Share via


az network firewall policy intrusion-detection

Note

This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall policy intrusion-detection command. Learn more about extensions.

Manage intrusion signature rules and bypass rules.

Commands

Name Description Type Status
az network firewall policy intrusion-detection add

Update an Azure firewall policy.

Extension GA
az network firewall policy intrusion-detection list

List all intrusion detection configuration.

Extension GA
az network firewall policy intrusion-detection remove

Update an Azure firewall policy.

Extension GA

az network firewall policy intrusion-detection add

Update an Azure firewall policy.

az network firewall policy intrusion-detection add [--add]
                                                   [--auto-learn-private-ranges {Disabled, Enabled}]
                                                   [--cert-name]
                                                   [--configuration]
                                                   [--dns-servers]
                                                   [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--explicit-proxy]
                                                   [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--fqdns]
                                                   [--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
                                                   [--idps-mode {Alert, Deny, Off}]
                                                   [--idps-profile {Advanced, Basic, Standard}]
                                                   [--ids]
                                                   [--ip-addresses]
                                                   [--key-vault-secret-id]
                                                   [--mode {Alert, Deny, Off}]
                                                   [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--policy-name]
                                                   [--private-ranges]
                                                   [--remove]
                                                   [--resource-group]
                                                   [--rule-description]
                                                   [--rule-dest-addresses]
                                                   [--rule-dest-ip-groups]
                                                   [--rule-dest-ports]
                                                   [--rule-name]
                                                   [--rule-protocol {Any, ICMP, TCP, UDP}]
                                                   [--rule-src-addresses]
                                                   [--rule-src-ip-groups]
                                                   [--set]
                                                   [--signature-id]
                                                   [--sku {Basic, Premium, Standard}]
                                                   [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                                   [--subscription]
                                                   [--tags]
                                                   [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--cert-name
Preview

Name of the CA certificate.

--configuration

Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--identity-type

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

Accepted values: None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned
--idps-mode

IDPS mode.

Accepted values: Alert, Deny, Off
--idps-profile
Preview

IDPS mode.

Accepted values: Advanced, Basic, Standard
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--key-vault-secret-id
Preview

Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.

--mode

The override signature state.

Accepted values: Alert, Deny, Off
--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-description

Description of the bypass traffic rule.

--rule-dest-addresses

Space-separated list of destination IP addresses or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-dest-ip-groups

Space-separated list of destination IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-dest-ports

Space-separated list of destination ports or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-name

Name of the bypass traffic rule.

--rule-protocol

The bypass traffic rule protocol.

Accepted values: Any, ICMP, TCP, UDP
--rule-src-addresses

Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--rule-src-ip-groups

Space-separated list of source IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--signature-id

Signature id for override.

--sku

SKU of Firewall policy.

Accepted values: Basic, Premium, Standard
--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy intrusion-detection list

List all intrusion detection configuration.

az network firewall policy intrusion-detection list --policy-name
                                                    --resource-group

Required Parameters

--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall policy intrusion-detection remove

Update an Azure firewall policy.

az network firewall policy intrusion-detection remove [--add]
                                                      [--auto-learn-private-ranges {Disabled, Enabled}]
                                                      [--cert-name]
                                                      [--configuration]
                                                      [--dns-servers]
                                                      [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                                      [--explicit-proxy]
                                                      [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                                      [--fqdns]
                                                      [--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
                                                      [--idps-mode {Alert, Deny, Off}]
                                                      [--idps-profile {Advanced, Basic, Standard}]
                                                      [--ids]
                                                      [--ip-addresses]
                                                      [--key-vault-secret-id]
                                                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                                      [--policy-name]
                                                      [--private-ranges]
                                                      [--remove]
                                                      [--resource-group]
                                                      [--rule-name]
                                                      [--set]
                                                      [--signature-id]
                                                      [--sku {Basic, Premium, Standard}]
                                                      [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                                      [--subscription]
                                                      [--tags]
                                                      [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Accepted values: Disabled, Enabled
--cert-name
Preview

Name of the CA certificate.

--configuration

Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--identity-type

The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.

Accepted values: None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned
--idps-mode

IDPS mode.

Accepted values: Alert, Deny, Off
--idps-profile
Preview

IDPS mode.

Accepted values: Advanced, Basic, Standard
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--key-vault-secret-id
Preview

Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--policy-name

The name of the Firewall Policy.

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rule-name

Name of the bypass traffic rule.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--signature-id

Signature id.

--sku

SKU of Firewall policy.

Accepted values: Basic, Premium, Standard
--sql
Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.