We recommend using Azure Native.
azure.network.FirewallPolicy
Explore with Pulumi AI
Manages a Firewall Policy.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const example = new azure.core.ResourceGroup("example", {
name: "example-resources",
location: "West Europe",
});
const exampleFirewallPolicy = new azure.network.FirewallPolicy("example", {
name: "example-policy",
resourceGroupName: example.name,
location: example.location,
});
import pulumi
import pulumi_azure as azure
example = azure.core.ResourceGroup("example",
name="example-resources",
location="West Europe")
example_firewall_policy = azure.network.FirewallPolicy("example",
name="example-policy",
resource_group_name=example.name,
location=example.location)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v6/go/azure/network"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := core.NewResourceGroup(ctx, "example", &core.ResourceGroupArgs{
Name: pulumi.String("example-resources"),
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
_, err = network.NewFirewallPolicy(ctx, "example", &network.FirewallPolicyArgs{
Name: pulumi.String("example-policy"),
ResourceGroupName: example.Name,
Location: example.Location,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var example = new Azure.Core.ResourceGroup("example", new()
{
Name = "example-resources",
Location = "West Europe",
});
var exampleFirewallPolicy = new Azure.Network.FirewallPolicy("example", new()
{
Name = "example-policy",
ResourceGroupName = example.Name,
Location = example.Location,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.network.FirewallPolicy;
import com.pulumi.azure.network.FirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ResourceGroup("example", ResourceGroupArgs.builder()
.name("example-resources")
.location("West Europe")
.build());
var exampleFirewallPolicy = new FirewallPolicy("exampleFirewallPolicy", FirewallPolicyArgs.builder()
.name("example-policy")
.resourceGroupName(example.name())
.location(example.location())
.build());
}
}
resources:
example:
type: azure:core:ResourceGroup
properties:
name: example-resources
location: West Europe
exampleFirewallPolicy:
type: azure:network:FirewallPolicy
name: example
properties:
name: example-policy
resourceGroupName: ${example.name}
location: ${example.location}
Create FirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);
@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
name: Optional[str] = None,
location: Optional[str] = None,
explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
identity: Optional[FirewallPolicyIdentityArgs] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
dns: Optional[FirewallPolicyDnsArgs] = None,
auto_learn_private_ranges_enabled: Optional[bool] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
base_policy_id: Optional[str] = None,
sku: Optional[str] = None,
sql_redirect_allowed: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
threat_intelligence_mode: Optional[str] = None,
tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None)
func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)
public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure:network:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azureFirewallPolicyResource = new Azure.Network.FirewallPolicy("azureFirewallPolicyResource", new()
{
ResourceGroupName = "string",
Name = "string",
Location = "string",
ExplicitProxy = new Azure.Network.Inputs.FirewallPolicyExplicitProxyArgs
{
EnablePacFile = false,
Enabled = false,
HttpPort = 0,
HttpsPort = 0,
PacFile = "string",
PacFilePort = 0,
},
Identity = new Azure.Network.Inputs.FirewallPolicyIdentityArgs
{
Type = "string",
IdentityIds = new[]
{
"string",
},
PrincipalId = "string",
TenantId = "string",
},
PrivateIpRanges = new[]
{
"string",
},
IntrusionDetection = new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Mode = "string",
PrivateRanges = new[]
{
"string",
},
SignatureOverrides = new[]
{
new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureOverrideArgs
{
Id = "string",
State = "string",
},
},
TrafficBypasses = new[]
{
new Azure.Network.Inputs.FirewallPolicyIntrusionDetectionTrafficBypassArgs
{
Name = "string",
Protocol = "string",
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationIpGroups = new[]
{
"string",
},
DestinationPorts = new[]
{
"string",
},
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
},
},
},
Dns = new Azure.Network.Inputs.FirewallPolicyDnsArgs
{
ProxyEnabled = false,
Servers = new[]
{
"string",
},
},
AutoLearnPrivateRangesEnabled = false,
Insights = new Azure.Network.Inputs.FirewallPolicyInsightsArgs
{
DefaultLogAnalyticsWorkspaceId = "string",
Enabled = false,
LogAnalyticsWorkspaces = new[]
{
new Azure.Network.Inputs.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs
{
FirewallLocation = "string",
Id = "string",
},
},
