Share via


az network firewall policy draft

Note

This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall policy draft command. Learn more about extensions.

Manage and configure Azure firewall policy draft,.

Commands

Name Description Type Status
az network firewall policy draft create

Create a draft Firewall Policy.

Extension Preview
az network firewall policy draft delete

Delete a draft policy.

Extension GA
az network firewall policy draft intrusion-detection

Manage intrusion signature rules and bypass rules.

Extension GA
az network firewall policy draft intrusion-detection add

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft intrusion-detection list

List all intrusion detection configuration.

Extension Preview
az network firewall policy draft intrusion-detection remove

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft rule-collection-group Extension GA
az network firewall policy draft rule-collection-group wait

Place the CLI in a waiting state until a condition is met.

Extension GA
az network firewall policy draft show

Get a draft Firewall Policy.

Extension Preview
az network firewall policy draft update

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft wait

Place the CLI in a waiting state until a condition is met.

Extension GA

az network firewall policy draft create

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a draft Firewall Policy.

az network firewall policy draft create --policy-name
                                        --resource-group
                                        [--auto-learn-private-ranges {Disabled, Enabled}]
                                        [--base-policy]
                                        [--dns-servers]
                                        [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--explicit-proxy]
                                        [--fqdns]
                                        [--idps-mode {Alert, Deny, Off}]
                                        [--ip-addresses]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--private-ranges]
                                        [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--tags]
                                        [--threat-intel-mode {Alert, Deny, Off}]

Required Parameters

--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--base-policy

The name or ID of parent firewall policy from which rules are inherited.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--idps-mode
Preview

IDPS mode.

Accepted values: Alert, Deny, Off
--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft delete

Delete a draft policy.

az network firewall policy draft delete [--ids]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--policy-name]
                                        [--resource-group]
                                        [--subscription]
                                        [--yes]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--yes -y

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft show

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a draft Firewall Policy.

az network firewall policy draft show [--expand]
                                      [--ids]
                                      [--policy-name]
                                      [--resource-group]
                                      [--subscription]

Optional Parameters

--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft update

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a draft Firewall Policy.

az network firewall policy draft update [--add]
                                        [--auto-learn-private-ranges {Disabled, Enabled}]
                                        [--dns-servers]
                                        [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--explicit-proxy]
                                        [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--fqdns]
                                        [--idps-mode {Alert, Deny, Off}]
                                        [--ids]
                                        [--ip-addresses]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--policy-name]
                                        [--private-ranges]
                                        [--remove]
                                        [--resource-group]
                                        [--set]
                                        [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--subscription]
                                        [--tags]
                                        [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--idps-mode
Preview

IDPS mode.

Accepted values: Alert, Deny, Off
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy draft wait

Place the CLI in a waiting state until a condition is met.

az network firewall policy draft wait [--created]
                                      [--custom]
                                      [--deleted]
                                      [--exists]
                                      [--expand]
                                      [--ids]
                                      [--interval]
                                      [--name]
                                      [--resource-group]
                                      [--subscription]
                                      [--timeout]
                                      [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--expand

Expands referenced resources. Default value is None.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.