NetworkManagementClient
The Microsoft Azure Network management API provides a RESTful set of web services that interact with Microsoft Azure Networks service to manage your network resources
COMMUNITYBEARER0 INSTALLS
OpenAPI Specificationv3.0
{
"swagger": "2.0",
"schemes": [
"https"
],
"host": "management.azure.com",
"info": {
"description": "The Microsoft Azure Network management API provides a RESTful set of web services that interact with Microsoft Azure Networks service to manage your network resources. The API has entities that capture the relationship between an end user and the Microsoft Azure Networks service.",
"title": "NetworkManagementClient",
"version": "2019-07-01",
"x-apisguru-categories": [
"cloud"
],
"x-logo": {
"url": "https://api.apis.guru/v2/cache/logo/https_assets.onestore.ms_cdnfiles_onestorerolling-1606-01000_shell_v3_images_logo_microsoft.png"
},
"x-origin": [
{
"format": "swagger",
"url": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/specification/network/resource-manager/Microsoft.Network/stable/2019-07-01/azureFirewall.json",
"version": "2.0"
}
],
"x-preferred": true,
"x-providerName": "azure.com",
"x-serviceName": "network-azureFirewall",
"x-tags": [
"Azure",
"Microsoft"
]
},
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"securityDefinitions": {
"azure_auth": {
"authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
"description": "Azure Active Directory OAuth2 Flow.",
"flow": "implicit",
"scopes": {
"user_impersonation": "impersonate your user account"
},
"type": "oauth2"
}
},
"security": [
{
"azure_auth": [
"user_impersonation"
]
}
],
"paths": {
"/subscriptions/{subscriptionId}/providers/Microsoft.Network/azureFirewalls": {
"get": {
"description": "Gets all the Azure Firewalls in a subscription.",
"operationId": "AzureFirewalls_ListAll",
"parameters": [
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Success. The operation returns a list of AzureFirewall resources.",
"schema": {
"$ref": "#/definitions/AzureFirewallListResult"
}
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"List all Azure Firewalls for a given subscription": {
"parameters": {
"api-version": "2019-07-01",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls": {
"get": {
"description": "Lists all Azure Firewalls in a resource group.",
"operationId": "AzureFirewalls_List",
"parameters": [
{
"description": "The name of the resource group.",
"in": "path",
"name": "resourceGroupName",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Success. The operation returns a list of AzureFirewall resources.",
"schema": {
"$ref": "#/definitions/AzureFirewallListResult"
}
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"List all Azure Firewalls for a given resource group": {
"parameters": {
"api-version": "2019-07-01",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"value": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
]
}
}
}
}
},
"x-ms-pageable": {
"nextLinkName": "nextLink"
}
}
},
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName}": {
"delete": {
"description": "Deletes the specified Azure Firewall.",
"operationId": "AzureFirewalls_Delete",
"parameters": [
{
"description": "The name of the resource group.",
"in": "path",
"name": "resourceGroupName",
"required": true,
"type": "string"
},
{
"description": "The name of the Azure Firewall.",
"in": "path",
"name": "azureFirewallName",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Delete successful."
},
"202": {
"description": "Accepted and the operation will complete asynchronously."
},
"204": {
"description": "Request successful. Resource with the specified name does not exist."