RetentionInDays = 0,
},
BasePolicyId = "string",
Sku = "string",
SqlRedirectAllowed = false,
Tags =
{
{ "string", "string" },
},
ThreatIntelligenceAllowlist = new Azure.Network.Inputs.FirewallPolicyThreatIntelligenceAllowlistArgs
{
Fqdns = new[]
{
"string",
},
IpAddresses = new[]
{
"string",
},
},
ThreatIntelligenceMode = "string",
TlsCertificate = new Azure.Network.Inputs.FirewallPolicyTlsCertificateArgs
{
KeyVaultSecretId = "string",
Name = "string",
},
});
example, err := network.NewFirewallPolicy(ctx, "azureFirewallPolicyResource", &network.FirewallPolicyArgs{
ResourceGroupName: pulumi.String("string"),
Name: pulumi.String("string"),
Location: pulumi.String("string"),
ExplicitProxy: &network.FirewallPolicyExplicitProxyArgs{
EnablePacFile: pulumi.Bool(false),
Enabled: pulumi.Bool(false),
HttpPort: pulumi.Int(0),
HttpsPort: pulumi.Int(0),
PacFile: pulumi.String("string"),
PacFilePort: pulumi.Int(0),
},
Identity: &network.FirewallPolicyIdentityArgs{
Type: pulumi.String("string"),
IdentityIds: pulumi.StringArray{
pulumi.String("string"),
},
PrincipalId: pulumi.String("string"),
TenantId: pulumi.String("string"),
},
PrivateIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
Mode: pulumi.String("string"),
PrivateRanges: pulumi.StringArray{
pulumi.String("string"),
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureOverrideArray{
&network.FirewallPolicyIntrusionDetectionSignatureOverrideArgs{
Id: pulumi.String("string"),
State: pulumi.String("string"),
},
},
TrafficBypasses: network.FirewallPolicyIntrusionDetectionTrafficBypassArray{
&network.FirewallPolicyIntrusionDetectionTrafficBypassArgs{
Name: pulumi.String("string"),
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
},
},
},
Dns: &network.FirewallPolicyDnsArgs{
ProxyEnabled: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("string"),
},
},
AutoLearnPrivateRangesEnabled: pulumi.Bool(false),
Insights: &network.FirewallPolicyInsightsArgs{
DefaultLogAnalyticsWorkspaceId: pulumi.String("string"),
Enabled: pulumi.Bool(false),
LogAnalyticsWorkspaces: network.FirewallPolicyInsightsLogAnalyticsWorkspaceArray{
&network.FirewallPolicyInsightsLogAnalyticsWorkspaceArgs{
FirewallLocation: pulumi.String("string"),
Id: pulumi.String("string"),
},
},
RetentionInDays: pulumi.Int(0),
},
BasePolicyId: pulumi.String("string"),
Sku: pulumi.String("string"),
SqlRedirectAllowed: pulumi.Bool(false),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ThreatIntelligenceAllowlist: &network.FirewallPolicyThreatIntelligenceAllowlistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
},
ThreatIntelligenceMode: pulumi.String("string"),
TlsCertificate: &network.FirewallPolicyTlsCertificateArgs{
KeyVaultSecretId: pulumi.String("string"),
Name: pulumi.String("string"),
},
})
var azureFirewallPolicyResource = new FirewallPolicy("azureFirewallPolicyResource", FirewallPolicyArgs.builder()
.resourceGroupName("string")
.name("string")
.location("string")
.explicitProxy(FirewallPolicyExplicitProxyArgs.builder()
.enablePacFile(false)
.enabled(false)
.httpPort(0)
.httpsPort(0)
.pacFile("string")
.pacFilePort(0)
.build())
.identity(FirewallPolicyIdentityArgs.builder()
.type("string")
.identityIds("string")
.principalId("string")
.tenantId("string")
.build())
.privateIpRanges("string")
.intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
.mode("string")
.privateRanges("string")
.signatureOverrides(FirewallPolicyIntrusionDetectionSignatureOverrideArgs.builder()
.id("string")
.state("string")
.build())
.trafficBypasses(FirewallPolicyIntrusionDetectionTrafficBypassArgs.builder()
.name("string")
.protocol("string")
.description("string")
.destinationAddresses("string")
.destinationIpGroups("string")
.destinationPorts("string")
.sourceAddresses("string")
.sourceIpGroups("string")
.build())
.build())
.dns(FirewallPolicyDnsArgs.builder()
.proxyEnabled(false)
.servers("string")
.build())
.autoLearnPrivateRangesEnabled(false)
.insights(FirewallPolicyInsightsArgs.builder()
.defaultLogAnalyticsWorkspaceId("string")
.enabled(false)
.logAnalyticsWorkspaces(FirewallPolicyInsightsLogAnalyticsWorkspaceArgs.builder()
.firewallLocation("string")
.id("string")
.build())
.retentionInDays(0)
.build())
.basePolicyId("string")
.sku("string")
.sqlRedirectAllowed(false)
.tags(Map.of("string", "string"))
.threatIntelligenceAllowlist(FirewallPolicyThreatIntelligenceAllowlistArgs.builder()
.fqdns("string")
.ipAddresses("string")
.build())
.threatIntelligenceMode("string")
.tlsCertificate(FirewallPolicyTlsCertificateArgs.builder()
.keyVaultSecretId("string")
.name("string")
.build())
.build());
azure_firewall_policy_resource = azure.network.FirewallPolicy("azureFirewallPolicyResource",
resource_group_name="string",
name="string",
location="string",
explicit_proxy={
"enable_pac_file": False,
"enabled": False,
"http_port": 0,
"https_port": 0,
