Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.network.FirewallPolicy
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
FirewallPolicy Resource. Azure REST API version: 2023-02-01. Prior API version in Azure Native 1.x: 2020-11-01.
Other available API versions: 2020-04-01, 2021-08-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01, 2024-03-01, 2024-05-01.
Example Usage
Create FirewallPolicy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var firewallPolicy = new AzureNative.Network.FirewallPolicy("firewallPolicy", new()
{
DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
{
EnableProxy = true,
RequireProxyForNetworkRules = false,
Servers = new[]
{
"30.3.4.5",
},
},
ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
{
EnableExplicitProxy = true,
EnablePacFile = true,
HttpPort = 8087,
HttpsPort = 8087,
PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
PacFilePort = 8087,
},
FirewallPolicyName = "firewallPolicy",
Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
{
IsEnabled = true,
LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
{
DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
Workspaces = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "westus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "eastus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
},
},
RetentionDays = 100,
},
IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
{
BypassTrafficSettings = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
{
Description = "Rule 1",
DestinationAddresses = new[]
{
"5.6.7.8",
},
DestinationPorts = new[]
{
"*",
},
Name = "bypassRule1",
Protocol = AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol.TCP,
SourceAddresses = new[]
{
"1.2.3.4",
},
},
},
SignatureOverrides = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
{
Id = "2525004",
Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Deny,
},
},
},
Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Alert,
},
Location = "West US",
ResourceGroupName = "rg1",
Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
{
Tier = AzureNative.Network.FirewallPolicySkuTier.Premium,
},
Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
{
PrivateRanges = new[]
{
"IANAPrivateRanges",
},
},
Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
{
AllowSqlRedirect = true,
},
Tags =
{
{ "key1", "value1" },
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
{
Fqdns = new[]
{
"*.microsoft.com",
},
IpAddresses = new[]
{
"20.3.4.5",
},
},
TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
{
CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
{
KeyVaultSecretId = "https://kv/secret",
Name = "clientcert",
},
},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewFirewallPolicy(ctx, "firewallPolicy", &network.FirewallPolicyArgs{
DnsSettings: &network.DnsSettingsArgs{
EnableProxy: pulumi.Bool(true),
RequireProxyForNetworkRules: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("30.3.4.5"),
},
},
ExplicitProxy: &network.ExplicitProxyArgs{
EnableExplicitProxy: pulumi.Bool(true),
EnablePacFile: pulumi.Bool(true),
HttpPort: pulumi.Int(8087),
HttpsPort: pulumi.Int(8087),
PacFile: pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
PacFilePort: pulumi.Int(8087),
},
FirewallPolicyName: pulumi.String("firewallPolicy"),
Insights: &network.FirewallPolicyInsightsArgs{
IsEnabled: pulumi.Bool(true),
LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
DefaultWorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
},
Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("westus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
},
},
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("eastus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
},
},
},
},
RetentionDays: pulumi.Int(100),
},
IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
Description: pulumi.String("Rule 1"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("5.6.7.8"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("*"),
},
Name: pulumi.String("bypassRule1"),
Protocol: pulumi.String(network.FirewallPolicyIntrusionDetectionProtocolTCP),
SourceAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
},
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
Id: pulumi.String("2525004"),
Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeDeny),
},
},
},
Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeAlert),
},
Location: pulumi.String("West US"),
ResourceGroupName: pulumi.String("rg1"),
Sku: &network.FirewallPolicySkuArgs{
Tier: pulumi.String(network.FirewallPolicySkuTierPremium),
},
Snat: &network.FirewallPolicySNATArgs{
PrivateRanges: pulumi.StringArray{
pulumi.String("IANAPrivateRanges"),
},
},
Sql: &network.FirewallPolicySQLArgs{
AllowSqlRedirect: pulumi.Bool(true),
},
Tags: pulumi.StringMap{
"key1": pulumi.String("value1"),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("*.microsoft.com"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("20.3.4.5"),
},
},
TransportSecurity: &network.FirewallPolicyTransportSecurityArgs{
CertificateAuthority: &network.FirewallPolicyCertificateAuthorityArgs{
KeyVaultSecretId: pulumi.String("https://kv/secret"),
Name: pulumi.String("clientcert"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.FirewallPolicy;
import com.pulumi.azurenative.network.FirewallPolicyArgs;
import com.pulumi.azurenative.network.inputs.DnsSettingsArgs;
import com.pulumi.azurenative.network.inputs.ExplicitProxyArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyInsightsArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyLogAnalyticsResourcesArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionConfigurationArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySkuArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySNATArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySQLArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyThreatIntelWhitelistArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyTransportSecurityArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyCertificateAuthorityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var firewallPolicy = new FirewallPolicy("firewallPolicy", FirewallPolicyArgs.builder()
.dnsSettings(DnsSettingsArgs.builder()
.enableProxy(true)
.requireProxyForNetworkRules(false)
.servers("30.3.4.5")
.build())
.explicitProxy(ExplicitProxyArgs.builder()
.enableExplicitProxy(true)
.enablePacFile(true)
.httpPort(8087)
.httpsPort(8087)
.pacFile("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D")
.pacFilePort(8087)
.build())
.firewallPolicyName("firewallPolicy")
.insights(FirewallPolicyInsightsArgs.builder()
.isEnabled(true)
.logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
.defaultWorkspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")
.build())
.workspaces(
FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("westus")
.workspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1")
.build())
.build(),
FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("eastus")
.workspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2")
.build())
.build())
.build())
.retentionDays(100)
.build())
.intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
.configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
.bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
.description("Rule 1")
.destinationAddresses("5.6.7.8")
.destinationPorts("*")
.name("bypassRule1")
.protocol("TCP")
.sourceAddresses("1.2.3.4")
.build())
.signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
.id("2525004")
.mode("Deny")
.build())
.build())
.mode("Alert")
.build())
.location("West US")
.resourceGroupName("rg1")
.sku(FirewallPolicySkuArgs.builder()
.tier("Premium")
.build())
.snat(FirewallPolicySNATArgs.builder()
.privateRanges("IANAPrivateRanges")
.build())
.sql(FirewallPolicySQLArgs.builder()
.allowSqlRedirect(true)
.build())
.tags(Map.of("key1", "value1"))
.threatIntelMode("Alert")
.threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
.fqdns("*.microsoft.com")
.ipAddresses("20.3.4.5")
.build())
.transportSecurity(FirewallPolicyTransportSecurityArgs.builder()
.certificateAuthority(FirewallPolicyCertificateAuthorityArgs.builder()
.keyVaultSecretId("https://kv/secret")
.name("clientcert")
.build())
.build())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const firewallPolicy = new azure_native.network.FirewallPolicy("firewallPolicy", {
dnsSettings: {
enableProxy: true,
requireProxyForNetworkRules: false,
servers: ["30.3.4.5"],
},
explicitProxy: {
enableExplicitProxy: true,
enablePacFile: true,
httpPort: 8087,
httpsPort: 8087,
pacFile: "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
pacFilePort: 8087,
},
firewallPolicyName: "firewallPolicy",
insights: {
isEnabled: true,
logAnalyticsResources: {
defaultWorkspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
workspaces: [
{
region: "westus",
workspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
{
region: "eastus",
workspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
],
},
retentionDays: 100,
},
intrusionDetection: {
configuration: {
bypassTrafficSettings: [{
description: "Rule 1",
destinationAddresses: ["5.6.7.8"],
destinationPorts: ["*"],
name: "bypassRule1",
protocol: azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
sourceAddresses: ["1.2.3.4"],
}],
signatureOverrides: [{
id: "2525004",
mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Deny,
}],
},
mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Alert,
},
location: "West US",
resourceGroupName: "rg1",
sku: {
tier: azure_native.network.FirewallPolicySkuTier.Premium,
},
snat: {
privateRanges: ["IANAPrivateRanges"],
},
sql: {
allowSqlRedirect: true,
},
tags: {
key1: "value1",
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
threatIntelWhitelist: {
fqdns: ["*.microsoft.com"],
ipAddresses: ["20.3.4.5"],
},
transportSecurity: {
certificateAuthority: {
keyVaultSecretId: "https://kv/secret",
name: "clientcert",
},
},
});
import pulumi
import pulumi_azure_native as azure_native
firewall_policy = azure_native.network.FirewallPolicy("firewallPolicy",
dns_settings={
"enable_proxy": True,
"require_proxy_for_network_rules": False,
"servers": ["30.3.4.5"],
},
explicit_proxy={
"enable_explicit_proxy": True,
"enable_pac_file": True,
"http_port": 8087,
"https_port": 8087,
"pac_file": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
"pac_file_port": 8087,
},
firewall_policy_name="firewallPolicy",
insights={
"is_enabled": True,
"log_analytics_resources": {
"default_workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
"workspaces": [
{
"region": "westus",
"workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
{
"region": "eastus",
"workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
],
},
"retention_days": 100,
},
intrusion_detection={
"configuration": {
"bypass_traffic_settings": [{
"description": "Rule 1",
"destination_addresses": ["5.6.7.8"],
"destination_ports": ["*"],
"name": "bypassRule1",
"protocol": azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
"source_addresses": ["1.2.3.4"],
}],
"signature_overrides": [{
"id": "2525004",
"mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.DENY,
}],
},
"mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.ALERT,
},
location="West US",
resource_group_name="rg1",
sku={
"tier": azure_native.network.FirewallPolicySkuTier.PREMIUM,
},
snat={
"private_ranges": ["IANAPrivateRanges"],
},
sql={
"allow_sql_redirect": True,
},
tags={
"key1": "value1",
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
threat_intel_whitelist={
"fqdns": ["*.microsoft.com"],
"ip_addresses": ["20.3.4.5"],
},
transport_security={
"certificate_authority": {
"key_vault_secret_id": "https://kv/secret",
"name": "clientcert",
},
})
resources:
firewallPolicy:
type: azure-native:network:FirewallPolicy
properties:
dnsSettings:
enableProxy: true
requireProxyForNetworkRules: false
servers:
- 30.3.4.5
explicitProxy:
enableExplicitProxy: true
enablePacFile: true
httpPort: 8087
httpsPort: 8087
pacFile: https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D
pacFilePort: 8087
firewallPolicyName: firewallPolicy
insights:
isEnabled: true
logAnalyticsResources:
defaultWorkspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
workspaces:
- region: westus
workspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
- region: eastus
workspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
retentionDays: 100
intrusionDetection:
configuration:
bypassTrafficSettings:
- description: Rule 1
destinationAddresses:
- 5.6.7.8
destinationPorts:
- '*'
name: bypassRule1
protocol: TCP
sourceAddresses:
- 1.2.3.4
signatureOverrides:
- id: '2525004'
mode: Deny
mode: Alert
location: West US
resourceGroupName: rg1
sku:
tier: Premium
snat:
privateRanges:
- IANAPrivateRanges
sql:
allowSqlRedirect: true
tags:
key1: value1
threatIntelMode: Alert
threatIntelWhitelist:
fqdns:
- '*.microsoft.com'
ipAddresses:
- 20.3.4.5
transportSecurity:
certificateAuthority:
keyVaultSecretId: https://kv/secret
name: clientcert
Create FirewallPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicy(name: string, args: FirewallPolicyArgs, opts?: CustomResourceOptions);@overload
def FirewallPolicy(resource_name: str,
args: FirewallPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
resource_group_name: Optional[str] = None,
location: Optional[str] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
firewall_policy_name: Optional[str] = None,
id: Optional[str] = None,
dns_settings: Optional[DnsSettingsArgs] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
explicit_proxy: Optional[ExplicitProxyArgs] = None,
base_policy: Optional[SubResourceArgs] = None,
identity: Optional[ManagedServiceIdentityArgs] = None,
sku: Optional[FirewallPolicySkuArgs] = None,
snat: Optional[FirewallPolicySNATArgs] = None,
sql: Optional[FirewallPolicySQLArgs] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None,
transport_security: Optional[FirewallPolicyTransportSecurityArgs] = None)func NewFirewallPolicy(ctx *Context, name string, args FirewallPolicyArgs, opts ...ResourceOption) (*FirewallPolicy, error)public FirewallPolicy(string name, FirewallPolicyArgs args, CustomResourceOptions? opts = null)
public FirewallPolicy(String name, FirewallPolicyArgs args)
public FirewallPolicy(String name, FirewallPolicyArgs args, CustomResourceOptions options)
type: azure-native:network:FirewallPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallPolicyResource = new AzureNative.Network.FirewallPolicy("firewallPolicyResource", new()
{
ResourceGroupName = "string",
Location = "string",
IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
{
BypassTrafficSettings = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
{
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationIpGroups = new[]
{
"string",
},
DestinationPorts = new[]
{
"string",
},
Name = "string",
Protocol = "string",
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
},
},
PrivateRanges = new[]
{
"string",
},
SignatureOverrides = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