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"Delete Azure Firewall": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {},
"202": {},
"204": {}
}
}
},
"x-ms-long-running-operation": true,
"x-ms-long-running-operation-options": {
"final-state-via": "location"
}
},
"get": {
"description": "Gets the specified Azure Firewall.",
"operationId": "AzureFirewalls_Get",
"parameters": [
{
"description": "The name of the resource group.",
"in": "path",
"name": "resourceGroupName",
"required": true,
"type": "string"
},
{
"description": "The name of the Azure Firewall.",
"in": "path",
"name": "azureFirewallName",
"required": true,
"type": "string"
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Request successful. The operation returns an AzureFirewall resource.",
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"Get Azure Firewall": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
}
}
},
"Get Azure Firewall With Zones": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US 2",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": [
"1",
"2",
"3"
]
}
}
}
}
}
},
"patch": {
"description": "Updates tags for an Azure Firewall resource.",
"operationId": "AzureFirewalls_UpdateTags",
"parameters": [
{
"description": "The name of the resource group.",
"in": "path",
"name": "resourceGroupName",
"required": true,
"type": "string"
},
{
"description": "The name of the Azure Firewall.",
"in": "path",
"name": "azureFirewallName",
"required": true,
"type": "string"
},
{
"description": "Parameters supplied to the create or update Azure Firewall operation.",
"in": "body",
"name": "parameters",
"required": true,
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Update successful. The operation returns the resulting AzureFirewall resource.",
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"Update Azure Firewall Tags": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "fw1",
"parameters": {
"tags": {
"tag1": "value1",
"tag2": "value2"
}
},
"resourceGroupName": "azfwtest",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"id": "/subscriptions/subid/resourceGroups/azfwtest/providers/Microsoft.Network/azureFirewalls/fw1",
"location": "brazilsouth",
"name": "fw1",
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"tag1": "value1",
"tag2": "value2"
},
"type": "Microsoft.Network/azureFirewalls"
}
}
}
}
}
},
"put": {
"description": "Creates or updates the specified Azure Firewall.",
"operationId": "AzureFirewalls_CreateOrUpdate",
"parameters": [
{
"description": "The name of the resource group.",
"in": "path",
"name": "resourceGroupName",
"required": true,
"type": "string"
},
{
"description": "The name of the Azure Firewall.",
"in": "path",
"name": "azureFirewallName",
"required": true,
"type": "string"
},
{
"description": "Parameters supplied to the create or update Azure Firewall operation.",
"in": "body",
"name": "parameters",
"required": true,
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
},
{
"description": "Client API version.",
"in": "query",
"name": "api-version",
"required": true,
"type": "string"
},
{
"description": "The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.",
"in": "path",
"name": "subscriptionId",
"required": true,
"type": "string"
}
],
"responses": {
"200": {
"description": "Update successful. The operation returns the resulting AzureFirewall resource.",
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
},
"201": {
"description": "Create successful. The operation returns the resulting AzureFirewall resource.",
"schema": {
"$ref": "#/definitions/AzureFirewall"
}
}
},
"tags": [
"AzureFirewalls"
],
"x-ms-examples": {
"Create Azure Firewall": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"parameters": {
"location": "West US",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"name": "azureFirewallIpConfiguration",
"properties": {
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"zones": []
},
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
},
"201": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
}
}
},
"Create Azure Firewall With Zones": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"parameters": {
"location": "West US 2",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"name": "azureFirewallIpConfiguration",
"properties": {
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"zones": [
"1",
"2",
"3"
]
},
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US 2",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": [
"1",
"2",
"3"
]
}
},
"201": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US 2",
"name": "azurefirewall",
"properties": {
"applicationRuleCollections": [
{
"name": "apprulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 110,
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [
{
"port": 443,
"protocolType": "Https"
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"targetFqdns": [
"www.test.com"
]
}
]
}
}
],
"ipConfigurations": [
{
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"name": "azureFirewallIpConfiguration",
"properties": {
"privateIPAddress": "10.0.0.0",
"provisioningState": "Succeeded",
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
},
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
}
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"properties": {
"action": {
"type": "Dnat"
},
"priority": 112,
"rules": [
{
"description": "D-NAT all outbound web traffic for inspection",
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"name": "DNAT-HTTPS-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"*"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"properties": {