"pac_file": "string",
"pac_file_port": 0,
},
identity={
"type": "string",
"identity_ids": ["string"],
"principal_id": "string",
"tenant_id": "string",
},
private_ip_ranges=["string"],
intrusion_detection={
"mode": "string",
"private_ranges": ["string"],
"signature_overrides": [{
"id": "string",
"state": "string",
}],
"traffic_bypasses": [{
"name": "string",
"protocol": "string",
"description": "string",
"destination_addresses": ["string"],
"destination_ip_groups": ["string"],
"destination_ports": ["string"],
"source_addresses": ["string"],
"source_ip_groups": ["string"],
}],
},
dns={
"proxy_enabled": False,
"servers": ["string"],
},
auto_learn_private_ranges_enabled=False,
insights={
"default_log_analytics_workspace_id": "string",
"enabled": False,
"log_analytics_workspaces": [{
"firewall_location": "string",
"id": "string",
}],
"retention_in_days": 0,
},
base_policy_id="string",
sku="string",
sql_redirect_allowed=False,
tags={
"string": "string",
},
threat_intelligence_allowlist={
"fqdns": ["string"],
"ip_addresses": ["string"],
},
threat_intelligence_mode="string",
tls_certificate={
"key_vault_secret_id": "string",
"name": "string",
})
const azureFirewallPolicyResource = new azure.network.FirewallPolicy("azureFirewallPolicyResource", {
resourceGroupName: "string",
name: "string",
location: "string",
explicitProxy: {
enablePacFile: false,
enabled: false,
httpPort: 0,
httpsPort: 0,
pacFile: "string",
pacFilePort: 0,
},
identity: {
type: "string",
identityIds: ["string"],
principalId: "string",
tenantId: "string",
},
privateIpRanges: ["string"],
intrusionDetection: {
mode: "string",
privateRanges: ["string"],
signatureOverrides: [{
id: "string",
state: "string",
}],
trafficBypasses: [{
name: "string",
protocol: "string",
description: "string",
destinationAddresses: ["string"],
destinationIpGroups: ["string"],
destinationPorts: ["string"],
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
}],
},
dns: {
proxyEnabled: false,
servers: ["string"],
},
autoLearnPrivateRangesEnabled: false,
insights: {
defaultLogAnalyticsWorkspaceId: "string",
enabled: false,
logAnalyticsWorkspaces: [{
firewallLocation: "string",
id: "string",
}],
retentionInDays: 0,
},
basePolicyId: "string",
sku: "string",
sqlRedirectAllowed: false,
tags: {
string: "string",
},
threatIntelligenceAllowlist: {
fqdns: ["string"],
ipAddresses: ["string"],
},
threatIntelligenceMode: "string",
tlsCertificate: {
keyVaultSecretId: "string",
name: "string",
},
});
type: azure:network:FirewallPolicy
properties:
autoLearnPrivateRangesEnabled: false
basePolicyId: string
dns:
proxyEnabled: false
servers:
- string
explicitProxy:
enablePacFile: false
enabled: false
httpPort: 0
httpsPort: 0
pacFile: string
pacFilePort: 0
identity:
identityIds:
- string
principalId: string
tenantId: string
type: string
insights:
defaultLogAnalyticsWorkspaceId: string
enabled: false
logAnalyticsWorkspaces:
- firewallLocation: string
id: string
retentionInDays: 0
intrusionDetection:
mode: string
privateRanges:
- string
signatureOverrides:
- id: string
state: string
trafficBypasses:
- description: string
destinationAddresses:
- string
destinationIpGroups:
- string
destinationPorts:
- string
name: string
protocol: string
sourceAddresses:
- string
sourceIpGroups:
- string
location: string
name: string
privateIpRanges:
- string
resourceGroupName: string
sku: string
sqlRedirectAllowed: false
tags:
string: string
threatIntelligenceAllowlist:
fqdns:
- string
ipAddresses:
- string
threatIntelligenceMode: string
tlsCertificate:
keyVaultSecretId: string
name: string
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicy resource accepts the following input properties:
- Resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Auto
Learn boolPrivate Ranges Enabled - Whether enable auto learn private ip range.
- Base
Policy stringId - The ID of the base Firewall Policy.
- Dns
Firewall
Policy Dns - A
dns
block as defined below. - Explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - Identity
Firewall
Policy Identity - An
identity
block as defined below. - Insights
Firewall
Policy Insights - An
insights
block as defined below. - Intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - Location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip List<string>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- Sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - Sql
Redirect boolAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Dictionary<string, string>
- A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - Threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - Tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- Resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Auto
Learn boolPrivate Ranges Enabled - Whether enable auto learn private ip range.
- Base
Policy stringId - The ID of the base Firewall Policy.
- Dns
Firewall
Policy Dns Args - A
dns
block as defined below. - Explicit
Proxy FirewallPolicy Explicit Proxy Args - A
explicit_proxy
block as defined below. - Identity
Firewall
Policy Identity Args - An
identity
block as defined below. - Insights
Firewall
Policy Insights Args - An
insights
block as defined below. - Intrusion
Detection FirewallPolicy Intrusion Detection Args - A
intrusion_detection
block as defined below. - Location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip []stringRanges - A list of private IP ranges to which traffic will not be SNAT.
- Sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - Sql
Redirect boolAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - map[string]string
- A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist Args - A
threat_intelligence_allowlist
block as defined below. - Threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - Tls
Certificate FirewallPolicy Tls Certificate Args - A
tls_certificate
block as defined below.
- resource
Group StringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn BooleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy StringId - The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns - A
dns
block as defined below. - explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - identity
Firewall
Policy Identity - An
identity
block as defined below. - insights
Firewall
Policy Insights - An
insights
block as defined below. - intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - location String
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- sku String
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect BooleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Map<String,String>
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence StringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn booleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy stringId - The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns - A
dns
block as defined below. - explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - identity
Firewall
Policy Identity - An
identity
block as defined below. - insights
Firewall
Policy Insights - An
insights
block as defined below. - intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip string[]Ranges - A list of private IP ranges to which traffic will not be SNAT.
- sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect booleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - {[key: string]: string}
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- resource_
group_ strname - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto_
learn_ boolprivate_ ranges_ enabled - Whether enable auto learn private ip range.
- base_
policy_ strid - The ID of the base Firewall Policy.
- dns
Firewall
Policy Dns Args - A
dns
block as defined below. - explicit_
proxy FirewallPolicy Explicit Proxy Args - A
explicit_proxy
block as defined below. - identity
Firewall
Policy Identity Args - An
identity
block as defined below. - insights
Firewall
Policy Insights Args - An
insights
block as defined below. - intrusion_
detection FirewallPolicy Intrusion Detection Args - A
intrusion_detection
block as defined below. - location str
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name str
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private_
ip_ Sequence[str]ranges - A list of private IP ranges to which traffic will not be SNAT.
- sku str
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql_
redirect_ boolallowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Mapping[str, str]
- A mapping of tags which should be assigned to the Firewall Policy.
- threat_
intelligence_ Firewallallowlist Policy Threat Intelligence Allowlist Args - A
threat_intelligence_allowlist
block as defined below. - threat_
intelligence_ strmode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls_
certificate FirewallPolicy Tls Certificate Args - A
tls_certificate
block as defined below.
- resource
Group StringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- auto
Learn BooleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy StringId - The ID of the base Firewall Policy.
- dns Property Map
- A
dns
block as defined below. - explicit
Proxy Property Map - A
explicit_proxy
block as defined below. - identity Property Map
- An
identity
block as defined below. - insights Property Map
- An
insights
block as defined below. - intrusion
Detection Property Map - A
intrusion_detection
block as defined below. - location String
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- sku String
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect BooleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Map<String>
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence Property MapAllowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence StringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate Property Map - A
tls_certificate
block as defined below.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Child
Policies List<string> - A list of reference to child Firewall Policies of this Firewall Policy.
- Firewalls List<string>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Collection List<string>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Child
Policies []string - A list of reference to child Firewall Policies of this Firewall Policy.
- Firewalls []string
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
- The provider-assigned unique ID for this managed resource.
- Rule
Collection []stringGroups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies List<String> - A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls List<String>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
- The provider-assigned unique ID for this managed resource.
- rule
Collection List<String>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies string[] - A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls string[]
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id string
- The provider-assigned unique ID for this managed resource.
- rule
Collection string[]Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child_
policies Sequence[str] - A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls Sequence[str]
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id str
- The provider-assigned unique ID for this managed resource.
- rule_
collection_ Sequence[str]groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- child
Policies List<String> - A list of reference to child Firewall Policies of this Firewall Policy.
- firewalls List<String>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
- The provider-assigned unique ID for this managed resource.
- rule
Collection List<String>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
Look up Existing FirewallPolicy Resource
Get an existing FirewallPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallPolicyState, opts?: CustomResourceOptions): FirewallPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_learn_private_ranges_enabled: Optional[bool] = None,
base_policy_id: Optional[str] = None,
child_policies: Optional[Sequence[str]] = None,
dns: Optional[FirewallPolicyDnsArgs] = None,
explicit_proxy: Optional[FirewallPolicyExplicitProxyArgs] = None,
firewalls: Optional[Sequence[str]] = None,
identity: Optional[FirewallPolicyIdentityArgs] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
location: Optional[str] = None,
name: Optional[str] = None,
private_ip_ranges: Optional[Sequence[str]] = None,
resource_group_name: Optional[str] = None,
rule_collection_groups: Optional[Sequence[str]] = None,
sku: Optional[str] = None,
sql_redirect_allowed: Optional[bool] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intelligence_allowlist: Optional[FirewallPolicyThreatIntelligenceAllowlistArgs] = None,
threat_intelligence_mode: Optional[str] = None,
tls_certificate: Optional[FirewallPolicyTlsCertificateArgs] = None) -> FirewallPolicy
func GetFirewallPolicy(ctx *Context, name string, id IDInput, state *FirewallPolicyState, opts ...ResourceOption) (*FirewallPolicy, error)
public static FirewallPolicy Get(string name, Input<string> id, FirewallPolicyState? state, CustomResourceOptions? opts = null)
public static FirewallPolicy get(String name, Output<String> id, FirewallPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auto
Learn boolPrivate Ranges Enabled - Whether enable auto learn private ip range.
- Base
Policy stringId - The ID of the base Firewall Policy.
- Child
Policies List<string> - A list of reference to child Firewall Policies of this Firewall Policy.
- Dns
Firewall
Policy Dns - A
dns
block as defined below. - Explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - Firewalls List<string>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Identity
Firewall
Policy Identity - An
identity
block as defined below. - Insights
Firewall
Policy Insights - An
insights
block as defined below. - Intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - Location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip List<string>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- Resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Rule
Collection List<string>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - Sql
Redirect boolAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Dictionary<string, string>
- A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - Threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - Tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- Auto
Learn boolPrivate Ranges Enabled - Whether enable auto learn private ip range.
- Base
Policy stringId - The ID of the base Firewall Policy.
- Child
Policies []string - A list of reference to child Firewall Policies of this Firewall Policy.
- Dns
Firewall
Policy Dns Args - A
dns
block as defined below. - Explicit
Proxy FirewallPolicy Explicit Proxy Args - A
explicit_proxy
block as defined below. - Firewalls []string
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- Identity
Firewall
Policy Identity Args - An
identity
block as defined below. - Insights
Firewall
Policy Insights Args - An
insights
block as defined below. - Intrusion
Detection FirewallPolicy Intrusion Detection Args - A
intrusion_detection
block as defined below. - Location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- Private
Ip []stringRanges - A list of private IP ranges to which traffic will not be SNAT.
- Resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- Rule
Collection []stringGroups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- Sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - Sql
Redirect boolAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - map[string]string
- A mapping of tags which should be assigned to the Firewall Policy.
- Threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist Args - A
threat_intelligence_allowlist
block as defined below. - Threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - Tls
Certificate FirewallPolicy Tls Certificate Args - A
tls_certificate
block as defined below.
- auto
Learn BooleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy StringId - The ID of the base Firewall Policy.
- child
Policies List<String> - A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns - A
dns
block as defined below. - explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - firewalls List<String>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity - An
identity
block as defined below. - insights
Firewall
Policy Insights - An
insights
block as defined below. - intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - location String
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- resource
Group StringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection List<String>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku String
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect BooleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Map<String,String>
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence StringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- auto
Learn booleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy stringId - The ID of the base Firewall Policy.
- child
Policies string[] - A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns - A
dns
block as defined below. - explicit
Proxy FirewallPolicy Explicit Proxy - A
explicit_proxy
block as defined below. - firewalls string[]
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity - An
identity
block as defined below. - insights
Firewall
Policy Insights - An
insights
block as defined below. - intrusion
Detection FirewallPolicy Intrusion Detection - A
intrusion_detection
block as defined below. - location string
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name string
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip string[]Ranges - A list of private IP ranges to which traffic will not be SNAT.
- resource
Group stringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection string[]Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku string
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect booleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - {[key: string]: string}
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence FirewallAllowlist Policy Threat Intelligence Allowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence stringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate FirewallPolicy Tls Certificate - A
tls_certificate
block as defined below.
- auto_
learn_ boolprivate_ ranges_ enabled - Whether enable auto learn private ip range.
- base_
policy_ strid - The ID of the base Firewall Policy.
- child_
policies Sequence[str] - A list of reference to child Firewall Policies of this Firewall Policy.
- dns
Firewall
Policy Dns Args - A
dns
block as defined below. - explicit_
proxy FirewallPolicy Explicit Proxy Args - A
explicit_proxy
block as defined below. - firewalls Sequence[str]
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity
Firewall
Policy Identity Args - An
identity
block as defined below. - insights
Firewall
Policy Insights Args - An
insights
block as defined below. - intrusion_
detection FirewallPolicy Intrusion Detection Args - A
intrusion_detection
block as defined below. - location str
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name str
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private_
ip_ Sequence[str]ranges - A list of private IP ranges to which traffic will not be SNAT.
- resource_
group_ strname - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule_
collection_ Sequence[str]groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku str
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql_
redirect_ boolallowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Mapping[str, str]
- A mapping of tags which should be assigned to the Firewall Policy.
- threat_
intelligence_ Firewallallowlist Policy Threat Intelligence Allowlist Args - A
threat_intelligence_allowlist
block as defined below. - threat_
intelligence_ strmode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls_
certificate FirewallPolicy Tls Certificate Args - A
tls_certificate
block as defined below.
- auto
Learn BooleanPrivate Ranges Enabled - Whether enable auto learn private ip range.
- base
Policy StringId - The ID of the base Firewall Policy.
- child
Policies List<String> - A list of reference to child Firewall Policies of this Firewall Policy.
- dns Property Map
- A
dns
block as defined below. - explicit
Proxy Property Map - A
explicit_proxy
block as defined below. - firewalls List<String>
- A list of references to Azure Firewalls that this Firewall Policy is associated with.
- identity Property Map
- An
identity
block as defined below. - insights Property Map
- An
insights
block as defined below. - intrusion
Detection Property Map - A
intrusion_detection
block as defined below. - location String
- The Azure Region where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- name String
- The name which should be used for this Firewall Policy. Changing this forces a new Firewall Policy to be created.
- private
Ip List<String>Ranges - A list of private IP ranges to which traffic will not be SNAT.
- resource
Group StringName - The name of the Resource Group where the Firewall Policy should exist. Changing this forces a new Firewall Policy to be created.
- rule
Collection List<String>Groups - A list of references to Firewall Policy Rule Collection Groups that belongs to this Firewall Policy.
- sku String
- The SKU Tier of the Firewall Policy. Possible values are
Standard
,Premium
andBasic
. Defaults toStandard
. Changing this forces a new Firewall Policy to be created. - sql
Redirect BooleanAllowed - Whether SQL Redirect traffic filtering is allowed. Enabling this flag requires no rule using ports between
11000
-11999
. - Map<String>
- A mapping of tags which should be assigned to the Firewall Policy.
- threat
Intelligence Property MapAllowlist - A
threat_intelligence_allowlist
block as defined below. - threat
Intelligence StringMode - The operation mode for Threat Intelligence. Possible values are
Alert
,Deny
andOff
. Defaults toAlert
. - tls
Certificate Property Map - A
tls_certificate
block as defined below.
Supporting Types
FirewallPolicyDns, FirewallPolicyDnsArgs
- Proxy
Enabled bool - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - Servers List<string>
- A list of custom DNS servers' IP addresses.
- Proxy
Enabled bool - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - Servers []string
- A list of custom DNS servers' IP addresses.
- proxy
Enabled Boolean - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - servers List<String>
- A list of custom DNS servers' IP addresses.
- proxy
Enabled boolean - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - servers string[]
- A list of custom DNS servers' IP addresses.
- proxy_
enabled bool - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - servers Sequence[str]
- A list of custom DNS servers' IP addresses.
- proxy
Enabled Boolean - Whether to enable DNS proxy on Firewalls attached to this Firewall Policy? Defaults to
false
. - servers List<String>
- A list of custom DNS servers' IP addresses.
FirewallPolicyExplicitProxy, FirewallPolicyExplicitProxyArgs
- Enable
Pac boolFile - Whether the pac file port and url need to be provided.
- Enabled bool
- Whether the explicit proxy is enabled for this Firewall Policy.
- Http
Port int - The port number for explicit http protocol.
- Https
Port int - The port number for explicit proxy https protocol.
- Pac
File string - Specifies a SAS URL for PAC file.
- Pac
File intPort - Specifies a port number for firewall to serve PAC file.
- Enable
Pac boolFile - Whether the pac file port and url need to be provided.
- Enabled bool
- Whether the explicit proxy is enabled for this Firewall Policy.
- Http
Port int - The port number for explicit http protocol.
- Https
Port int - The port number for explicit proxy https protocol.
- Pac
File string - Specifies a SAS URL for PAC file.
- Pac
File intPort - Specifies a port number for firewall to serve PAC file.
- enable
Pac BooleanFile - Whether the pac file port and url need to be provided.
- enabled Boolean
- Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port Integer - The port number for explicit http protocol.
- https
Port Integer - The port number for explicit proxy https protocol.
- pac
File String - Specifies a SAS URL for PAC file.
- pac
File IntegerPort - Specifies a port number for firewall to serve PAC file.
- enable
Pac booleanFile - Whether the pac file port and url need to be provided.
- enabled boolean
- Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port number - The port number for explicit http protocol.
- https
Port number - The port number for explicit proxy https protocol.
- pac
File string - Specifies a SAS URL for PAC file.
- pac
File numberPort - Specifies a port number for firewall to serve PAC file.
- enable_
pac_ boolfile - Whether the pac file port and url need to be provided.
- enabled bool
- Whether the explicit proxy is enabled for this Firewall Policy.
- http_
port int - The port number for explicit http protocol.
- https_
port int - The port number for explicit proxy https protocol.
- pac_
file str - Specifies a SAS URL for PAC file.
- pac_
file_ intport - Specifies a port number for firewall to serve PAC file.
- enable
Pac BooleanFile - Whether the pac file port and url need to be provided.
- enabled Boolean
- Whether the explicit proxy is enabled for this Firewall Policy.
- http
Port Number - The port number for explicit http protocol.
- https
Port Number - The port number for explicit proxy https protocol.
- pac
File String - Specifies a SAS URL for PAC file.
- pac
File NumberPort - Specifies a port number for firewall to serve PAC file.
FirewallPolicyIdentity, FirewallPolicyIdentityArgs
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - Identity
Ids List<string> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- Principal
Id string - Tenant
Id string
- Type string
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - Identity
Ids []string - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- Principal
Id string - Tenant
Id string
- type String
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - identity
Ids List<String> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- principal
Id String - tenant
Id String
- type string
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - identity
Ids string[] - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- principal
Id string - tenant
Id string
- type str
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - identity_
ids Sequence[str] - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- principal_
id str - tenant_
id str
- type String
- Specifies the type of Managed Service Identity that should be configured on this Firewall Policy. Only possible value is
UserAssigned
. - identity
Ids List<String> - Specifies a list of User Assigned Managed Identity IDs to be assigned to this Firewall Policy.
- principal
Id String - tenant
Id String
FirewallPolicyInsights, FirewallPolicyInsightsArgs
- Default
Log stringAnalytics Workspace Id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - Enabled bool
- Whether the insights functionality is enabled for this Firewall Policy.
- Log
Analytics List<FirewallWorkspaces Policy Insights Log Analytics Workspace> - A list of
log_analytics_workspace
block as defined below. - Retention
In intDays - The log retention period in days.
- Default
Log stringAnalytics Workspace Id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - Enabled bool
- Whether the insights functionality is enabled for this Firewall Policy.
- Log
Analytics []FirewallWorkspaces Policy Insights Log Analytics Workspace - A list of
log_analytics_workspace
block as defined below. - Retention
In intDays - The log retention period in days.
- default
Log StringAnalytics Workspace Id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - enabled Boolean
- Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics List<FirewallWorkspaces Policy Insights Log Analytics Workspace> - A list of
log_analytics_workspace
block as defined below. - retention
In IntegerDays - The log retention period in days.
- default
Log stringAnalytics Workspace Id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - enabled boolean
- Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics FirewallWorkspaces Policy Insights Log Analytics Workspace[] - A list of
log_analytics_workspace
block as defined below. - retention
In numberDays - The log retention period in days.
- default_
log_ stranalytics_ workspace_ id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - enabled bool
- Whether the insights functionality is enabled for this Firewall Policy.
- log_
analytics_ Sequence[Firewallworkspaces Policy Insights Log Analytics Workspace] - A list of
log_analytics_workspace
block as defined below. - retention_
in_ intdays - The log retention period in days.
- default
Log StringAnalytics Workspace Id - The ID of the default Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to, when there is no location matches in the
log_analytics_workspace
. - enabled Boolean
- Whether the insights functionality is enabled for this Firewall Policy.
- log
Analytics List<Property Map>Workspaces - A list of
log_analytics_workspace
block as defined below. - retention
In NumberDays - The log retention period in days.
FirewallPolicyInsightsLogAnalyticsWorkspace, FirewallPolicyInsightsLogAnalyticsWorkspaceArgs
- Firewall
Location string - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- Id string
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- Firewall
Location string - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- Id string
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location String - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id String
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location string - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id string
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall_
location str - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id str
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
- firewall
Location String - The location of the Firewalls, that when matches this Log Analytics Workspace will be used to consume their logs.
- id String
- The ID of the Log Analytics Workspace that the Firewalls associated with this Firewall Policy will send their logs to when their locations match the
firewall_location
.
FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs
- Mode string
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - Private
Ranges List<string> - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- Signature
Overrides List<FirewallPolicy Intrusion Detection Signature Override> - One or more
signature_overrides
blocks as defined below. - Traffic
Bypasses List<FirewallPolicy Intrusion Detection Traffic Bypass> - One or more
traffic_bypass
blocks as defined below.
- Mode string
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - Private
Ranges []string - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Override - One or more
signature_overrides
blocks as defined below. - Traffic
Bypasses []FirewallPolicy Intrusion Detection Traffic Bypass - One or more
traffic_bypass
blocks as defined below.
- mode String
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - private
Ranges List<String> - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Override> - One or more
signature_overrides
blocks as defined below. - traffic
Bypasses List<FirewallPolicy Intrusion Detection Traffic Bypass> - One or more
traffic_bypass
blocks as defined below.
- mode string
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - private
Ranges string[] - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides FirewallPolicy Intrusion Detection Signature Override[] - One or more
signature_overrides
blocks as defined below. - traffic
Bypasses FirewallPolicy Intrusion Detection Traffic Bypass[] - One or more
traffic_bypass
blocks as defined below.
- mode str
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - private_
ranges Sequence[str] - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Override] - One or more
signature_overrides
blocks as defined below. - traffic_
bypasses Sequence[FirewallPolicy Intrusion Detection Traffic Bypass] - One or more
traffic_bypass
blocks as defined below.
- mode String
- In which mode you want to run intrusion detection:
Off
,Alert
orDeny
. - private
Ranges List<String> - A list of Private IP address ranges to identify traffic direction. By default, only ranges defined by IANA RFC 1918 are considered private IP addresses.
- signature
Overrides List<Property Map> - One or more
signature_overrides
blocks as defined below. - traffic
Bypasses List<Property Map> - One or more
traffic_bypass
blocks as defined below.
FirewallPolicyIntrusionDetectionSignatureOverride, FirewallPolicyIntrusionDetectionSignatureOverrideArgs
FirewallPolicyIntrusionDetectionTrafficBypass, FirewallPolicyIntrusionDetectionTrafficBypassArgs
- Name string
- The name which should be used for this bypass traffic setting.
- Protocol string
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - Description string
- The description for this bypass traffic setting.
- Destination
Addresses List<string> - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- Destination
Ip List<string>Groups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- Destination
Ports List<string> - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- Source
Addresses List<string> - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- Source
Ip List<string>Groups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- Name string
- The name which should be used for this bypass traffic setting.
- Protocol string
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - Description string
- The description for this bypass traffic setting.
- Destination
Addresses []string - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- Destination
Ip []stringGroups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- Destination
Ports []string - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- Source
Addresses []string - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- Source
Ip []stringGroups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name String
- The name which should be used for this bypass traffic setting.
- protocol String
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - description String
- The description for this bypass traffic setting.
- destination
Addresses List<String> - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip List<String>Groups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports List<String> - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses List<String> - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip List<String>Groups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name string
- The name which should be used for this bypass traffic setting.
- protocol string
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - description string
- The description for this bypass traffic setting.
- destination
Addresses string[] - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip string[]Groups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports string[] - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses string[] - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip string[]Groups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name str
- The name which should be used for this bypass traffic setting.
- protocol str
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - description str
- The description for this bypass traffic setting.
- destination_
addresses Sequence[str] - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination_
ip_ Sequence[str]groups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination_
ports Sequence[str] - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source_
addresses Sequence[str] - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source_
ip_ Sequence[str]groups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
- name String
- The name which should be used for this bypass traffic setting.
- protocol String
- The protocols any of
ANY
,TCP
,ICMP
,UDP
that shall be bypassed by intrusion detection. - description String
- The description for this bypass traffic setting.
- destination
Addresses List<String> - Specifies a list of destination IP addresses that shall be bypassed by intrusion detection.
- destination
Ip List<String>Groups - Specifies a list of destination IP groups that shall be bypassed by intrusion detection.
- destination
Ports List<String> - Specifies a list of destination IP ports that shall be bypassed by intrusion detection.
- source
Addresses List<String> - Specifies a list of source addresses that shall be bypassed by intrusion detection.
- source
Ip List<String>Groups - Specifies a list of source IP groups that shall be bypassed by intrusion detection.
FirewallPolicyThreatIntelligenceAllowlist, FirewallPolicyThreatIntelligenceAllowlistArgs
- Fqdns List<string>
- A list of FQDNs that will be skipped for threat detection.
- Ip
Addresses List<string> - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- Fqdns []string
- A list of FQDNs that will be skipped for threat detection.
- Ip
Addresses []string - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns List<String>
- A list of FQDNs that will be skipped for threat detection.
- ip
Addresses List<String> - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns string[]
- A list of FQDNs that will be skipped for threat detection.
- ip
Addresses string[] - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns Sequence[str]
- A list of FQDNs that will be skipped for threat detection.
- ip_
addresses Sequence[str] - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
- fqdns List<String>
- A list of FQDNs that will be skipped for threat detection.
- ip
Addresses List<String> - A list of IP addresses or CIDR ranges that will be skipped for threat detection.
FirewallPolicyTlsCertificate, FirewallPolicyTlsCertificateArgs
- Key
Vault stringSecret Id - The ID of the Key Vault, where the secret or certificate is stored.
- Name string
- The name of the certificate.
- Key
Vault stringSecret Id - The ID of the Key Vault, where the secret or certificate is stored.
- Name string
- The name of the certificate.
- key
Vault StringSecret Id - The ID of the Key Vault, where the secret or certificate is stored.
- name String
- The name of the certificate.
- key
Vault stringSecret Id - The ID of the Key Vault, where the secret or certificate is stored.
- name string
- The name of the certificate.
- key_
vault_ strsecret_ id - The ID of the Key Vault, where the secret or certificate is stored.
- name str
- The name of the certificate.
- key
Vault StringSecret Id - The ID of the Key Vault, where the secret or certificate is stored.
- name String
- The name of the certificate.
Import
Firewall Policies can be imported using the resource id
, e.g.
$ pulumi import azure:network/firewallPolicy:FirewallPolicy example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/firewallPolicies/policy1
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurerm
Terraform Provider.