{
Id = "string",
Mode = "string",
},
},
},
Mode = "string",
Profile = "string",
},
FirewallPolicyName = "string",
Id = "string",
DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
{
EnableProxy = false,
RequireProxyForNetworkRules = false,
Servers = new[]
{
"string",
},
},
Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
{
IsEnabled = false,
LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
{
DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Workspaces = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "string",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
},
},
},
RetentionDays = 0,
},
ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
{
EnableExplicitProxy = false,
EnablePacFile = false,
HttpPort = 0,
HttpsPort = 0,
PacFile = "string",
PacFilePort = 0,
},
BasePolicy = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Identity = new AzureNative.Network.Inputs.ManagedServiceIdentityArgs
{
Type = AzureNative.Network.ResourceIdentityType.SystemAssigned,
UserAssignedIdentities = new[]
{
"string",
},
},
Sku = new AzureNative.Network.Inputs.FirewallPolicySkuArgs
{
Tier = "string",
},
Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
{
AutoLearnPrivateRanges = "string",
PrivateRanges = new[]
{
"string",
},
},
Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
{
AllowSqlRedirect = false,
},
Tags =
{
{ "string", "string" },
},
ThreatIntelMode = "string",
ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
{
Fqdns = new[]
{
"string",
},
IpAddresses = new[]
{
"string",
},
},
TransportSecurity = new AzureNative.Network.Inputs.FirewallPolicyTransportSecurityArgs
{
CertificateAuthority = new AzureNative.Network.Inputs.FirewallPolicyCertificateAuthorityArgs
{
KeyVaultSecretId = "string",
Name = "string",
},
},
});
example, err := network.NewFirewallPolicy(ctx, "firewallPolicyResource", &network.FirewallPolicyArgs{
ResourceGroupName: pulumi.String("string"),
Location: pulumi.String("string"),
IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Protocol: pulumi.String("string"),
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
},
},
PrivateRanges: pulumi.StringArray{
pulumi.String("string"),
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
Id: pulumi.String("string"),
Mode: pulumi.String("string"),
},
},
},
Mode: pulumi.String("string"),
Profile: pulumi.String("string"),
},
FirewallPolicyName: pulumi.String("string"),
Id: pulumi.String("string"),
DnsSettings: &network.DnsSettingsArgs{
EnableProxy: pulumi.Bool(false),
RequireProxyForNetworkRules: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("string"),
},
},
Insights: &network.FirewallPolicyInsightsArgs{
IsEnabled: pulumi.Bool(false),
LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
DefaultWorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("string"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
},
},
},
RetentionDays: pulumi.Int(0),
},
ExplicitProxy: &network.ExplicitProxyArgs{
EnableExplicitProxy: pulumi.Bool(false),
EnablePacFile: pulumi.Bool(false),
HttpPort: pulumi.Int(0),
HttpsPort: pulumi.Int(0),
PacFile: pulumi.String("string"),
PacFilePort: pulumi.Int(0),
},
BasePolicy: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Identity: &network.ManagedServiceIdentityArgs{
Type: network.ResourceIdentityTypeSystemAssigned,
UserAssignedIdentities: pulumi.StringArray{
pulumi.String("string"),
},
},
Sku: &network.FirewallPolicySkuArgs{
Tier: pulumi.String("string"),
},
Snat: &network.FirewallPolicySNATArgs{
AutoLearnPrivateRanges: pulumi.String("string"),
PrivateRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
Sql: &network.FirewallPolicySQLArgs{
AllowSqlRedirect: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ThreatIntelMode: pulumi.String("string"),
ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
},
TransportSecurity: &network.FirewallPolicyTransportSecurityArgs{
CertificateAuthority: &network.FirewallPolicyCertificateAuthorityArgs{
KeyVaultSecretId: pulumi.String("string"),
Name: pulumi.String("string"),
},
},
})
var firewallPolicyResource = new FirewallPolicy("firewallPolicyResource", FirewallPolicyArgs.builder()
.resourceGroupName("string")
.location("string")
.intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
.configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
.bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
.description("string")
.destinationAddresses("string")
.destinationIpGroups("string")
.destinationPorts("string")
.name("string")
.protocol("string")
.sourceAddresses("string")
.sourceIpGroups("string")
.build())
.privateRanges("string")
.signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
.id("string")
.mode("string")
.build())
.build())
.mode("string")
.profile("string")
.build())
.firewallPolicyName("string")
.id("string")
.dnsSettings(DnsSettingsArgs.builder()
.enableProxy(false)
.requireProxyForNetworkRules(false)
.servers("string")
.build())
.insights(FirewallPolicyInsightsArgs.builder()
.isEnabled(false)
.logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
.defaultWorkspaceId(SubResourceArgs.builder()
.id("string")
.build())
.workspaces(FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("string")
.workspaceId(SubResourceArgs.builder()
.id("string")
.build())
.build())
.build())
.retentionDays(0)
.build())
.explicitProxy(ExplicitProxyArgs.builder()
.enableExplicitProxy(false)
.enablePacFile(false)
.httpPort(0)
.httpsPort(0)
.pacFile("string")
.pacFilePort(0)
.build())
.basePolicy(SubResourceArgs.builder()
.id("string")
.build())
.identity(ManagedServiceIdentityArgs.builder()
.type("SystemAssigned")
.userAssignedIdentities("string")
.build())
.sku(FirewallPolicySkuArgs.builder()
.tier("string")
.build())
.snat(FirewallPolicySNATArgs.builder()
.autoLearnPrivateRanges("string")
.privateRanges("string")
.build())
.sql(FirewallPolicySQLArgs.builder()
.allowSqlRedirect(false)
.build())
.tags(Map.of("string", "string"))
.threatIntelMode("string")
.threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
.fqdns("string")
.ipAddresses("string")
.build())
.transportSecurity(FirewallPolicyTransportSecurityArgs.builder()
.certificateAuthority(FirewallPolicyCertificateAuthorityArgs.builder()
.keyVaultSecretId("string")
.name("string")
.build())
.build())
.build());
firewall_policy_resource = azure_native.network.FirewallPolicy("firewallPolicyResource",
resource_group_name="string",
location="string",
intrusion_detection={
"configuration": {
"bypass_traffic_settings": [{
"description": "string",
"destination_addresses": ["string"],
"destination_ip_groups": ["string"],
"destination_ports": ["string"],
"name": "string",
"protocol": "string",
"source_addresses": ["string"],
"source_ip_groups": ["string"],
}],
"private_ranges": ["string"],
"signature_overrides": [{
"id": "string",
"mode": "string",
}],
},
"mode": "string",
"profile": "string",
},
firewall_policy_name="string",
id="string",
dns_settings={
"enable_proxy": False,
"require_proxy_for_network_rules": False,
"servers": ["string"],
},
insights={
"is_enabled": False,
"log_analytics_resources": {
"default_workspace_id": {
"id": "string",
},
"workspaces": [{
"region": "string",
"workspace_id": {
"id": "string",
},
}],
},
"retention_days": 0,
},
explicit_proxy={
"enable_explicit_proxy": False,
"enable_pac_file": False,
"http_port": 0,
"https_port": 0,
"pac_file": "string",
"pac_file_port": 0,
},
base_policy={
"id": "string",
},
identity={
"type": azure_native.network.ResourceIdentityType.SYSTEM_ASSIGNED,
"user_assigned_identities": ["string"],
},
sku={
"tier": "string",
},
snat={
"auto_learn_private_ranges": "string",
"private_ranges": ["string"],
},
sql={
"allow_sql_redirect": False,
},
tags={
"string": "string",
},
threat_intel_mode="string",
threat_intel_whitelist={
"fqdns": ["string"],
"ip_addresses": ["string"],
},
transport_security={
"certificate_authority": {
"key_vault_secret_id": "string",
"name": "string",
},
})
const firewallPolicyResource = new azure_native.network.FirewallPolicy("firewallPolicyResource", {
resourceGroupName: "string",
location: "string",
intrusionDetection: {
configuration: {
bypassTrafficSettings: [{
description: "string",
destinationAddresses: ["string"],
destinationIpGroups: ["string"],
destinationPorts: ["string"],
name: "string",
protocol: "string",
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
}],
privateRanges: ["string"],
signatureOverrides: [{
id: "string",
mode: "string",
}],
},
mode: "string",
profile: "string",
},
firewallPolicyName: "string",
id: "string",
dnsSettings: {
enableProxy: false,
requireProxyForNetworkRules: false,
servers: ["string"],
},
insights: {
isEnabled: false,
logAnalyticsResources: {
defaultWorkspaceId: {
id: "string",
},
workspaces: [{
region: "string",
workspaceId: {
id: "string",
},
}],
},
retentionDays: 0,
},
explicitProxy: {
enableExplicitProxy: false,
enablePacFile: false,
httpPort: 0,
httpsPort: 0,
pacFile: "string",
pacFilePort: 0,
},
basePolicy: {
id: "string",
},
identity: {
type: azure_native.network.ResourceIdentityType.SystemAssigned,
userAssignedIdentities: ["string"],
},
sku: {
tier: "string",
},
snat: {
autoLearnPrivateRanges: "string",
privateRanges: ["string"],
},
sql: {
allowSqlRedirect: false,
},
tags: {
string: "string",
},
threatIntelMode: "string",
threatIntelWhitelist: {
fqdns: ["string"],
ipAddresses: ["string"],
},
transportSecurity: {
certificateAuthority: {
keyVaultSecretId: "string",
name: "string",
},
},
});
type: azure-native:network:FirewallPolicy
properties:
basePolicy:
id: string
dnsSettings:
enableProxy: false
requireProxyForNetworkRules: false
servers:
- string
explicitProxy:
enableExplicitProxy: false
enablePacFile: false
httpPort: 0
httpsPort: 0
pacFile: string
pacFilePort: 0
firewallPolicyName: string
id: string
identity:
type: SystemAssigned
userAssignedIdentities:
- string
insights:
isEnabled: false
logAnalyticsResources:
defaultWorkspaceId:
id: string
workspaces:
- region: string
workspaceId:
id: string
retentionDays: 0
intrusionDetection:
configuration:
bypassTrafficSettings:
- description: string
destinationAddresses:
- string
destinationIpGroups:
- string
destinationPorts:
- string
name: string
protocol: string
sourceAddresses:
- string
sourceIpGroups:
- string
privateRanges:
- string
signatureOverrides:
- id: string
mode: string
mode: string
profile: string
location: string
resourceGroupName: string
sku:
tier: string
snat:
autoLearnPrivateRanges: string
privateRanges:
- string
sql:
allowSqlRedirect: false
tags:
string: string
threatIntelMode: string
threatIntelWhitelist:
fqdns:
- string
ipAddresses:
- string
transportSecurity:
certificateAuthority:
keyVaultSecretId: string
name: string
FirewallPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicy resource accepts the following input properties:
- Resource
Group stringName - The name of the resource group.
- Base
Policy Pulumi.Azure Native. Network. Inputs. Sub Resource - The parent firewall policy from which rules are inherited.
- Dns
Settings Pulumi.Azure Native. Network. Inputs. Dns Settings - DNS Proxy Settings definition.
- Explicit
Proxy Pulumi.Azure Native. Network. Inputs. Explicit Proxy - Explicit Proxy Settings definition.
- Firewall
Policy stringName - The name of the Firewall Policy.
- Id string
- Resource ID.
- Identity
Pulumi.
Azure Native. Network. Inputs. Managed Service Identity - The identity of the firewall policy.
- Insights
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Insights - Insights on Firewall Policy.
- Intrusion
Detection Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection - The configuration for Intrusion detection.
- Location string
- Resource location.
- Sku
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Sku - The Firewall Policy SKU.
- Snat
Pulumi.
Azure Native. Network. Inputs. Firewall Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- Sql
Pulumi.
Azure Native. Network. Inputs. Firewall Policy SQL - SQL Settings definition.
- Dictionary<string, string>
- Resource tags.
- Threat
Intel string | Pulumi.Mode Azure Native. Network. Azure Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Threat
Intel Pulumi.Whitelist Azure Native. Network. Inputs. Firewall Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- Transport
Security Pulumi.Azure Native. Network. Inputs. Firewall Policy Transport Security - TLS Configuration definition.
- Resource
Group stringName - The name of the resource group.
- Base
Policy SubResource Args - The parent firewall policy from which rules are inherited.
- Dns
Settings DnsSettings Args - DNS Proxy Settings definition.
- Explicit
Proxy ExplicitProxy Args - Explicit Proxy Settings definition.
- Firewall
Policy stringName - The name of the Firewall Policy.
- Id string
- Resource ID.
- Identity
Managed
Service Identity Args - The identity of the firewall policy.
- Insights
Firewall
Policy Insights Args - Insights on Firewall Policy.
- Intrusion
Detection FirewallPolicy Intrusion Detection Args - The configuration for Intrusion detection.
- Location string
- Resource location.
- Sku
Firewall
Policy Sku Args - The Firewall Policy SKU.
- Snat
Firewall
Policy SNATArgs - The private IP addresses/IP ranges to which traffic will not be SNAT.
- Sql
Firewall
Policy SQLArgs - SQL Settings definition.
- map[string]string
- Resource tags.
- Threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Threat
Intel FirewallWhitelist Policy Threat Intel Whitelist Args - ThreatIntel Whitelist for Firewall Policy.
- Transport
Security FirewallPolicy Transport Security Args - TLS Configuration definition.
- resource
Group StringName - The name of the resource group.
- base
Policy SubResource - The parent firewall policy from which rules are inherited.
- dns
Settings DnsSettings - DNS Proxy Settings definition.
- explicit
Proxy ExplicitProxy - Explicit Proxy Settings definition.
- firewall
Policy StringName - The name of the Firewall Policy.
- id String
- Resource ID.
- identity
Managed
Service Identity - The identity of the firewall policy.
- insights
Firewall
Policy Insights - Insights on Firewall Policy.
- intrusion
Detection FirewallPolicy Intrusion Detection - The configuration for Intrusion detection.
- location String
- Resource location.
- sku
Firewall
Policy Sku - The Firewall Policy SKU.
- snat
Firewall
Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQL - SQL Settings definition.
- Map<String,String>
- Resource tags.
- threat
Intel String | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat
Intel FirewallWhitelist Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- transport
Security FirewallPolicy Transport Security - TLS Configuration definition.
- resource
Group stringName - The name of the resource group.
- base
Policy SubResource - The parent firewall policy from which rules are inherited.
- dns
Settings DnsSettings - DNS Proxy Settings definition.
- explicit
Proxy ExplicitProxy - Explicit Proxy Settings definition.
- firewall
Policy stringName - The name of the Firewall Policy.
