Firewall
data class FirewallPolicyArgs(val basePolicy: Output<SubResourceArgs>? = null, val dnsSettings: Output<DnsSettingsArgs>? = null, val explicitProxy: Output<ExplicitProxyArgs>? = null, val firewallPolicyName: Output<String>? = null, val id: Output<String>? = null, val identity: Output<ManagedServiceIdentityArgs>? = null, val insights: Output<FirewallPolicyInsightsArgs>? = null, val intrusionDetection: Output<FirewallPolicyIntrusionDetectionArgs>? = null, val location: Output<String>? = null, val resourceGroupName: Output<String>? = null, val sku: Output<FirewallPolicySkuArgs>? = null, val snat: Output<FirewallPolicySNATArgs>? = null, val sql: Output<FirewallPolicySQLArgs>? = null, val tags: Output<Map<String, String>>? = null, val threatIntelMode: Output<Either<String, AzureFirewallThreatIntelMode>>? = null, val threatIntelWhitelist: Output<FirewallPolicyThreatIntelWhitelistArgs>? = null, val transportSecurity: Output<FirewallPolicyTransportSecurityArgs>? = null) : ConvertibleToJava<FirewallPolicyArgs>
FirewallPolicy Resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01. Other available API versions: 2020-04-01, 2021-08-01, 2023-04-01, 2023-05-01.
Example Usage
Create FirewallPolicy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var firewallPolicy = new AzureNative.Network.FirewallPolicy("firewallPolicy", new()
{
DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
{
EnableProxy = true,
RequireProxyForNetworkRules = false,
Servers = new[]
{
"30.3.4.5",
},
},
ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
{
EnableExplicitProxy = true,
EnablePacFile = true,
HttpPort = 8087,
HttpsPort = 8087,
PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
PacFilePort = 8087,
},
FirewallPolicyName = "firewallPolicy",
Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
{
IsEnabled = true,
LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
{
DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
Workspaces = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "westus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "eastus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
},
},
RetentionDays = 100,
},
IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
{
BypassTrafficSettings = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
{
Description = "Rule 1",
DestinationAddresses = new[]
{
"5.6.7.8",
},
DestinationPorts = new[]
{
"*",
},
Name = "bypassRule1",
Protocol = "TCP",
SourceAddresses = new[]
{
"1.2.3.4",
},
},
},
SignatureOverrides = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
{
Id = "2525004",
Mode = "Deny",
},
},
},
Mode = "Alert",
},
Location = "West US",
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
{
Tier = "Premium",
},
Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
{
PrivateRanges = new[]
{
"IANAPrivateRanges",
},
},
Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
{
AllowSqlRedirect = true,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = "Alert",
ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
{
Fqdns = new[]
{
"*.microsoft.com",
},
IpAddresses = new[]
{
"20.3.4.5",
},
},
TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
{
CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
{
KeyVaultSecretId = "https://kv/secret",
Name = "clientcert",
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewFirewallPolicy(ctx, "firewallPolicy", &network.FirewallPolicyArgs{
DnsSettings: &network.DnsSettingsArgs{
EnableProxy: pulumi.Bool(true),
RequireProxyForNetworkRules: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("30.3.4.5"),
},
},
ExplicitProxy: &network.ExplicitProxyArgs{
EnableExplicitProxy: pulumi.Bool(true),
EnablePacFile: pulumi.Bool(true),
HttpPort: pulumi.Int(8087),
HttpsPort: pulumi.Int(8087),
PacFile: pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
PacFilePort: pulumi.Int(8087),
},
FirewallPolicyName: pulumi.String("firewallPolicy"),
Insights: network.FirewallPolicyInsightsResponse{
IsEnabled: pulumi.Bool(true),
LogAnalyticsResources: interface{}{
DefaultWorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
},
Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
interface{}{
Region: pulumi.String("westus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
},
},
interface{}{
Region: pulumi.String("eastus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
},
},
},
},
RetentionDays: pulumi.Int(100),
},
IntrusionDetection: network.FirewallPolicyIntrusionDetectionResponse{
Configuration: interface{}{
BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
Description: pulumi.String("Rule 1"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("5.6.7.8"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("*"),
},
Name: pulumi.String("bypassRule1"),
Protocol: pulumi.String("TCP"),
SourceAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
},
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
Id: pulumi.String("2525004"),
Mode: pulumi.String("Deny"),
},
},
},
Mode: pulumi.String("Alert"),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.FirewallPolicySkuArgs{
Tier: pulumi.String("Premium"),
},
Snat: &network.FirewallPolicySNATArgs{
PrivateRanges: pulumi.StringArray{
pulumi.String("IANAPrivateRanges"),
},
},
Sql: &network.FirewallPolicySQLArgs{
AllowSqlRedirect: pulumi.Bool(true),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String("Alert"),
ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("*.microsoft.com"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("20.3.4.5"),
},
},
TransportSecurity: network.FirewallPolicyTransportSecurityResponse{
CertificateAuthority: &network.FirewallPolicyCertificateAuthorityArgs{
KeyVaultSecretId: pulumi.String("https://kv/secret"),
Name: pulumi.String("clientcert"),
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.FirewallPolicy;
import com.pulumi.azurenative.network.FirewallPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var firewallPolicy = new FirewallPolicy("firewallPolicy", FirewallPolicyArgs.builder()
.dnsSettings(Map.ofEntries(
Map.entry("enableProxy", true),
Map.entry("requireProxyForNetworkRules", false),
Map.entry("servers", "30.3.4.5")
))
.explicitProxy(Map.ofEntries(
Map.entry("enableExplicitProxy", true),
Map.entry("enablePacFile", true),
Map.entry("httpPort", 8087),
Map.entry("httpsPort", 8087),
Map.entry("pacFile", "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
Map.entry("pacFilePort", 8087)
))
.firewallPolicyName("firewallPolicy")
.insights(Map.ofEntries(
Map.entry("isEnabled", true),
Map.entry("logAnalyticsResources", Map.ofEntries(
Map.entry("defaultWorkspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")),
Map.entry("workspaces",
Map.ofEntries(
Map.entry("region", "westus"),
Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"))
),
Map.ofEntries(
Map.entry("region", "eastus"),
Map.entry("workspaceId", Map.of("id", "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"))
))
)),
Map.entry("retentionDays", 100)
))
.intrusionDetection(Map.ofEntries(
Map.entry("configuration", Map.ofEntries(
Map.entry("bypassTrafficSettings", Map.ofEntries(
Map.entry("description", "Rule 1"),
Map.entry("destinationAddresses", "5.6.7.8"),
Map.entry("destinationPorts", "*"),
Map.entry("name", "bypassRule1"),
Map.entry("protocol", "TCP"),
Map.entry("sourceAddresses", "1.2.3.4")
)),
Map.entry("signatureOverrides", Map.ofEntries(
Map.entry("id", "2525004"),
Map.entry("mode", "Deny")
))
)),
Map.entry("mode", "Alert")
))
.location("West US")
.resourceGroupName("rg1")
.sku(Map.of("tier", "Premium"))
.snat(Map.of("privateRanges", "IANAPrivateRanges"))
.sql(Map.of("allowSqlRedirect", true))
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.threatIntelWhitelist(Map.ofEntries(
Map.entry("fqdns", "*.microsoft.com"),
Map.entry("ipAddresses", "20.3.4.5")
))
.transportSecurity(Map.of("certificateAuthority", Map.ofEntries(
Map.entry("keyVaultSecretId", "https://kv/secret"),
Map.entry("name", "clientcert")
)))
.build());
}
}Content copied to clipboard
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:network:FirewallPolicy firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}Content copied to clipboard
Constructors
Link copied to clipboard
fun FirewallPolicyArgs(basePolicy: Output<SubResourceArgs>? = null, dnsSettings: Output<DnsSettingsArgs>? = null, explicitProxy: Output<ExplicitProxyArgs>? = null, firewallPolicyName: Output<String>? = null, id: Output<String>? = null, identity: Output<ManagedServiceIdentityArgs>? = null, insights: Output<FirewallPolicyInsightsArgs>? = null, intrusionDetection: Output<FirewallPolicyIntrusionDetectionArgs>? = null, location: Output<String>? = null, resourceGroupName: Output<String>? = null, sku: Output<FirewallPolicySkuArgs>? = null, snat: Output<FirewallPolicySNATArgs>? = null, sql: Output<FirewallPolicySQLArgs>? = null, tags: Output<Map<String, String>>? = null, threatIntelMode: Output<Either<String, AzureFirewallThreatIntelMode>>? = null, threatIntelWhitelist: Output<FirewallPolicyThreatIntelWhitelistArgs>? = null, transportSecurity: Output<FirewallPolicyTransportSecurityArgs>? = null)
Functions
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard