    Intrusion detection configuration properties.
    mode str | FirewallPolicyIntrusionDetectionStateType
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile str | FirewallPolicyIntrusionDetectionProfileType
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration Property Map
    Intrusion detection configuration properties.
    mode String | "Off" | "Alert" | "Deny"
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile String | "Basic" | "Standard" | "Advanced" | "Extended"
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

    FirewallPolicyIntrusionDetectionBypassTrafficSpecifications, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs

    Description string
    Description of the bypass traffic rule.
    DestinationAddresses List<string>
    List of destination IP addresses or ranges for this rule.
    DestinationIpGroups List<string>
    List of destination IpGroups for this rule.
    DestinationPorts List<string>
    List of destination ports or ranges.
    Name string
    Name of the bypass traffic rule.
    Protocol string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol
    The rule bypass protocol.
    SourceAddresses List<string>
    List of source IP addresses or ranges for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    Description string
    Description of the bypass traffic rule.
    DestinationAddresses []string
    List of destination IP addresses or ranges for this rule.
    DestinationIpGroups []string
    List of destination IpGroups for this rule.
    DestinationPorts []string
    List of destination ports or ranges.
    Name string
    Name of the bypass traffic rule.
    Protocol string | FirewallPolicyIntrusionDetectionProtocol
    The rule bypass protocol.
    SourceAddresses []string
    List of source IP addresses or ranges for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    description String
    Description of the bypass traffic rule.
    destinationAddresses List<String>
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports or ranges.
    name String
    Name of the bypass traffic rule.
    protocol String | FirewallPolicyIntrusionDetectionProtocol
    The rule bypass protocol.
    sourceAddresses List<String>
    List of source IP addresses or ranges for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    description string
    Description of the bypass traffic rule.
    destinationAddresses string[]
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups string[]
    List of destination IpGroups for this rule.
    destinationPorts string[]
    List of destination ports or ranges.
    name string
    Name of the bypass traffic rule.
    protocol string | FirewallPolicyIntrusionDetectionProtocol
    The rule bypass protocol.
    sourceAddresses string[]
    List of source IP addresses or ranges for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    description str
    Description of the bypass traffic rule.
    destination_addresses Sequence[str]
    List of destination IP addresses or ranges for this rule.
    destination_ip_groups Sequence[str]
    List of destination IpGroups for this rule.
    destination_ports Sequence[str]
    List of destination ports or ranges.
    name str
    Name of the bypass traffic rule.
    protocol str | FirewallPolicyIntrusionDetectionProtocol
    The rule bypass protocol.
    source_addresses Sequence[str]
    List of source IP addresses or ranges for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    description String
    Description of the bypass traffic rule.
    destinationAddresses List<String>
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports or ranges.
    name String
    Name of the bypass traffic rule.
    protocol String | "TCP" | "UDP" | "ICMP" | "ANY"
    The rule bypass protocol.
    sourceAddresses List<String>
    List of source IP addresses or ranges for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.

    FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs

    Description string
    Description of the bypass traffic rule.
    DestinationAddresses List<string>
    List of destination IP addresses or ranges for this rule.
    DestinationIpGroups List<string>
    List of destination IpGroups for this rule.
    DestinationPorts List<string>
    List of destination ports or ranges.
    Name string
    Name of the bypass traffic rule.
    Protocol string
    The rule bypass protocol.
    SourceAddresses List<string>
    List of source IP addresses or ranges for this rule.
    SourceIpGroups List<string>
    List of source IpGroups for this rule.
    Description string
    Description of the bypass traffic rule.
    DestinationAddresses []string
    List of destination IP addresses or ranges for this rule.
    DestinationIpGroups []string
    List of destination IpGroups for this rule.
    DestinationPorts []string
    List of destination ports or ranges.
    Name string
    Name of the bypass traffic rule.
    Protocol string
    The rule bypass protocol.
    SourceAddresses []string
    List of source IP addresses or ranges for this rule.
    SourceIpGroups []string
    List of source IpGroups for this rule.
    description String
    Description of the bypass traffic rule.
    destinationAddresses List<String>
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports or ranges.
    name String
    Name of the bypass traffic rule.
    protocol String
    The rule bypass protocol.
    sourceAddresses List<String>
    List of source IP addresses or ranges for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.
    description string
    Description of the bypass traffic rule.
    destinationAddresses string[]
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups string[]
    List of destination IpGroups for this rule.
    destinationPorts string[]
    List of destination ports or ranges.
    name string
    Name of the bypass traffic rule.
    protocol string
    The rule bypass protocol.
    sourceAddresses string[]
    List of source IP addresses or ranges for this rule.
    sourceIpGroups string[]
    List of source IpGroups for this rule.
    description str
    Description of the bypass traffic rule.
    destination_addresses Sequence[str]
    List of destination IP addresses or ranges for this rule.
    destination_ip_groups Sequence[str]
    List of destination IpGroups for this rule.
    destination_ports Sequence[str]
    List of destination ports or ranges.
    name str
    Name of the bypass traffic rule.
    protocol str
    The rule bypass protocol.
    source_addresses Sequence[str]
    List of source IP addresses or ranges for this rule.
    source_ip_groups Sequence[str]
    List of source IpGroups for this rule.
    description String
    Description of the bypass traffic rule.
    destinationAddresses List<String>
    List of destination IP addresses or ranges for this rule.
    destinationIpGroups List<String>
    List of destination IpGroups for this rule.
    destinationPorts List<String>
    List of destination ports or ranges.
    name String
    Name of the bypass traffic rule.
    protocol String
    The rule bypass protocol.
    sourceAddresses List<String>
    List of source IP addresses or ranges for this rule.
    sourceIpGroups List<String>
    List of source IpGroups for this rule.

    FirewallPolicyIntrusionDetectionConfiguration, FirewallPolicyIntrusionDetectionConfigurationArgs

    BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>
    List of rules for traffic to bypass.
    PrivateRanges List<string>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecification>
    List of specific signatures states.
    BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecifications
    List of rules for traffic to bypass.
    PrivateRanges []string
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecification
    List of specific signatures states.
    bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>
    List of rules for traffic to bypass.
    privateRanges List<String>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecification>
    List of specific signatures states.
    bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]
    List of rules for traffic to bypass.
    privateRanges string[]
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecification[]
    List of specific signatures states.
    bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecifications]
    List of rules for traffic to bypass.
    private_ranges Sequence[str]
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecification]
    List of specific signatures states.
    bypassTrafficSettings List<Property Map>
    List of rules for traffic to bypass.
    privateRanges List<String>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides List<Property Map>
    List of specific signatures states.

    FirewallPolicyIntrusionDetectionConfigurationResponse, FirewallPolicyIntrusionDetectionConfigurationResponseArgs

    BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>
    List of rules for traffic to bypass.
    PrivateRanges List<string>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>
    List of specific signatures states.
    BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse
    List of rules for traffic to bypass.
    PrivateRanges []string
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecificationResponse
    List of specific signatures states.
    bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>
    List of rules for traffic to bypass.
    privateRanges List<String>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>
    List of specific signatures states.
    bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse[]
    List of rules for traffic to bypass.
    privateRanges string[]
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecificationResponse[]
    List of specific signatures states.
    bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse]
    List of rules for traffic to bypass.
    private_ranges Sequence[str]
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecificationResponse]
    List of specific signatures states.
    bypassTrafficSettings List<Property Map>
    List of rules for traffic to bypass.
    privateRanges List<String>
    IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
    signatureOverrides List<Property Map>
    List of specific signatures states.