- id string
- Resource ID.
- identity
Managed
Service Identity - The identity of the firewall policy.
- insights
Firewall
Policy Insights - Insights on Firewall Policy.
- intrusion
Detection FirewallPolicy Intrusion Detection - The configuration for Intrusion detection.
- location string
- Resource location.
- sku
Firewall
Policy Sku - The Firewall Policy SKU.
- snat
Firewall
Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQL - SQL Settings definition.
- {[key: string]: string}
- Resource tags.
- threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat
Intel FirewallWhitelist Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- transport
Security FirewallPolicy Transport Security - TLS Configuration definition.
- resource_
group_ strname - The name of the resource group.
- base_
policy SubResource Args - The parent firewall policy from which rules are inherited.
- dns_
settings DnsSettings Args - DNS Proxy Settings definition.
- explicit_
proxy ExplicitProxy Args - Explicit Proxy Settings definition.
- firewall_
policy_ strname - The name of the Firewall Policy.
- id str
- Resource ID.
- identity
Managed
Service Identity Args - The identity of the firewall policy.
- insights
Firewall
Policy Insights Args - Insights on Firewall Policy.
- intrusion_
detection FirewallPolicy Intrusion Detection Args - The configuration for Intrusion detection.
- location str
- Resource location.
- sku
Firewall
Policy Sku Args - The Firewall Policy SKU.
- snat
Firewall
Policy SNATArgs - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQLArgs - SQL Settings definition.
- Mapping[str, str]
- Resource tags.
- threat_
intel_ str | Azuremode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat_
intel_ Firewallwhitelist Policy Threat Intel Whitelist Args - ThreatIntel Whitelist for Firewall Policy.
- transport_
security FirewallPolicy Transport Security Args - TLS Configuration definition.
- resource
Group StringName - The name of the resource group.
- base
Policy Property Map - The parent firewall policy from which rules are inherited.
- dns
Settings Property Map - DNS Proxy Settings definition.
- explicit
Proxy Property Map - Explicit Proxy Settings definition.
- firewall
Policy StringName - The name of the Firewall Policy.
- id String
- Resource ID.
- identity Property Map
- The identity of the firewall policy.
- insights Property Map
- Insights on Firewall Policy.
- intrusion
Detection Property Map - The configuration for Intrusion detection.
- location String
- Resource location.
- sku Property Map
- The Firewall Policy SKU.
- snat Property Map
- The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql Property Map
- SQL Settings definition.
- Map<String>
- Resource tags.
- threat
Intel String | "Alert" | "Deny" | "Off"Mode - The operation mode for Threat Intelligence.
- threat
Intel Property MapWhitelist - ThreatIntel Whitelist for Firewall Policy.
- transport
Security Property Map - TLS Configuration definition.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicy resource produces the following output properties:
- Child
Policies List<Pulumi.Azure Native. Network. Outputs. Sub Resource Response> - List of references to Child Firewall Policies.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Firewalls
List<Pulumi.
Azure Native. Network. Outputs. Sub Resource Response> - List of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name.
- Provisioning
State string - The provisioning state of the firewall policy resource.
- Rule
Collection List<Pulumi.Groups Azure Native. Network. Outputs. Sub Resource Response> - List of references to FirewallPolicyRuleCollectionGroups.
- Type string
- Resource type.
- Child
Policies []SubResource Response - List of references to Child Firewall Policies.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Firewalls
[]Sub
Resource Response - List of references to Azure Firewalls that this Firewall Policy is associated with.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Resource name.
- Provisioning
State string - The provisioning state of the firewall policy resource.
- Rule
Collection []SubGroups Resource Response - List of references to FirewallPolicyRuleCollectionGroups.
- Type string
- Resource type.
- child
Policies List<SubResource Response> - List of references to Child Firewall Policies.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- firewalls
List<Sub
Resource Response> - List of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name.
- provisioning
State String - The provisioning state of the firewall policy resource.
- rule
Collection List<SubGroups Resource Response> - List of references to FirewallPolicyRuleCollectionGroups.
- type String
- Resource type.
- child
Policies SubResource Response[] - List of references to Child Firewall Policies.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- firewalls
Sub
Resource Response[] - List of references to Azure Firewalls that this Firewall Policy is associated with.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Resource name.
- provisioning
State string - The provisioning state of the firewall policy resource.
- rule
Collection SubGroups Resource Response[] - List of references to FirewallPolicyRuleCollectionGroups.
- type string
- Resource type.
- child_
policies Sequence[SubResource Response] - List of references to Child Firewall Policies.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- firewalls
Sequence[Sub
Resource Response] - List of references to Azure Firewalls that this Firewall Policy is associated with.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Resource name.
- provisioning_
state str - The provisioning state of the firewall policy resource.
- rule_
collection_ Sequence[Subgroups Resource Response] - List of references to FirewallPolicyRuleCollectionGroups.
- type str
- Resource type.
- child
Policies List<Property Map> - List of references to Child Firewall Policies.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- firewalls List<Property Map>
- List of references to Azure Firewalls that this Firewall Policy is associated with.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Resource name.
- provisioning
State String - The provisioning state of the firewall policy resource.
- rule
Collection List<Property Map>Groups - List of references to FirewallPolicyRuleCollectionGroups.
- type String
- Resource type.
Supporting Types
AutoLearnPrivateRangesMode, AutoLearnPrivateRangesModeArgs
- Enabled
- Enabled
- Disabled
- Disabled
- Auto
Learn Private Ranges Mode Enabled - Enabled
- Auto
Learn Private Ranges Mode Disabled - Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- ENABLED
- Enabled
- DISABLED
- Disabled
- "Enabled"
- Enabled
- "Disabled"
- Disabled
AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Azure
Firewall Threat Intel Mode Alert - Alert
- Azure
Firewall Threat Intel Mode Deny - Deny
- Azure
Firewall Threat Intel Mode Off - Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- ALERT
- Alert
- DENY
- Deny
- OFF
- Off
- "Alert"
- Alert
- "Deny"
- Deny
- "Off"
- Off
DnsSettings, DnsSettingsArgs
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers List<string>
- List of Custom DNS Servers.
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers []string
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
- enable
Proxy boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy booleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers string[]
- List of Custom DNS Servers.
- enable_
proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require_
proxy_ boolfor_ network_ rules - FQDNs in Network Rules are supported when set to true.
- servers Sequence[str]
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
DnsSettingsResponse, DnsSettingsResponseArgs
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers List<string>
- List of Custom DNS Servers.
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers []string
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
- enable
Proxy boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy booleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers string[]
- List of Custom DNS Servers.
- enable_
proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require_
proxy_ boolfor_ network_ rules - FQDNs in Network Rules are supported when set to true.
- servers Sequence[str]
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
ExplicitProxy, ExplicitProxyArgs
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Integer - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Integer - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File IntegerPort - Port number for firewall to serve PAC file.
- enable
Explicit booleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac booleanFile - When set to true, pac file port and url needs to be provided.