"action": {
"type": "Deny"
},
"priority": 112,
"rules": [
{
"description": "Block traffic based on source IPs and ports",
"destinationAddresses": [
"*"
],
"destinationPorts": [
"443-444",
"8443"
],
"name": "L4-traffic",
"protocols": [
"TCP"
],
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
]
}
]
}
}
],
"provisioningState": "Succeeded",
"threatIntelMode": "Alert"
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": [
"1",
"2",
"3"
]
}
}
}
},
"Create Azure Firewall in virtual Hub": {
"parameters": {
"api-version": "2019-07-01",
"azureFirewallName": "azurefirewall",
"parameters": {
"location": "West US",
"properties": {
"firewallPolicy": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"
},
"threatIntelMode": "Alert",
"virtualHub": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"
}
},
"tags": {
"key1": "value1"
},
"zones": []
},
"resourceGroupName": "rg1",
"subscriptionId": "subid"
},
"responses": {
"200": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"firewallPolicy": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"
},
"hubIpAddresses": {
"privateIPAddress": "10.0.0.0",
"publicIPAddresses": [
{
"address": "13.73.240.12"
}
]
},
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"virtualHub": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"
}
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
},
"201": {
"body": {
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"location": "West US",
"name": "azurefirewall",
"properties": {
"firewallPolicy": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"
},
"hubIpAddresses": {
"privateIPAddress": "10.0.0.0",
"publicIPAddresses": [
{
"address": "13.73.240.12"
}
]
},
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"virtualHub": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"
}
},
"tags": {
"key1": "value1"
},
"type": "Microsoft.Network/azureFirewalls",
"zones": []
}
}
}
}
},
"x-ms-long-running-operation": true,
"x-ms-long-running-operation-options": {
"final-state-via": "azure-async-operation"
}
}
}
},
"definitions": {
"AzureFirewall": {
"allOf": [
{
"description": "Common resource representation.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
},
"location": {
"description": "Resource location.",
"type": "string"
},
"name": {
"description": "Resource name.",
"readOnly": true,
"type": "string"
},
"tags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags.",
"type": "object"
},
"type": {
"description": "Resource type.",
"readOnly": true,
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Azure Firewall resource.",
"properties": {
"etag": {
"description": "A unique read-only string that changes whenever the resource is updated.",
"readOnly": true,
"type": "string"
},
"properties": {
"$ref": "#/definitions/AzureFirewallPropertiesFormat",
"description": "Properties of the azure firewall.",
"x-ms-client-flatten": true
},
"zones": {
"description": "A list of availability zones denoting where the resource needs to come from.",
"items": {
"type": "string"
},
"type": "array"
}
}
},
"AzureFirewallApplicationRule": {
"description": "Properties of an application rule.",
"properties": {
"description": {
"description": "Description of the rule.",
"type": "string"
},
"fqdnTags": {
"description": "List of FQDN Tags for this rule.",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "Name of the application rule.",
"type": "string"
},
"protocols": {
"description": "Array of ApplicationRuleProtocols.",
"items": {
"$ref": "#/definitions/AzureFirewallApplicationRuleProtocol"
},
"type": "array"
},
"sourceAddresses": {
"description": "List of source IP addresses for this rule.",
"items": {
"type": "string"
},
"type": "array"
},
"targetFqdns": {
"description": "List of FQDNs for this rule.",
"items": {
"type": "string"
},
"type": "array"
}
}
},
"AzureFirewallApplicationRuleCollection": {
"allOf": [
{
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Application rule collection resource.",
"properties": {
"etag": {
"description": "A unique read-only string that changes whenever the resource is updated.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/AzureFirewallApplicationRuleCollectionPropertiesFormat",
"description": "Properties of the azure firewall application rule collection.",
"x-ms-client-flatten": true
}
}
},
"AzureFirewallApplicationRuleCollectionPropertiesFormat": {
"description": "Properties of the application rule collection.",
"properties": {
"action": {
"$ref": "#/definitions/AzureFirewallRCAction",
"description": "The action type of a rule collection."
},
"priority": {
"description": "Priority of the application rule collection resource.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"format": "int32",
"maximum": 65000,
"minimum": 100,
"type": "integer"
},
"provisioningState": {
"description": "The current provisioning state.",
"enum": [
"Succeeded",
"Updating",
"Deleting",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"rules": {
"description": "Collection of rules used by a application rule collection.",
"items": {
"$ref": "#/definitions/AzureFirewallApplicationRule"
},
"type": "array"
}
}
},
"AzureFirewallApplicationRuleProtocol": {
"description": "Properties of the application rule protocol.",
"properties": {
"port": {
"description": "Port number for the protocol, cannot be greater than 64000. This field is optional.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"format": "int32",
"maximum": 64000,
"minimum": 0,
"type": "integer"
},
"protocolType": {
"$ref": "#/definitions/AzureFirewallApplicationRuleProtocolType",
"description": "Protocol type."
}
}
},
"AzureFirewallApplicationRuleProtocolType": {
"description": "The protocol type of a Application Rule resource.",
"enum": [
"Http",
"Https",
"Mssql"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AzureFirewallApplicationRuleProtocolType"
}
},
"AzureFirewallIPConfiguration": {
"allOf": [
{
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "IP configuration of an Azure Firewall.",
"properties": {
"etag": {
"description": "A unique read-only string that changes whenever the resource is updated.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "Name of the resource that is unique within a resource group. This name can be used to access the resource.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/AzureFirewallIPConfigurationPropertiesFormat",
"description": "Properties of the azure firewall IP configuration.",
"x-ms-client-flatten": true
}
}
},
"AzureFirewallIPConfigurationPropertiesFormat": {
"description": "Properties of IP configuration of an Azure Firewall.",
"properties": {
"privateIPAddress": {
"description": "The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.",
"readOnly": true,
"type": "string"
},
"provisioningState": {
"description": "The current provisioning state.",
"enum": [
"Succeeded",
"Updating",
"Deleting",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"publicIPAddress": {
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
},
"subnet": {
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
}
},
"AzureFirewallListResult": {
"description": "Response for ListAzureFirewalls API service call.",
"properties": {
"nextLink": {
"description": "URL to get the next set of results.",
"type": "string"
},
"value": {
"description": "List of Azure Firewalls in a resource group.",
"items": {
"$ref": "#/definitions/AzureFirewall"
},
"type": "array"
}
}
},
"AzureFirewallNatRCAction": {
"description": "AzureFirewall NAT Rule Collection Action.",
"properties": {
"type": {
"$ref": "#/definitions/AzureFirewallNatRCActionType",
"description": "The type of action."
}
}
},
"AzureFirewallNatRCActionType": {
"description": "The action type of a NAT rule collection.",
"enum": [
"Snat",
"Dnat"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AzureFirewallNatRCActionType"
}
},
"AzureFirewallNatRule": {
"description": "Properties of a NAT rule.",
"properties": {
"description": {
"description": "Description of the rule.",
"type": "string"
},
"destinationAddresses": {
"description": "List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.",
"items": {
"type": "string"
},
"type": "array"
},
"destinationPorts": {
"description": "List of destination ports.",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "Name of the NAT rule.",
"type": "string"
},
"protocols": {
"description": "Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.",
"items": {
"$ref": "#/definitions/AzureFirewallNetworkRuleProtocol"
},
"type": "array"
},
"sourceAddresses": {
"description": "List of source IP addresses for this rule.",
"items": {
"type": "string"
},
"type": "array"
},
"translatedAddress": {
"description": "The translated address for this NAT rule.",
"type": "string"
},
"translatedPort": {
"description": "The translated port for this NAT rule.",
"type": "string"
}
}
},
"AzureFirewallNatRuleCollection": {
"allOf": [
{
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "NAT rule collection resource.",
"properties": {
"etag": {
"description": "A unique read-only string that changes whenever the resource is updated.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/AzureFirewallNatRuleCollectionProperties",
"description": "Properties of the azure firewall NAT rule collection.",
"x-ms-client-flatten": true
}
}
},
"AzureFirewallNatRuleCollectionProperties": {
"description": "Properties of the NAT rule collection.",
"properties": {
"action": {
"$ref": "#/definitions/AzureFirewallNatRCAction",
"description": "The action type of a NAT rule collection."
},
"priority": {
"description": "Priority of the NAT rule collection resource.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"format": "int32",
"maximum": 65000,
"minimum": 100,
"type": "integer"
},
"provisioningState": {
"description": "The current provisioning state.",
"enum": [
"Succeeded",
"Updating",
"Deleting",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"rules": {
"description": "Collection of rules used by a NAT rule collection.",
"items": {
"$ref": "#/definitions/AzureFirewallNatRule"
},
"type": "array"
}
}
},
"AzureFirewallNetworkRule": {
"description": "Properties of the network rule.",
"properties": {
"description": {
"description": "Description of the rule.",
"type": "string"
},
"destinationAddresses": {
"description": "List of destination IP addresses.",
"items": {
"type": "string"
},
"type": "array"
},
"destinationPorts": {
"description": "List of destination ports.",
"items": {
"type": "string"
},
"type": "array"
},
"name": {
"description": "Name of the network rule.",
"type": "string"
},
"protocols": {
"description": "Array of AzureFirewallNetworkRuleProtocols.",
"items": {
"$ref": "#/definitions/AzureFirewallNetworkRuleProtocol"
},
"type": "array"
},
"sourceAddresses": {
"description": "List of source IP addresses for this rule.",
"items": {
"type": "string"
},
"type": "array"
}
}
},
"AzureFirewallNetworkRuleCollection": {
"allOf": [
{
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
],
"description": "Network rule collection resource.",
"properties": {
"etag": {
"description": "A unique read-only string that changes whenever the resource is updated.",
"readOnly": true,
"type": "string"
},
"name": {
"description": "The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.",
"type": "string"
},
"properties": {
"$ref": "#/definitions/AzureFirewallNetworkRuleCollectionPropertiesFormat",
"description": "Properties of the azure firewall network rule collection.",
"x-ms-client-flatten": true
}
}
},
"AzureFirewallNetworkRuleCollectionPropertiesFormat": {
"description": "Properties of the network rule collection.",
"properties": {
"action": {
"$ref": "#/definitions/AzureFirewallRCAction",
"description": "The action type of a rule collection."
},
"priority": {
"description": "Priority of the network rule collection resource.",
"exclusiveMaximum": false,
"exclusiveMinimum": false,
"format": "int32",
"maximum": 65000,
"minimum": 100,
"type": "integer"
},
"provisioningState": {
"description": "The current provisioning state.",
"enum": [
"Succeeded",
"Updating",
"Deleting",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"rules": {
"description": "Collection of rules used by a network rule collection.",
"items": {
"$ref": "#/definitions/AzureFirewallNetworkRule"
},
"type": "array"
}
}
},
"AzureFirewallNetworkRuleProtocol": {
"description": "The protocol of a Network Rule resource.",
"enum": [
"TCP",
"UDP",
"Any",
"ICMP"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AzureFirewallNetworkRuleProtocol"
}
},
"AzureFirewallPropertiesFormat": {
"description": "Properties of the Azure Firewall.",
"properties": {
"applicationRuleCollections": {
"description": "Collection of application rule collections used by Azure Firewall.",
"items": {
"$ref": "#/definitions/AzureFirewallApplicationRuleCollection"
},
"type": "array"
},
"firewallPolicy": {
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
},
"hubIpAddresses": {
"$ref": "#/definitions/HubIPAddresses",
"description": "IP addresses associated with AzureFirewall.",
"readOnly": true
},
"ipConfigurations": {
"description": "IP configuration of the Azure Firewall resource.",
"items": {
"$ref": "#/definitions/AzureFirewallIPConfiguration"
},
"type": "array"
},
"natRuleCollections": {
"description": "Collection of NAT rule collections used by Azure Firewall.",
"items": {
"$ref": "#/definitions/AzureFirewallNatRuleCollection"
},
"type": "array"
},
"networkRuleCollections": {
"description": "Collection of network rule collections used by Azure Firewall.",
"items": {
"$ref": "#/definitions/AzureFirewallNetworkRuleCollection"
},
"type": "array"
},
"provisioningState": {
"description": "The current provisioning state.",
"enum": [
"Succeeded",
"Updating",
"Deleting",
"Failed"
],
"readOnly": true,
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "ProvisioningState"
}
},
"threatIntelMode": {
"$ref": "#/definitions/AzureFirewallThreatIntelMode",
"description": "The operation mode for Threat Intelligence."
},
"virtualHub": {
"description": "Reference to another subresource.",
"properties": {
"id": {
"description": "Resource ID.",
"type": "string"
}
},
"x-ms-azure-resource": true
}
}
},
"AzureFirewallPublicIPAddress": {
"description": "Public IP Address associated with azure firewall.",
"properties": {
"address": {
"description": "Public IP Address value.",
"type": "string"
}
}
},
"AzureFirewallRCAction": {
"description": "Properties of the AzureFirewallRCAction.",
"properties": {
"type": {
"$ref": "#/definitions/AzureFirewallRCActionType",
"description": "The type of action."
}
}
},
"AzureFirewallRCActionType": {
"description": "The action type of a rule collection.",
"enum": [
"Allow",
"Deny"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AzureFirewallRCActionType"
}
},
"AzureFirewallThreatIntelMode": {
"description": "The operation mode for Threat Intel.",
"enum": [
"Alert",
"Deny",
"Off"
],
"type": "string",
"x-ms-enum": {
"modelAsString": true,
"name": "AzureFirewallThreatIntelMode"
}
},
"HubIPAddresses": {
"description": "IP addresses associated with azure firewall.",
"properties": {
"privateIPAddress": {
"description": "Private IP Address associated with azure firewall.",
"type": "string"
},
"publicIPAddresses": {
"description": "List of Public IP addresses associated with azure firewall.",
"items": {
"$ref": "#/definitions/AzureFirewallPublicIPAddress"
},
"type": "array"
}
}
}
}
}