    FirewallPolicyIntrusionDetectionProfileType, FirewallPolicyIntrusionDetectionProfileTypeArgs

    Basic
    Basic
    Standard
    Standard
    Advanced
    Advanced
    Extended
    Extended
    FirewallPolicyIntrusionDetectionProfileTypeBasic
    Basic
    FirewallPolicyIntrusionDetectionProfileTypeStandard
    Standard
    FirewallPolicyIntrusionDetectionProfileTypeAdvanced
    Advanced
    FirewallPolicyIntrusionDetectionProfileTypeExtended
    Extended
    Basic
    Basic
    Standard
    Standard
    Advanced
    Advanced
    Extended
    Extended
    Basic
    Basic
    Standard
    Standard
    Advanced
    Advanced
    Extended
    Extended
    BASIC
    Basic
    STANDARD
    Standard
    ADVANCED
    Advanced
    EXTENDED
    Extended
    "Basic"
    Basic
    "Standard"
    Standard
    "Advanced"
    Advanced
    "Extended"
    Extended

    FirewallPolicyIntrusionDetectionProtocol, FirewallPolicyIntrusionDetectionProtocolArgs

    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    FirewallPolicyIntrusionDetectionProtocolTCP
    TCP
    FirewallPolicyIntrusionDetectionProtocolUDP
    UDP
    FirewallPolicyIntrusionDetectionProtocolICMP
    ICMP
    FirewallPolicyIntrusionDetectionProtocolANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    TCP
    TCP
    UDP
    UDP
    ICMP
    ICMP
    ANY
    ANY
    "TCP"
    TCP
    "UDP"
    UDP
    "ICMP"
    ICMP
    "ANY"
    ANY

    FirewallPolicyIntrusionDetectionResponse, FirewallPolicyIntrusionDetectionResponseArgs

    Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationResponse
    Intrusion detection configuration properties.
    Mode string
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    Profile string
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    Configuration FirewallPolicyIntrusionDetectionConfigurationResponse
    Intrusion detection configuration properties.
    Mode string
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    Profile string
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfigurationResponse
    Intrusion detection configuration properties.
    mode String
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile String
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfigurationResponse
    Intrusion detection configuration properties.
    mode string
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile string
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration FirewallPolicyIntrusionDetectionConfigurationResponse
    Intrusion detection configuration properties.
    mode str
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile str
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
    configuration Property Map
    Intrusion detection configuration properties.
    mode String
    Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
    profile String
    IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

    FirewallPolicyIntrusionDetectionSignatureSpecification, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs

    Id string
    Signature id.
    Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType
    The signature state.
    Id string
    Signature id.
    Mode string | FirewallPolicyIntrusionDetectionStateType
    The signature state.
    id String
    Signature id.
    mode String | FirewallPolicyIntrusionDetectionStateType
    The signature state.
    id string
    Signature id.
    mode string | FirewallPolicyIntrusionDetectionStateType
    The signature state.
    id str
    Signature id.
    mode str | FirewallPolicyIntrusionDetectionStateType
    The signature state.
    id String
    Signature id.
    mode String | "Off" | "Alert" | "Deny"
    The signature state.

    FirewallPolicyIntrusionDetectionSignatureSpecificationResponse, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs

    Id string
    Signature id.
    Mode string
    The signature state.
    Id string
    Signature id.
    Mode string
    The signature state.
    id String
    Signature id.
    mode String
    The signature state.
    id string
    Signature id.
    mode string
    The signature state.
    id str
    Signature id.
    mode str
    The signature state.
    id String
    Signature id.
    mode String
    The signature state.

    FirewallPolicyIntrusionDetectionStateType, FirewallPolicyIntrusionDetectionStateTypeArgs

    Off
    Off
    Alert
    Alert
    Deny
    Deny
    FirewallPolicyIntrusionDetectionStateTypeOff
    Off
    FirewallPolicyIntrusionDetectionStateTypeAlert
    Alert
    FirewallPolicyIntrusionDetectionStateTypeDeny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    Off
    Off
    Alert
    Alert
    Deny
    Deny
    OFF
    Off
    ALERT
    Alert
    DENY
    Deny
    "Off"
    Off
    "Alert"
    Alert
    "Deny"
    Deny

    FirewallPolicyLogAnalyticsResources, FirewallPolicyLogAnalyticsResourcesArgs

    DefaultWorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource
    The default workspace Id for Firewall Policy Insights.
    Workspaces List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspace>
    List of workspaces for Firewall Policy Insights.
    DefaultWorkspaceId SubResource
    The default workspace Id for Firewall Policy Insights.
    Workspaces []FirewallPolicyLogAnalyticsWorkspace
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId SubResource
    The default workspace Id for Firewall Policy Insights.
    workspaces List<FirewallPolicyLogAnalyticsWorkspace>
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId SubResource
    The default workspace Id for Firewall Policy Insights.
    workspaces FirewallPolicyLogAnalyticsWorkspace[]
    List of workspaces for Firewall Policy Insights.
    default_workspace_id SubResource
    The default workspace Id for Firewall Policy Insights.
    workspaces Sequence[FirewallPolicyLogAnalyticsWorkspace]
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId Property Map
    The default workspace Id for Firewall Policy Insights.
    workspaces List<Property Map>
    List of workspaces for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsResourcesResponse, FirewallPolicyLogAnalyticsResourcesResponseArgs

    DefaultWorkspaceId SubResourceResponse
    The default workspace Id for Firewall Policy Insights.
    Workspaces []FirewallPolicyLogAnalyticsWorkspaceResponse
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId SubResourceResponse
    The default workspace Id for Firewall Policy Insights.
    workspaces List<FirewallPolicyLogAnalyticsWorkspaceResponse>
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId SubResourceResponse
    The default workspace Id for Firewall Policy Insights.
    workspaces FirewallPolicyLogAnalyticsWorkspaceResponse[]
    List of workspaces for Firewall Policy Insights.
    default_workspace_id SubResourceResponse
    The default workspace Id for Firewall Policy Insights.
    workspaces Sequence[FirewallPolicyLogAnalyticsWorkspaceResponse]
    List of workspaces for Firewall Policy Insights.
    defaultWorkspaceId Property Map
    The default workspace Id for Firewall Policy Insights.
    workspaces List<Property Map>
    List of workspaces for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsWorkspace, FirewallPolicyLogAnalyticsWorkspaceArgs

    Region string
    Region to configure the Workspace.
    WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource
    The workspace Id for Firewall Policy Insights.
    Region string
    Region to configure the Workspace.
    WorkspaceId SubResource
    The workspace Id for Firewall Policy Insights.
    region String
    Region to configure the Workspace.
    workspaceId SubResource
    The workspace Id for Firewall Policy Insights.
    region string
    Region to configure the Workspace.
    workspaceId SubResource
    The workspace Id for Firewall Policy Insights.
    region str
    Region to configure the Workspace.
    workspace_id SubResource
    The workspace Id for Firewall Policy Insights.
    region String
    Region to configure the Workspace.
    workspaceId Property Map
    The workspace Id for Firewall Policy Insights.

    FirewallPolicyLogAnalyticsWorkspaceResponse, FirewallPolicyLogAnalyticsWorkspaceResponseArgs

    Region string
    Region to configure the Workspace.
    WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResourceResponse
    The workspace Id for Firewall Policy Insights.
    Region string
    Region to configure the Workspace.
    WorkspaceId SubResourceResponse
    The workspace Id for Firewall Policy Insights.
    region String
    Region to configure the Workspace.
    workspaceId SubResourceResponse
    The workspace Id for Firewall Policy Insights.
    region string
    Region to configure the Workspace.
    workspaceId SubResourceResponse
    The workspace Id for Firewall Policy Insights.
    region str
    Region to configure the Workspace.
    workspace_id SubResourceResponse
    The workspace Id for Firewall Policy Insights.
    region String
    Region to configure the Workspace.
    workspaceId Property Map
    The workspace Id for Firewall Policy Insights.