- http
Port number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File string - SAS URL for PAC file.
- pac
File numberPort - Port number for firewall to serve PAC file.
- enable_
explicit_ boolproxy - When set to true, explicit proxy mode is enabled.
- enable_
pac_ boolfile - When set to true, pac file port and url needs to be provided.
- http_
port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https_
port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac_
file str - SAS URL for PAC file.
- pac_
file_ intport - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File NumberPort - Port number for firewall to serve PAC file.
ExplicitProxyResponse, ExplicitProxyResponseArgs
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Integer - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Integer - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File IntegerPort - Port number for firewall to serve PAC file.
- enable
Explicit booleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac booleanFile - When set to true, pac file port and url needs to be provided.
- http
Port number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File string - SAS URL for PAC file.
- pac
File numberPort - Port number for firewall to serve PAC file.
- enable_
explicit_ boolproxy - When set to true, explicit proxy mode is enabled.
- enable_
pac_ boolfile - When set to true, pac file port and url needs to be provided.
- http_
port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https_
port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac_
file str - SAS URL for PAC file.
- pac_
file_ intport - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File NumberPort - Port number for firewall to serve PAC file.
FirewallPolicyCertificateAuthority, FirewallPolicyCertificateAuthorityArgs
- Key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- Name string
- Name of the CA certificate.
- Key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- Name string
- Name of the CA certificate.
- key
Vault StringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name String
- Name of the CA certificate.
- key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name string
- Name of the CA certificate.
- key_
vault_ strsecret_ id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name str
- Name of the CA certificate.
- key
Vault StringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name String
- Name of the CA certificate.
FirewallPolicyCertificateAuthorityResponse, FirewallPolicyCertificateAuthorityResponseArgs
- Key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- Name string
- Name of the CA certificate.
- Key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- Name string
- Name of the CA certificate.
- key
Vault StringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name String
- Name of the CA certificate.
- key
Vault stringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name string
- Name of the CA certificate.
- key_
vault_ strsecret_ id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name str
- Name of the CA certificate.
- key
Vault StringSecret Id - Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.
- name String
- Name of the CA certificate.
FirewallPolicyInsights, FirewallPolicyInsightsArgs
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics Pulumi.Resources Azure Native. Network. Inputs. Firewall Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Integer - Number of days the insights should be enabled on the policy.
- is
Enabled boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days number - Number of days the insights should be enabled on the policy.
- is_
enabled bool - A flag to indicate if the insights are enabled on the policy.
- log_
analytics_ Firewallresources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention_
days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics Property MapResources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Number - Number of days the insights should be enabled on the policy.
FirewallPolicyInsightsResponse, FirewallPolicyInsightsResponseArgs
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics Pulumi.Resources Azure Native. Network. Inputs. Firewall Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Integer - Number of days the insights should be enabled on the policy.
- is
Enabled boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days number - Number of days the insights should be enabled on the policy.
- is_
enabled bool - A flag to indicate if the insights are enabled on the policy.
- log_
analytics_ Firewallresources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention_
days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics Property MapResources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Number - Number of days the insights should be enabled on the policy.
FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs
- Configuration
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- Mode
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- Configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- Mode
string | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile
string | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
String | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
String | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
string | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
string | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
str | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
str | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration Property Map
- Intrusion detection configuration properties.
- mode String | "Off" | "Alert" | "Deny"
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String | "Basic" | "Standard" | "Advanced" | "Extended"
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
FirewallPolicyIntrusionDetectionBypassTrafficSpecifications, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses List<string> - List of destination IP addresses or ranges for this rule.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection Protocol - The rule bypass protocol.
- Source
Addresses List<string> - List of source IP addresses or ranges for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses []string - List of destination IP addresses or ranges for this rule.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol
string | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- Source
Addresses []string - List of source IP addresses or ranges for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol
String | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the bypass traffic rule.
- destination
Addresses string[] - List of destination IP addresses or ranges for this rule.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports or ranges.
- name string
- Name of the bypass traffic rule.
- protocol
string | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source
Addresses string[] - List of source IP addresses or ranges for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the bypass traffic rule.
- destination_
addresses Sequence[str] - List of destination IP addresses or ranges for this rule.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports or ranges.
- name str
- Name of the bypass traffic rule.
- protocol
str | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source_
addresses Sequence[str] - List of source IP addresses or ranges for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String | "TCP" | "UDP" | "ICMP" | "ANY"
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses List<string> - List of destination IP addresses or ranges for this rule.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol string
- The rule bypass protocol.
- Source
Addresses List<string> - List of source IP addresses or ranges for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses []string - List of destination IP addresses or ranges for this rule.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol string
- The rule bypass protocol.
- Source
Addresses []string - List of source IP addresses or ranges for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the bypass traffic rule.
- destination
Addresses string[] - List of destination IP addresses or ranges for this rule.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports or ranges.
- name string
- Name of the bypass traffic rule.
- protocol string
- The rule bypass protocol.
- source
Addresses string[] - List of source IP addresses or ranges for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the bypass traffic rule.
- destination_
addresses Sequence[str] - List of destination IP addresses or ranges for this rule.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports or ranges.
- name str
- Name of the bypass traffic rule.
- protocol str
- The rule bypass protocol.
- source_
addresses Sequence[str] - List of source IP addresses or ranges for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
FirewallPolicyIntrusionDetectionConfiguration, FirewallPolicyIntrusionDetectionConfigurationArgs
- Bypass
Traffic List<Pulumi.Settings Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Bypass Traffic Specifications> - List of rules for traffic to bypass.
- Private
Ranges List<string> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides List<Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Signature Specification> - List of specific signatures states.
- Bypass
Traffic []FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications - List of rules for traffic to bypass.
- Private
Ranges []string - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Specification - List of specific signatures states.
- bypass
Traffic List<FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications> - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Specification> - List of specific signatures states.
- bypass
Traffic FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications[] - List of rules for traffic to bypass.
- private
Ranges string[] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides FirewallPolicy Intrusion Detection Signature Specification[] - List of specific signatures states.
- bypass_
traffic_ Sequence[Firewallsettings Policy Intrusion Detection Bypass Traffic Specifications] - List of rules for traffic to bypass.
- private_
ranges Sequence[str] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Specification] - List of specific signatures states.
- bypass
Traffic List<Property Map>Settings - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<Property Map> - List of specific signatures states.
FirewallPolicyIntrusionDetectionConfigurationResponse, FirewallPolicyIntrusionDetectionConfigurationResponseArgs
- Bypass
Traffic List<Pulumi.Settings Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Bypass Traffic Specifications Response> - List of rules for traffic to bypass.
- Private
Ranges List<string> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides List<Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Signature Specification Response> - List of specific signatures states.
- Bypass
Traffic []FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response - List of rules for traffic to bypass.
- Private
Ranges []string - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Specification Response - List of specific signatures states.
- bypass
Traffic List<FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response> - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Specification Response> - List of specific signatures states.
- bypass
Traffic FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response[] - List of rules for traffic to bypass.
- private
Ranges string[] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides FirewallPolicy Intrusion Detection Signature Specification Response[] - List of specific signatures states.
- bypass_
traffic_ Sequence[Firewallsettings Policy Intrusion Detection Bypass Traffic Specifications Response] - List of rules for traffic to bypass.
- private_
ranges Sequence[str] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Specification Response] - List of specific signatures states.
- bypass
Traffic List<Property Map>Settings - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<Property Map> - List of specific signatures states.
FirewallPolicyIntrusionDetectionProfileType, FirewallPolicyIntrusionDetectionProfileTypeArgs
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- Firewall
Policy Intrusion Detection Profile Type Basic - Basic
- Firewall
Policy Intrusion Detection Profile Type Standard - Standard
- Firewall
Policy Intrusion Detection Profile Type Advanced - Advanced
- Firewall
Policy Intrusion Detection Profile Type Extended - Extended
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- BASIC
- Basic
- STANDARD
- Standard
- ADVANCED
- Advanced
- EXTENDED
- Extended
- "Basic"
- Basic
- "Standard"
- Standard
- "Advanced"
- Advanced
- "Extended"
- Extended
FirewallPolicyIntrusionDetectionProtocol, FirewallPolicyIntrusionDetectionProtocolArgs
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- Firewall
Policy Intrusion Detection Protocol TCP - TCP
- Firewall
Policy Intrusion Detection Protocol UDP - UDP
- Firewall
Policy Intrusion Detection Protocol ICMP - ICMP
- Firewall
Policy Intrusion Detection Protocol ANY - ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- "TCP"
- TCP
- "UDP"
- UDP
- "ICMP"
- ICMP
- "ANY"
- ANY
FirewallPolicyIntrusionDetectionResponse, FirewallPolicyIntrusionDetectionResponseArgs
- Configuration
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- Mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- Configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- Mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode String
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode str
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile str
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration Property Map
- Intrusion detection configuration properties.
- mode String
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
FirewallPolicyIntrusionDetectionSignatureSpecification, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
- Id string
- Signature id.
- Mode
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection State Type - The signature state.
- Id string
- Signature id.
- Mode
string | Firewall
Policy Intrusion Detection State Type - The signature state.
- id String
- Signature id.
- mode
String | Firewall
Policy Intrusion Detection State Type - The signature state.
- id string
- Signature id.
- mode
string | Firewall
Policy Intrusion Detection State Type - The signature state.
- id str
- Signature id.
- mode
str | Firewall
Policy Intrusion Detection State Type - The signature state.
- id String
- Signature id.
- mode String | "Off" | "Alert" | "Deny"
- The signature state.
FirewallPolicyIntrusionDetectionSignatureSpecificationResponse, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs
FirewallPolicyIntrusionDetectionStateType, FirewallPolicyIntrusionDetectionStateTypeArgs
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Firewall
Policy Intrusion Detection State Type Off - Off
- Firewall
Policy Intrusion Detection State Type Alert - Alert
- Firewall
Policy Intrusion Detection State Type Deny - Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- OFF
- Off
- ALERT
- Alert
- DENY
- Deny
- "Off"
- Off
- "Alert"
- Alert
- "Deny"
- Deny
FirewallPolicyLogAnalyticsResources, FirewallPolicyLogAnalyticsResourcesArgs
- Default
Workspace Pulumi.Id Azure Native. Network. Inputs. Sub Resource - The default workspace Id for Firewall Policy Insights.
- Workspaces
List<Pulumi.
Azure Native. Network. Inputs. Firewall Policy Log Analytics Workspace> - List of workspaces for Firewall Policy Insights.
- Default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- Workspaces
[]Firewall
Policy Log Analytics Workspace - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
List<Firewall
Policy Log Analytics Workspace> - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
Firewall
Policy Log Analytics Workspace[] - List of workspaces for Firewall Policy Insights.
- default_
workspace_ Subid Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
Sequence[Firewall
Policy Log Analytics Workspace] - List of workspaces for Firewall Policy Insights.
- default
Workspace Property MapId - The default workspace Id for Firewall Policy Insights.
- workspaces List<Property Map>
- List of workspaces for Firewall Policy Insights.
FirewallPolicyLogAnalyticsResourcesResponse, FirewallPolicyLogAnalyticsResourcesResponseArgs
- Default
Workspace Pulumi.Id Azure Native. Network. Inputs. Sub Resource Response - The default workspace Id for Firewall Policy Insights.
- Workspaces
List<Pulumi.
Azure Native. Network. Inputs. Firewall Policy Log Analytics Workspace Response> - List of workspaces for Firewall Policy Insights.
- Default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- Workspaces
[]Firewall
Policy Log Analytics Workspace Response - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
List<Firewall
Policy Log Analytics Workspace Response> - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
Firewall
Policy Log Analytics Workspace Response[] - List of workspaces for Firewall Policy Insights.
- default_
workspace_ Subid Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
Sequence[Firewall
Policy Log Analytics Workspace Response] - List of workspaces for Firewall Policy Insights.
- default
Workspace Property MapId - The default workspace Id for Firewall Policy Insights.
- workspaces List<Property Map>
- List of workspaces for Firewall Policy Insights.
FirewallPolicyLogAnalyticsWorkspace, FirewallPolicyLogAnalyticsWorkspaceArgs
- Region string
- Region to configure the Workspace.
- Workspace
Id Pulumi.Azure Native. Network. Inputs. Sub Resource - The workspace Id for Firewall Policy Insights.
- Region string
- Region to configure the Workspace.
- Workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region string
- Region to configure the Workspace.
- workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region str
- Region to configure the Workspace.
- workspace_
id SubResource - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id Property Map - The workspace Id for Firewall Policy Insights.
FirewallPolicyLogAnalyticsWorkspaceResponse, FirewallPolicyLogAnalyticsWorkspaceResponseArgs
- Region string
- Region to configure the Workspace.
- Workspace
Id Pulumi.Azure Native. Network. Inputs. Sub Resource Response - The workspace Id for Firewall Policy Insights.
- Region string
- Region to configure the Workspace.
- Workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region string
- Region to configure the Workspace.
- workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region str
- Region to configure the Workspace.
- workspace_
id SubResource Response - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id Property Map - The workspace Id for Firewall Policy Insights.
FirewallPolicySNAT, FirewallPolicySNATArgs
- Auto
Learn string | Pulumi.Private Ranges Azure Native. Network. Auto Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges List<string> - List of private IP addresses/IP address ranges to not be SNAT.
- Auto
Learn string | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges []string - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn String | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn string | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges string[] - List of private IP addresses/IP address ranges to not be SNAT.
- auto_
learn_ str | Autoprivate_ ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private_
ranges Sequence[str] - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn String | "Enabled" | "Disabled"Private Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
FirewallPolicySNATResponse, FirewallPolicySNATResponseArgs
- Auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges List<string> - List of private IP addresses/IP address ranges to not be SNAT.
- Auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges []string - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn StringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges string[] - List of private IP addresses/IP address ranges to not be SNAT.
- auto_
learn_ strprivate_ ranges - The operation mode for automatically learning private ranges to not be SNAT
- private_
ranges Sequence[str] - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn StringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
FirewallPolicySQL, FirewallPolicySQLArgs
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql booleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow_
sql_ boolredirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
FirewallPolicySQLResponse, FirewallPolicySQLResponseArgs
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql booleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow_
sql_ boolredirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
FirewallPolicySku, FirewallPolicySkuArgs
- Tier
string | Pulumi.
Azure Native. Network. Firewall Policy Sku Tier - Tier of Firewall Policy.
- Tier
string | Firewall
Policy Sku Tier - Tier of Firewall Policy.
- tier
String | Firewall
Policy Sku Tier - Tier of Firewall Policy.
- tier
string | Firewall
Policy Sku Tier - Tier of Firewall Policy.
- tier
str | Firewall
Policy Sku Tier - Tier of Firewall Policy.
- tier String | "Standard" | "Premium" | "Basic"
- Tier of Firewall Policy.
FirewallPolicySkuResponse, FirewallPolicySkuResponseArgs
- Tier string
- Tier of Firewall Policy.
- Tier string
- Tier of Firewall Policy.
- tier String
- Tier of Firewall Policy.
- tier string
- Tier of Firewall Policy.
- tier str
- Tier of Firewall Policy.
- tier String
- Tier of Firewall Policy.
FirewallPolicySkuTier, FirewallPolicySkuTierArgs
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- Firewall
Policy Sku Tier Standard - Standard
- Firewall
Policy Sku Tier Premium - Premium
- Firewall
Policy Sku Tier Basic - Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- STANDARD
- Standard
- PREMIUM
- Premium
- BASIC
- Basic
- "Standard"
- Standard
- "Premium"
- Premium
- "Basic"
- Basic
FirewallPolicyThreatIntelWhitelist, FirewallPolicyThreatIntelWhitelistArgs
- Fqdns List<string>
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses List<string> - List of IP addresses for the ThreatIntel Whitelist.
- Fqdns []string
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses []string - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
- fqdns string[]
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses string[] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns Sequence[str]
- List of FQDNs for the ThreatIntel Whitelist.
- ip_
addresses Sequence[str] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
FirewallPolicyThreatIntelWhitelistResponse, FirewallPolicyThreatIntelWhitelistResponseArgs
- Fqdns List<string>
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses List<string> - List of IP addresses for the ThreatIntel Whitelist.
- Fqdns []string
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses []string - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
- fqdns string[]
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses string[] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns Sequence[str]
- List of FQDNs for the ThreatIntel Whitelist.
- ip_
addresses Sequence[str] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
FirewallPolicyTransportSecurity, FirewallPolicyTransportSecurityArgs
-
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Certificate Authority - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority - The CA used for intermediate CA generation.
- Property Map
- The CA used for intermediate CA generation.
FirewallPolicyTransportSecurityResponse, FirewallPolicyTransportSecurityResponseArgs
-
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Certificate Authority Response - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority Response - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority Response - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority Response - The CA used for intermediate CA generation.
-
Firewall
Policy Certificate Authority Response - The CA used for intermediate CA generation.
- Property Map
- The CA used for intermediate CA generation.
ManagedServiceIdentity, ManagedServiceIdentityArgs
- Type
Pulumi.
Azure Native. Network. Resource Identity Type - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- User
Assigned List<string>Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Type
Resource
Identity Type - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- User
Assigned []stringIdentities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned List<String>Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned string[]Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
Resource
Identity Type - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user_
assigned_ Sequence[str]identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- type
"System
Assigned" | "User Assigned" | "System Assigned, User Assigned" | "None" - The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned List<String>Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
ManagedServiceIdentityResponse, ManagedServiceIdentityResponseArgs
- Principal
Id string - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- Tenant
Id string - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- Type string
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- User
Assigned Dictionary<string, Pulumi.Identities Azure Native. Network. Inputs. Managed Service Identity Response User Assigned Identities> - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- Principal
Id string - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- Tenant
Id string - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- Type string
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- User
Assigned map[string]ManagedIdentities Service Identity Response User Assigned Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- tenant
Id String - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- type String
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned Map<String,ManagedIdentities Service Identity Response User Assigned Identities> - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id string - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- tenant
Id string - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- type string
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned {[key: string]: ManagedIdentities Service Identity Response User Assigned Identities} - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal_
id str - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- tenant_
id str - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- type str
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user_
assigned_ Mapping[str, Managedidentities Service Identity Response User Assigned Identities] - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
- principal
Id String - The principal id of the system assigned identity. This property will only be provided for a system assigned identity.
- tenant
Id String - The tenant id of the system assigned identity. This property will only be provided for a system assigned identity.
- type String
- The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
- user
Assigned Map<Property Map>Identities - The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.
ManagedServiceIdentityResponseUserAssignedIdentities, ManagedServiceIdentityResponseUserAssignedIdentitiesArgs
- Client
Id string - The client id of user assigned identity.
- Principal
Id string - The principal id of user assigned identity.
- Client
Id string - The client id of user assigned identity.
- Principal
Id string - The principal id of user assigned identity.
- client
Id String - The client id of user assigned identity.
- principal
Id String - The principal id of user assigned identity.
- client
Id string - The client id of user assigned identity.
- principal
Id string - The principal id of user assigned identity.
- client_
id str - The client id of user assigned identity.
- principal_
id str - The principal id of user assigned identity.
- client
Id String - The client id of user assigned identity.
- principal
Id String - The principal id of user assigned identity.
ResourceIdentityType, ResourceIdentityTypeArgs
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- Resource
Identity Type System Assigned - SystemAssigned
- Resource
Identity Type User Assigned - UserAssigned
- Resource
Identity Type_System Assigned_User Assigned - SystemAssigned, UserAssigned
- Resource
Identity Type None - None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- System
Assigned - SystemAssigned
- User
Assigned - UserAssigned
- System
Assigned_User Assigned - SystemAssigned, UserAssigned
- None
- None
- SYSTEM_ASSIGNED
- SystemAssigned
- USER_ASSIGNED
- UserAssigned
- SYSTEM_ASSIGNED_USER_ASSIGNED
- SystemAssigned, UserAssigned
- NONE
- None
- "System
Assigned" - SystemAssigned
- "User
Assigned" - UserAssigned
- "System
Assigned, User Assigned" - SystemAssigned, UserAssigned
- "None"
- None
SubResource, SubResourceArgs
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id str
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
SubResourceResponse, SubResourceResponseArgs
- Id string
- Resource ID.
- Id string
- Resource ID.
- id String
- Resource ID.
- id string
- Resource ID.
- id str
- Resource ID.
- id String
- Resource ID.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:network:FirewallPolicy firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi