Dela via


Microsoft.Network firewallPolicies/ruleGroups 2019-09-01

Bicep resource definition

The firewallPolicies/ruleGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01' = {
  parent: resourceSymbolicName
  name: 'string'
  properties: {
    priority: int
    rules: [
      {
        name: 'string'
        priority: int
        ruleType: 'string'
        // For remaining properties, see FirewallPolicyRule objects
      }
    ]
  }
}

FirewallPolicyRuleCondition objects

Set the ruleConditionType property to specify the type of object.

For ApplicationRuleCondition, use:

{
  destinationAddresses: [
    'string'
  ]
  fqdnTags: [
    'string'
  ]
  protocols: [
    {
      port: int
      protocolType: 'string'
    }
  ]
  ruleConditionType: 'ApplicationRuleCondition'
  sourceAddresses: [
    'string'
  ]
  targetFqdns: [
    'string'
  ]
}

For NetworkRuleCondition, use:

{
  destinationAddresses: [
    'string'
  ]
  destinationPorts: [
    'string'
  ]
  ipProtocols: [
    'string'
  ]
  ruleConditionType: 'NetworkRuleCondition'
  sourceAddresses: [
    'string'
  ]
}

FirewallPolicyRule objects

Set the ruleType property to specify the type of object.

For FirewallPolicyFilterRule, use:

{
  action: {
    type: 'string'
  }
  ruleConditions: [
    {
      description: 'string'
      name: 'string'
      ruleConditionType: 'string'
      // For remaining properties, see FirewallPolicyRuleCondition objects
    }
  ]
  ruleType: 'FirewallPolicyFilterRule'
}

For FirewallPolicyNatRule, use:

{
  action: {
    type: 'string'
  }
  ruleCondition: {
    description: 'string'
    name: 'string'
    ruleConditionType: 'string'
    // For remaining properties, see FirewallPolicyRuleCondition objects
  }
  ruleType: 'FirewallPolicyNatRule'
  translatedAddress: 'string'
  translatedPort: 'string'
}

Property values

ApplicationRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
fqdnTags List of FQDN Tags for this rule condition. string[]
protocols Array of Application Protocols. FirewallPolicyRuleConditionApplicationProtocol[]
ruleConditionType Rule Condition Type. 'ApplicationRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]
targetFqdns List of FQDNs for this rule condition. string[]

FirewallPolicyFilterRule

Name Description Value
action The action type of a Filter rule. FirewallPolicyFilterRuleAction
ruleConditions Collection of rule conditions used by a rule. FirewallPolicyRuleCondition[]
ruleType The type of the rule. 'FirewallPolicyFilterRule' (required)

FirewallPolicyFilterRuleAction

Name Description Value
type The type of action. 'Allow'
'Deny'

FirewallPolicyNatRule

Name Description Value
action The action type of a Nat rule. FirewallPolicyNatRuleAction
ruleCondition The match conditions for incoming traffic. FirewallPolicyRuleCondition
ruleType The type of the rule. 'FirewallPolicyNatRule' (required)
translatedAddress The translated address for this NAT rule. string
translatedPort The translated port for this NAT rule. string

FirewallPolicyNatRuleAction

Name Description Value
type The type of action. 'DNAT'

FirewallPolicyRule

Name Description Value
name The name of the rule. string
priority Priority of the Firewall Policy Rule resource. int

Constraints:
Min value = 100
Max value = 65000
ruleType Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. 'FirewallPolicyFilterRule'
'FirewallPolicyNatRule' (required)

FirewallPolicyRuleCondition

Name Description Value
description Description of the rule condition. string
name Name of the rule condition. string
ruleConditionType Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. 'ApplicationRuleCondition'
'NetworkRuleCondition' (required)

FirewallPolicyRuleConditionApplicationProtocol

Name Description Value
port Port number for the protocol, cannot be greater than 64000. int

Constraints:
Min value = 0
Max value = 64000
protocolType Protocol type. 'Http'
'Https'

FirewallPolicyRuleGroupProperties

Name Description Value
priority Priority of the Firewall Policy Rule Group resource. int

Constraints:
Min value = 100
Max value = 65000
rules Group of Firewall Policy rules. FirewallPolicyRule[]

Microsoft.Network/firewallPolicies/ruleGroups

Name Description Value
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: firewallPolicies
properties The properties of the firewall policy rule group. FirewallPolicyRuleGroupProperties

NetworkRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
destinationPorts List of destination ports. string[]
ipProtocols Array of FirewallPolicyRuleConditionNetworkProtocols. String array containing any of:
'Any'
'ICMP'
'TCP'
'UDP'
ruleConditionType Rule Condition Type. 'NetworkRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]

ARM template resource definition

The firewallPolicies/ruleGroups resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/firewallPolicies/ruleGroups",
  "apiVersion": "2019-09-01",
  "name": "string",
  "properties": {
    "priority": "int",
    "rules": [ {
      "name": "string",
      "priority": "int",
      "ruleType": "string"
      // For remaining properties, see FirewallPolicyRule objects
    } ]
  }
}

FirewallPolicyRuleCondition objects

Set the ruleConditionType property to specify the type of object.

For ApplicationRuleCondition, use:

{
  "destinationAddresses": [ "string" ],
  "fqdnTags": [ "string" ],
  "protocols": [
    {
      "port": "int",
      "protocolType": "string"
    }
  ],
  "ruleConditionType": "ApplicationRuleCondition",
  "sourceAddresses": [ "string" ],
  "targetFqdns": [ "string" ]
}

For NetworkRuleCondition, use:

{
  "destinationAddresses": [ "string" ],
  "destinationPorts": [ "string" ],
  "ipProtocols": [ "string" ],
  "ruleConditionType": "NetworkRuleCondition",
  "sourceAddresses": [ "string" ]
}

FirewallPolicyRule objects

Set the ruleType property to specify the type of object.

For FirewallPolicyFilterRule, use:

{
  "action": {
    "type": "string"
  },
  "ruleConditions": [ {
    "description": "string",
    "name": "string",
    "ruleConditionType": "string"
    // For remaining properties, see FirewallPolicyRuleCondition objects
  } ],
  "ruleType": "FirewallPolicyFilterRule"
}

For FirewallPolicyNatRule, use:

{
  "action": {
    "type": "string"
  },
  "ruleCondition": {
    "description": "string",
    "name": "string",
    "ruleConditionType": "string"
    // For remaining properties, see FirewallPolicyRuleCondition objects
  },
  "ruleType": "FirewallPolicyNatRule",
  "translatedAddress": "string",
  "translatedPort": "string"
}

Property values

ApplicationRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
fqdnTags List of FQDN Tags for this rule condition. string[]
protocols Array of Application Protocols. FirewallPolicyRuleConditionApplicationProtocol[]
ruleConditionType Rule Condition Type. 'ApplicationRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]
targetFqdns List of FQDNs for this rule condition. string[]

FirewallPolicyFilterRule

Name Description Value
action The action type of a Filter rule. FirewallPolicyFilterRuleAction
ruleConditions Collection of rule conditions used by a rule. FirewallPolicyRuleCondition[]
ruleType The type of the rule. 'FirewallPolicyFilterRule' (required)

FirewallPolicyFilterRuleAction

Name Description Value
type The type of action. 'Allow'
'Deny'

FirewallPolicyNatRule

Name Description Value
action The action type of a Nat rule. FirewallPolicyNatRuleAction
ruleCondition The match conditions for incoming traffic. FirewallPolicyRuleCondition
ruleType The type of the rule. 'FirewallPolicyNatRule' (required)
translatedAddress The translated address for this NAT rule. string
translatedPort The translated port for this NAT rule. string

FirewallPolicyNatRuleAction

Name Description Value
type The type of action. 'DNAT'

FirewallPolicyRule

Name Description Value
name The name of the rule. string
priority Priority of the Firewall Policy Rule resource. int

Constraints:
Min value = 100
Max value = 65000
ruleType Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. 'FirewallPolicyFilterRule'
'FirewallPolicyNatRule' (required)

FirewallPolicyRuleCondition

Name Description Value
description Description of the rule condition. string
name Name of the rule condition. string
ruleConditionType Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. 'ApplicationRuleCondition'
'NetworkRuleCondition' (required)

FirewallPolicyRuleConditionApplicationProtocol

Name Description Value
port Port number for the protocol, cannot be greater than 64000. int

Constraints:
Min value = 0
Max value = 64000
protocolType Protocol type. 'Http'
'Https'

FirewallPolicyRuleGroupProperties

Name Description Value
priority Priority of the Firewall Policy Rule Group resource. int

Constraints:
Min value = 100
Max value = 65000
rules Group of Firewall Policy rules. FirewallPolicyRule[]

Microsoft.Network/firewallPolicies/ruleGroups

Name Description Value
apiVersion The api version '2019-09-01'
name The resource name string (required)
properties The properties of the firewall policy rule group. FirewallPolicyRuleGroupProperties
type The resource type 'Microsoft.Network/firewallPolicies/ruleGroups'

NetworkRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
destinationPorts List of destination ports. string[]
ipProtocols Array of FirewallPolicyRuleConditionNetworkProtocols. String array containing any of:
'Any'
'ICMP'
'TCP'
'UDP'
ruleConditionType Rule Condition Type. 'NetworkRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]

Terraform (AzAPI provider) resource definition

The firewallPolicies/ruleGroups resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01"
  name = "string"
  body = jsonencode({
    properties = {
      priority = int
      rules = [
        {
          name = "string"
          priority = int
          ruleType = "string"
          // For remaining properties, see FirewallPolicyRule objects
        }
      ]
    }
  })
}

FirewallPolicyRuleCondition objects

Set the ruleConditionType property to specify the type of object.

For ApplicationRuleCondition, use:

{
  destinationAddresses = [
    "string"
  ]
  fqdnTags = [
    "string"
  ]
  protocols = [
    {
      port = int
      protocolType = "string"
    }
  ]
  ruleConditionType = "ApplicationRuleCondition"
  sourceAddresses = [
    "string"
  ]
  targetFqdns = [
    "string"
  ]
}

For NetworkRuleCondition, use:

{
  destinationAddresses = [
    "string"
  ]
  destinationPorts = [
    "string"
  ]
  ipProtocols = [
    "string"
  ]
  ruleConditionType = "NetworkRuleCondition"
  sourceAddresses = [
    "string"
  ]
}

FirewallPolicyRule objects

Set the ruleType property to specify the type of object.

For FirewallPolicyFilterRule, use:

{
  action = {
    type = "string"
  }
  ruleConditions = [
    {
      description = "string"
      name = "string"
      ruleConditionType = "string"
      // For remaining properties, see FirewallPolicyRuleCondition objects
    }
  ]
  ruleType = "FirewallPolicyFilterRule"
}

For FirewallPolicyNatRule, use:

{
  action = {
    type = "string"
  }
  ruleCondition = {
    description = "string"
    name = "string"
    ruleConditionType = "string"
    // For remaining properties, see FirewallPolicyRuleCondition objects
  }
  ruleType = "FirewallPolicyNatRule"
  translatedAddress = "string"
  translatedPort = "string"
}

Property values

ApplicationRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
fqdnTags List of FQDN Tags for this rule condition. string[]
protocols Array of Application Protocols. FirewallPolicyRuleConditionApplicationProtocol[]
ruleConditionType Rule Condition Type. 'ApplicationRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]
targetFqdns List of FQDNs for this rule condition. string[]

FirewallPolicyFilterRule

Name Description Value
action The action type of a Filter rule. FirewallPolicyFilterRuleAction
ruleConditions Collection of rule conditions used by a rule. FirewallPolicyRuleCondition[]
ruleType The type of the rule. 'FirewallPolicyFilterRule' (required)

FirewallPolicyFilterRuleAction

Name Description Value
type The type of action. 'Allow'
'Deny'

FirewallPolicyNatRule

Name Description Value
action The action type of a Nat rule. FirewallPolicyNatRuleAction
ruleCondition The match conditions for incoming traffic. FirewallPolicyRuleCondition
ruleType The type of the rule. 'FirewallPolicyNatRule' (required)
translatedAddress The translated address for this NAT rule. string
translatedPort The translated port for this NAT rule. string

FirewallPolicyNatRuleAction

Name Description Value
type The type of action. 'DNAT'

FirewallPolicyRule

Name Description Value
name The name of the rule. string
priority Priority of the Firewall Policy Rule resource. int

Constraints:
Min value = 100
Max value = 65000
ruleType Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. 'FirewallPolicyFilterRule'
'FirewallPolicyNatRule' (required)

FirewallPolicyRuleCondition

Name Description Value
description Description of the rule condition. string
name Name of the rule condition. string
ruleConditionType Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. 'ApplicationRuleCondition'
'NetworkRuleCondition' (required)

FirewallPolicyRuleConditionApplicationProtocol

Name Description Value
port Port number for the protocol, cannot be greater than 64000. int

Constraints:
Min value = 0
Max value = 64000
protocolType Protocol type. 'Http'
'Https'

FirewallPolicyRuleGroupProperties

Name Description Value
priority Priority of the Firewall Policy Rule Group resource. int

Constraints:
Min value = 100
Max value = 65000
rules Group of Firewall Policy rules. FirewallPolicyRule[]

Microsoft.Network/firewallPolicies/ruleGroups

Name Description Value
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: firewallPolicies
properties The properties of the firewall policy rule group. FirewallPolicyRuleGroupProperties
type The resource type "Microsoft.Network/firewallPolicies/ruleGroups@2019-09-01"

NetworkRuleCondition

Name Description Value
destinationAddresses List of destination IP addresses or Service Tags. string[]
destinationPorts List of destination ports. string[]
ipProtocols Array of FirewallPolicyRuleConditionNetworkProtocols. String array containing any of:
'Any'
'ICMP'
'TCP'
'UDP'
ruleConditionType Rule Condition Type. 'NetworkRuleCondition' (required)
sourceAddresses List of source IP addresses for this rule. string[]