    FirewallPolicySNAT, FirewallPolicySNATArgs

    AutoLearnPrivateRanges string | Pulumi.AzureNative.Network.AutoLearnPrivateRangesMode
    The operation mode for automatically learning private ranges to not be SNAT
    PrivateRanges List<string>
    List of private IP addresses/IP address ranges to not be SNAT.
    AutoLearnPrivateRanges string | AutoLearnPrivateRangesMode
    The operation mode for automatically learning private ranges to not be SNAT
    PrivateRanges []string
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges String | AutoLearnPrivateRangesMode
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges List<String>
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges string | AutoLearnPrivateRangesMode
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges string[]
    List of private IP addresses/IP address ranges to not be SNAT.
    auto_learn_private_ranges str | AutoLearnPrivateRangesMode
    The operation mode for automatically learning private ranges to not be SNAT
    private_ranges Sequence[str]
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges String | "Enabled" | "Disabled"
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges List<String>
    List of private IP addresses/IP address ranges to not be SNAT.

    FirewallPolicySNATResponse, FirewallPolicySNATResponseArgs

    AutoLearnPrivateRanges string
    The operation mode for automatically learning private ranges to not be SNAT
    PrivateRanges List<string>
    List of private IP addresses/IP address ranges to not be SNAT.
    AutoLearnPrivateRanges string
    The operation mode for automatically learning private ranges to not be SNAT
    PrivateRanges []string
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges String
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges List<String>
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges string
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges string[]
    List of private IP addresses/IP address ranges to not be SNAT.
    auto_learn_private_ranges str
    The operation mode for automatically learning private ranges to not be SNAT
    private_ranges Sequence[str]
    List of private IP addresses/IP address ranges to not be SNAT.
    autoLearnPrivateRanges String
    The operation mode for automatically learning private ranges to not be SNAT
    privateRanges List<String>
    List of private IP addresses/IP address ranges to not be SNAT.

    FirewallPolicySQL, FirewallPolicySQLArgs

    AllowSqlRedirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    AllowSqlRedirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect Boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allow_sql_redirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect Boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    FirewallPolicySQLResponse, FirewallPolicySQLResponseArgs

    AllowSqlRedirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    AllowSqlRedirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect Boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allow_sql_redirect bool
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
    allowSqlRedirect Boolean
    A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

    FirewallPolicyThreatIntelWhitelist, FirewallPolicyThreatIntelWhitelistArgs

    Fqdns List<string>
    List of FQDNs for the ThreatIntel Whitelist.
    IpAddresses List<string>
    List of IP addresses for the ThreatIntel Whitelist.
    Fqdns []string
    List of FQDNs for the ThreatIntel Whitelist.
    IpAddresses []string
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns List<String>
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses List<String>
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns string[]
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses string[]
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns Sequence[str]
    List of FQDNs for the ThreatIntel Whitelist.
    ip_addresses Sequence[str]
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns List<String>
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses List<String>
    List of IP addresses for the ThreatIntel Whitelist.

    FirewallPolicyThreatIntelWhitelistResponse, FirewallPolicyThreatIntelWhitelistResponseArgs

    Fqdns List<string>
    List of FQDNs for the ThreatIntel Whitelist.
    IpAddresses List<string>
    List of IP addresses for the ThreatIntel Whitelist.
    Fqdns []string
    List of FQDNs for the ThreatIntel Whitelist.
    IpAddresses []string
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns List<String>
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses List<String>
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns string[]
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses string[]
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns Sequence[str]
    List of FQDNs for the ThreatIntel Whitelist.
    ip_addresses Sequence[str]
    List of IP addresses for the ThreatIntel Whitelist.
    fqdns List<String>
    List of FQDNs for the ThreatIntel Whitelist.
    ipAddresses List<String>
    List of IP addresses for the ThreatIntel Whitelist.

    SubResource, SubResourceArgs

    Id string
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
    Id string
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
    id String
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
    id string
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
    id str
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
    id String
    Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

    SubResourceResponse, SubResourceResponseArgs

    Id string
    Resource ID.
    Id string
    Resource ID.
    id String
    Resource ID.
    id string
    Resource ID.
    id str
    Resource ID.
    id String
    Resource ID.

    Import

    An existing resource can be imported using its type token, name, and identifier, e.g.

    $ pulumi import azure-native:network:FirewallPolicyDraft firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default 
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
    Azure Native v2.73.0 published on Wednesday, Nov 20, 2024 by Pulumi