Docs Home
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
azure-native.network.FirewallPolicyDraft
Explore with Pulumi AI
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi
FirewallPolicy Resource. Azure REST API version: 2023-11-01.
Other available API versions: 2024-01-01, 2024-03-01, 2024-05-01.
Example Usage
create or update firewall policy draft
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var firewallPolicyDraft = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraft", new()
{
DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
{
EnableProxy = true,
RequireProxyForNetworkRules = false,
Servers = new[]
{
"30.3.4.5",
},
},
ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
{
EnableExplicitProxy = true,
EnablePacFile = true,
HttpPort = 8087,
HttpsPort = 8087,
PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
PacFilePort = 8087,
},
FirewallPolicyName = "firewallPolicy",
Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
{
IsEnabled = true,
LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
{
DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
Workspaces = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "westus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "eastus",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
},
},
RetentionDays = 100,
},
IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
{
BypassTrafficSettings = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
{
Description = "Rule 1",
DestinationAddresses = new[]
{
"5.6.7.8",
},
DestinationPorts = new[]
{
"*",
},
Name = "bypassRule1",
Protocol = AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol.TCP,
SourceAddresses = new[]
{
"1.2.3.4",
},
},
},
SignatureOverrides = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
{
Id = "2525004",
Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Deny,
},
},
},
Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Alert,
Profile = "Balanced",
},
ResourceGroupName = "rg1",
Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
{
PrivateRanges = new[]
{
"IANAPrivateRanges",
},
},
Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
{
AllowSqlRedirect = true,
},
ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
{
Fqdns = new[]
{
"*.microsoft.com",
},
IpAddresses = new[]
{
"20.3.4.5",
},
},
});
});
package main
import (
network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraft", &network.FirewallPolicyDraftArgs{
DnsSettings: &network.DnsSettingsArgs{
EnableProxy: pulumi.Bool(true),
RequireProxyForNetworkRules: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("30.3.4.5"),
},
},
ExplicitProxy: &network.ExplicitProxyArgs{
EnableExplicitProxy: pulumi.Bool(true),
EnablePacFile: pulumi.Bool(true),
HttpPort: pulumi.Int(8087),
HttpsPort: pulumi.Int(8087),
PacFile: pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
PacFilePort: pulumi.Int(8087),
},
FirewallPolicyName: pulumi.String("firewallPolicy"),
Insights: &network.FirewallPolicyInsightsArgs{
IsEnabled: pulumi.Bool(true),
LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
DefaultWorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
},
Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("westus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
},
},
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("eastus"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
},
},
},
},
RetentionDays: pulumi.Int(100),
},
IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
Description: pulumi.String("Rule 1"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("5.6.7.8"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("*"),
},
Name: pulumi.String("bypassRule1"),
Protocol: pulumi.String(network.FirewallPolicyIntrusionDetectionProtocolTCP),
SourceAddresses: pulumi.StringArray{
pulumi.String("1.2.3.4"),
},
},
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
Id: pulumi.String("2525004"),
Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeDeny),
},
},
},
Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeAlert),
Profile: pulumi.String("Balanced"),
},
ResourceGroupName: pulumi.String("rg1"),
Snat: &network.FirewallPolicySNATArgs{
PrivateRanges: pulumi.StringArray{
pulumi.String("IANAPrivateRanges"),
},
},
Sql: &network.FirewallPolicySQLArgs{
AllowSqlRedirect: pulumi.Bool(true),
},
ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("*.microsoft.com"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("20.3.4.5"),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.FirewallPolicyDraft;
import com.pulumi.azurenative.network.FirewallPolicyDraftArgs;
import com.pulumi.azurenative.network.inputs.DnsSettingsArgs;
import com.pulumi.azurenative.network.inputs.ExplicitProxyArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyInsightsArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyLogAnalyticsResourcesArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionConfigurationArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySNATArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySQLArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyThreatIntelWhitelistArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var firewallPolicyDraft = new FirewallPolicyDraft("firewallPolicyDraft", FirewallPolicyDraftArgs.builder()
.dnsSettings(DnsSettingsArgs.builder()
.enableProxy(true)
.requireProxyForNetworkRules(false)
.servers("30.3.4.5")
.build())
.explicitProxy(ExplicitProxyArgs.builder()
.enableExplicitProxy(true)
.enablePacFile(true)
.httpPort(8087)
.httpsPort(8087)
.pacFile("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D")
.pacFilePort(8087)
.build())
.firewallPolicyName("firewallPolicy")
.insights(FirewallPolicyInsightsArgs.builder()
.isEnabled(true)
.logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
.defaultWorkspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")
.build())
.workspaces(
FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("westus")
.workspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1")
.build())
.build(),
FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("eastus")
.workspaceId(SubResourceArgs.builder()
.id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2")
.build())
.build())
.build())
.retentionDays(100)
.build())
.intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
.configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
.bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
.description("Rule 1")
.destinationAddresses("5.6.7.8")
.destinationPorts("*")
.name("bypassRule1")
.protocol("TCP")
.sourceAddresses("1.2.3.4")
.build())
.signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
.id("2525004")
.mode("Deny")
.build())
.build())
.mode("Alert")
.profile("Balanced")
.build())
.resourceGroupName("rg1")
.snat(FirewallPolicySNATArgs.builder()
.privateRanges("IANAPrivateRanges")
.build())
.sql(FirewallPolicySQLArgs.builder()
.allowSqlRedirect(true)
.build())
.threatIntelMode("Alert")
.threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
.fqdns("*.microsoft.com")
.ipAddresses("20.3.4.5")
.build())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const firewallPolicyDraft = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraft", {
dnsSettings: {
enableProxy: true,
requireProxyForNetworkRules: false,
servers: ["30.3.4.5"],
},
explicitProxy: {
enableExplicitProxy: true,
enablePacFile: true,
httpPort: 8087,
httpsPort: 8087,
pacFile: "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
pacFilePort: 8087,
},
firewallPolicyName: "firewallPolicy",
insights: {
isEnabled: true,
logAnalyticsResources: {
defaultWorkspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
workspaces: [
{
region: "westus",
workspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
{
region: "eastus",
workspaceId: {
id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
],
},
retentionDays: 100,
},
intrusionDetection: {
configuration: {
bypassTrafficSettings: [{
description: "Rule 1",
destinationAddresses: ["5.6.7.8"],
destinationPorts: ["*"],
name: "bypassRule1",
protocol: azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
sourceAddresses: ["1.2.3.4"],
}],
signatureOverrides: [{
id: "2525004",
mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Deny,
}],
},
mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Alert,
profile: "Balanced",
},
resourceGroupName: "rg1",
snat: {
privateRanges: ["IANAPrivateRanges"],
},
sql: {
allowSqlRedirect: true,
},
threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
threatIntelWhitelist: {
fqdns: ["*.microsoft.com"],
ipAddresses: ["20.3.4.5"],
},
});
import pulumi
import pulumi_azure_native as azure_native
firewall_policy_draft = azure_native.network.FirewallPolicyDraft("firewallPolicyDraft",
dns_settings={
"enable_proxy": True,
"require_proxy_for_network_rules": False,
"servers": ["30.3.4.5"],
},
explicit_proxy={
"enable_explicit_proxy": True,
"enable_pac_file": True,
"http_port": 8087,
"https_port": 8087,
"pac_file": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
"pac_file_port": 8087,
},
firewall_policy_name="firewallPolicy",
insights={
"is_enabled": True,
"log_analytics_resources": {
"default_workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
},
"workspaces": [
{
"region": "westus",
"workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
},
},
{
"region": "eastus",
"workspace_id": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
},
},
],
},
"retention_days": 100,
},
intrusion_detection={
"configuration": {
"bypass_traffic_settings": [{
"description": "Rule 1",
"destination_addresses": ["5.6.7.8"],
"destination_ports": ["*"],
"name": "bypassRule1",
"protocol": azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
"source_addresses": ["1.2.3.4"],
}],
"signature_overrides": [{
"id": "2525004",
"mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.DENY,
}],
},
"mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.ALERT,
"profile": "Balanced",
},
resource_group_name="rg1",
snat={
"private_ranges": ["IANAPrivateRanges"],
},
sql={
"allow_sql_redirect": True,
},
threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
threat_intel_whitelist={
"fqdns": ["*.microsoft.com"],
"ip_addresses": ["20.3.4.5"],
})
resources:
firewallPolicyDraft:
type: azure-native:network:FirewallPolicyDraft
properties:
dnsSettings:
enableProxy: true
requireProxyForNetworkRules: false
servers:
- 30.3.4.5
explicitProxy:
enableExplicitProxy: true
enablePacFile: true
httpPort: 8087
httpsPort: 8087
pacFile: https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D
pacFilePort: 8087
firewallPolicyName: firewallPolicy
insights:
isEnabled: true
logAnalyticsResources:
defaultWorkspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
workspaces:
- region: westus
workspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
- region: eastus
workspaceId:
id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
retentionDays: 100
intrusionDetection:
configuration:
bypassTrafficSettings:
- description: Rule 1
destinationAddresses:
- 5.6.7.8
destinationPorts:
- '*'
name: bypassRule1
protocol: TCP
sourceAddresses:
- 1.2.3.4
signatureOverrides:
- id: '2525004'
mode: Deny
mode: Alert
profile: Balanced
resourceGroupName: rg1
snat:
privateRanges:
- IANAPrivateRanges
sql:
allowSqlRedirect: true
threatIntelMode: Alert
threatIntelWhitelist:
fqdns:
- '*.microsoft.com'
ipAddresses:
- 20.3.4.5
Create FirewallPolicyDraft Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FirewallPolicyDraft(name: string, args: FirewallPolicyDraftArgs, opts?: CustomResourceOptions);@overload
def FirewallPolicyDraft(resource_name: str,
args: FirewallPolicyDraftArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FirewallPolicyDraft(resource_name: str,
opts: Optional[ResourceOptions] = None,
firewall_policy_name: Optional[str] = None,
resource_group_name: Optional[str] = None,
intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
explicit_proxy: Optional[ExplicitProxyArgs] = None,
id: Optional[str] = None,
insights: Optional[FirewallPolicyInsightsArgs] = None,
base_policy: Optional[SubResourceArgs] = None,
location: Optional[str] = None,
dns_settings: Optional[DnsSettingsArgs] = None,
snat: Optional[FirewallPolicySNATArgs] = None,
sql: Optional[FirewallPolicySQLArgs] = None,
tags: Optional[Mapping[str, str]] = None,
threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None)func NewFirewallPolicyDraft(ctx *Context, name string, args FirewallPolicyDraftArgs, opts ...ResourceOption) (*FirewallPolicyDraft, error)public FirewallPolicyDraft(string name, FirewallPolicyDraftArgs args, CustomResourceOptions? opts = null)
public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args)
public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args, CustomResourceOptions options)
type: azure-native:network:FirewallPolicyDraft
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallPolicyDraftArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallPolicyDraftArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallPolicyDraftArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallPolicyDraftArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallPolicyDraftArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallPolicyDraftResource = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraftResource", new()
{
FirewallPolicyName = "string",
ResourceGroupName = "string",
IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
{
Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
{
BypassTrafficSettings = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
{
Description = "string",
DestinationAddresses = new[]
{
"string",
},
DestinationIpGroups = new[]
{
"string",
},
DestinationPorts = new[]
{
"string",
},
Name = "string",
Protocol = "string",
SourceAddresses = new[]
{
"string",
},
SourceIpGroups = new[]
{
"string",
},
},
},
PrivateRanges = new[]
{
"string",
},
SignatureOverrides = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
{
Id = "string",
Mode = "string",
},
},
},
Mode = "string",
Profile = "string",
},
ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
{
EnableExplicitProxy = false,
EnablePacFile = false,
HttpPort = 0,
HttpsPort = 0,
PacFile = "string",
PacFilePort = 0,
},
Id = "string",
Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
{
IsEnabled = false,
LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
{
DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Workspaces = new[]
{
new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
{
Region = "string",
WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
},
},
},
RetentionDays = 0,
},
BasePolicy = new AzureNative.Network.Inputs.SubResourceArgs
{
Id = "string",
},
Location = "string",
DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
{
EnableProxy = false,
RequireProxyForNetworkRules = false,
Servers = new[]
{
"string",
},
},
Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
{
AutoLearnPrivateRanges = "string",
PrivateRanges = new[]
{
"string",
},
},
Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
{
AllowSqlRedirect = false,
},
Tags =
{
{ "string", "string" },
},
ThreatIntelMode = "string",
ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
{
Fqdns = new[]
{
"string",
},
IpAddresses = new[]
{
"string",
},
},
});
example, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraftResource", &network.FirewallPolicyDraftArgs{
FirewallPolicyName: pulumi.String("string"),
ResourceGroupName: pulumi.String("string"),
IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
Description: pulumi.String("string"),
DestinationAddresses: pulumi.StringArray{
pulumi.String("string"),
},
DestinationIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
DestinationPorts: pulumi.StringArray{
pulumi.String("string"),
},
Name: pulumi.String("string"),
Protocol: pulumi.String("string"),
SourceAddresses: pulumi.StringArray{
pulumi.String("string"),
},
SourceIpGroups: pulumi.StringArray{
pulumi.String("string"),
},
},
},
PrivateRanges: pulumi.StringArray{
pulumi.String("string"),
},
SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
Id: pulumi.String("string"),
Mode: pulumi.String("string"),
},
},
},
Mode: pulumi.String("string"),
Profile: pulumi.String("string"),
},
ExplicitProxy: &network.ExplicitProxyArgs{
EnableExplicitProxy: pulumi.Bool(false),
EnablePacFile: pulumi.Bool(false),
HttpPort: pulumi.Int(0),
HttpsPort: pulumi.Int(0),
PacFile: pulumi.String("string"),
PacFilePort: pulumi.Int(0),
},
Id: pulumi.String("string"),
Insights: &network.FirewallPolicyInsightsArgs{
IsEnabled: pulumi.Bool(false),
LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
DefaultWorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
Region: pulumi.String("string"),
WorkspaceId: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
},
},
},
RetentionDays: pulumi.Int(0),
},
BasePolicy: &network.SubResourceArgs{
Id: pulumi.String("string"),
},
Location: pulumi.String("string"),
DnsSettings: &network.DnsSettingsArgs{
EnableProxy: pulumi.Bool(false),
RequireProxyForNetworkRules: pulumi.Bool(false),
Servers: pulumi.StringArray{
pulumi.String("string"),
},
},
Snat: &network.FirewallPolicySNATArgs{
AutoLearnPrivateRanges: pulumi.String("string"),
PrivateRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
Sql: &network.FirewallPolicySQLArgs{
AllowSqlRedirect: pulumi.Bool(false),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ThreatIntelMode: pulumi.String("string"),
ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
Fqdns: pulumi.StringArray{
pulumi.String("string"),
},
IpAddresses: pulumi.StringArray{
pulumi.String("string"),
},
},
})
var firewallPolicyDraftResource = new FirewallPolicyDraft("firewallPolicyDraftResource", FirewallPolicyDraftArgs.builder()
.firewallPolicyName("string")
.resourceGroupName("string")
.intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
.configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
.bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
.description("string")
.destinationAddresses("string")
.destinationIpGroups("string")
.destinationPorts("string")
.name("string")
.protocol("string")
.sourceAddresses("string")
.sourceIpGroups("string")
.build())
.privateRanges("string")
.signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
.id("string")
.mode("string")
.build())
.build())
.mode("string")
.profile("string")
.build())
.explicitProxy(ExplicitProxyArgs.builder()
.enableExplicitProxy(false)
.enablePacFile(false)
.httpPort(0)
.httpsPort(0)
.pacFile("string")
.pacFilePort(0)
.build())
.id("string")
.insights(FirewallPolicyInsightsArgs.builder()
.isEnabled(false)
.logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
.defaultWorkspaceId(SubResourceArgs.builder()
.id("string")
.build())
.workspaces(FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
.region("string")
.workspaceId(SubResourceArgs.builder()
.id("string")
.build())
.build())
.build())
.retentionDays(0)
.build())
.basePolicy(SubResourceArgs.builder()
.id("string")
.build())
.location("string")
.dnsSettings(DnsSettingsArgs.builder()
.enableProxy(false)
.requireProxyForNetworkRules(false)
.servers("string")
.build())
.snat(FirewallPolicySNATArgs.builder()
.autoLearnPrivateRanges("string")
.privateRanges("string")
.build())
.sql(FirewallPolicySQLArgs.builder()
.allowSqlRedirect(false)
.build())
.tags(Map.of("string", "string"))
.threatIntelMode("string")
.threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
.fqdns("string")
.ipAddresses("string")
.build())
.build());
firewall_policy_draft_resource = azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource",
firewall_policy_name="string",
resource_group_name="string",
intrusion_detection={
"configuration": {
"bypass_traffic_settings": [{
"description": "string",
"destination_addresses": ["string"],
"destination_ip_groups": ["string"],
"destination_ports": ["string"],
"name": "string",
"protocol": "string",
"source_addresses": ["string"],
"source_ip_groups": ["string"],
}],
"private_ranges": ["string"],
"signature_overrides": [{
"id": "string",
"mode": "string",
}],
},
"mode": "string",
"profile": "string",
},
explicit_proxy={
"enable_explicit_proxy": False,
"enable_pac_file": False,
"http_port": 0,
"https_port": 0,
"pac_file": "string",
"pac_file_port": 0,
},
id="string",
insights={
"is_enabled": False,
"log_analytics_resources": {
"default_workspace_id": {
"id": "string",
},
"workspaces": [{
"region": "string",
"workspace_id": {
"id": "string",
},
}],
},
"retention_days": 0,
},
base_policy={
"id": "string",
},
location="string",
dns_settings={
"enable_proxy": False,
"require_proxy_for_network_rules": False,
"servers": ["string"],
},
snat={
"auto_learn_private_ranges": "string",
"private_ranges": ["string"],
},
sql={
"allow_sql_redirect": False,
},
tags={
"string": "string",
},
threat_intel_mode="string",
threat_intel_whitelist={
"fqdns": ["string"],
"ip_addresses": ["string"],
})
const firewallPolicyDraftResource = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource", {
firewallPolicyName: "string",
resourceGroupName: "string",
intrusionDetection: {
configuration: {
bypassTrafficSettings: [{
description: "string",
destinationAddresses: ["string"],
destinationIpGroups: ["string"],
destinationPorts: ["string"],
name: "string",
protocol: "string",
sourceAddresses: ["string"],
sourceIpGroups: ["string"],
}],
privateRanges: ["string"],
signatureOverrides: [{
id: "string",
mode: "string",
}],
},
mode: "string",
profile: "string",
},
explicitProxy: {
enableExplicitProxy: false,
enablePacFile: false,
httpPort: 0,
httpsPort: 0,
pacFile: "string",
pacFilePort: 0,
},
id: "string",
insights: {
isEnabled: false,
logAnalyticsResources: {
defaultWorkspaceId: {
id: "string",
},
workspaces: [{
region: "string",
workspaceId: {
id: "string",
},
}],
},
retentionDays: 0,
},
basePolicy: {
id: "string",
},
location: "string",
dnsSettings: {
enableProxy: false,
requireProxyForNetworkRules: false,
servers: ["string"],
},
snat: {
autoLearnPrivateRanges: "string",
privateRanges: ["string"],
},
sql: {
allowSqlRedirect: false,
},
tags: {
string: "string",
},
threatIntelMode: "string",
threatIntelWhitelist: {
fqdns: ["string"],
ipAddresses: ["string"],
},
});
type: azure-native:network:FirewallPolicyDraft
properties:
basePolicy:
id: string
dnsSettings:
enableProxy: false
requireProxyForNetworkRules: false
servers:
- string
explicitProxy:
enableExplicitProxy: false
enablePacFile: false
httpPort: 0
httpsPort: 0
pacFile: string
pacFilePort: 0
firewallPolicyName: string
id: string
insights:
isEnabled: false
logAnalyticsResources:
defaultWorkspaceId:
id: string
workspaces:
- region: string
workspaceId:
id: string
retentionDays: 0
intrusionDetection:
configuration:
bypassTrafficSettings:
- description: string
destinationAddresses:
- string
destinationIpGroups:
- string
destinationPorts:
- string
name: string
protocol: string
sourceAddresses:
- string
sourceIpGroups:
- string
privateRanges:
- string
signatureOverrides:
- id: string
mode: string
mode: string
profile: string
location: string
resourceGroupName: string
snat:
autoLearnPrivateRanges: string
privateRanges:
- string
sql:
allowSqlRedirect: false
tags:
string: string
threatIntelMode: string
threatIntelWhitelist:
fqdns:
- string
ipAddresses:
- string
FirewallPolicyDraft Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FirewallPolicyDraft resource accepts the following input properties:
- Firewall
Policy stringName - The name of the Firewall Policy.
- Resource
Group stringName - The name of the resource group.
- Base
Policy Pulumi.Azure Native. Network. Inputs. Sub Resource - The parent firewall policy from which rules are inherited.
- Dns
Settings Pulumi.Azure Native. Network. Inputs. Dns Settings - DNS Proxy Settings definition.
- Explicit
Proxy Pulumi.Azure Native. Network. Inputs. Explicit Proxy - Explicit Proxy Settings definition.
- Id string
- Resource ID.
- Insights
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Insights - Insights on Firewall Policy.
- Intrusion
Detection Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection - The configuration for Intrusion detection.
- Location string
- Resource location.
- Snat
Pulumi.
Azure Native. Network. Inputs. Firewall Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- Sql
Pulumi.
Azure Native. Network. Inputs. Firewall Policy SQL - SQL Settings definition.
- Dictionary<string, string>
- Resource tags.
- Threat
Intel string | Pulumi.Mode Azure Native. Network. Azure Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Threat
Intel Pulumi.Whitelist Azure Native. Network. Inputs. Firewall Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- Firewall
Policy stringName - The name of the Firewall Policy.
- Resource
Group stringName - The name of the resource group.
- Base
Policy SubResource Args - The parent firewall policy from which rules are inherited.
- Dns
Settings DnsSettings Args - DNS Proxy Settings definition.
- Explicit
Proxy ExplicitProxy Args - Explicit Proxy Settings definition.
- Id string
- Resource ID.
- Insights
Firewall
Policy Insights Args - Insights on Firewall Policy.
- Intrusion
Detection FirewallPolicy Intrusion Detection Args - The configuration for Intrusion detection.
- Location string
- Resource location.
- Snat
Firewall
Policy SNATArgs - The private IP addresses/IP ranges to which traffic will not be SNAT.
- Sql
Firewall
Policy SQLArgs - SQL Settings definition.
- map[string]string
- Resource tags.
- Threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- Threat
Intel FirewallWhitelist Policy Threat Intel Whitelist Args - ThreatIntel Whitelist for Firewall Policy.
- firewall
Policy StringName - The name of the Firewall Policy.
- resource
Group StringName - The name of the resource group.
- base
Policy SubResource - The parent firewall policy from which rules are inherited.
- dns
Settings DnsSettings - DNS Proxy Settings definition.
- explicit
Proxy ExplicitProxy - Explicit Proxy Settings definition.
- id String
- Resource ID.
- insights
Firewall
Policy Insights - Insights on Firewall Policy.
- intrusion
Detection FirewallPolicy Intrusion Detection - The configuration for Intrusion detection.
- location String
- Resource location.
- snat
Firewall
Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQL - SQL Settings definition.
- Map<String,String>
- Resource tags.
- threat
Intel String | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat
Intel FirewallWhitelist Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- firewall
Policy stringName - The name of the Firewall Policy.
- resource
Group stringName - The name of the resource group.
- base
Policy SubResource - The parent firewall policy from which rules are inherited.
- dns
Settings DnsSettings - DNS Proxy Settings definition.
- explicit
Proxy ExplicitProxy - Explicit Proxy Settings definition.
- id string
- Resource ID.
- insights
Firewall
Policy Insights - Insights on Firewall Policy.
- intrusion
Detection FirewallPolicy Intrusion Detection - The configuration for Intrusion detection.
- location string
- Resource location.
- snat
Firewall
Policy SNAT - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQL - SQL Settings definition.
- {[key: string]: string}
- Resource tags.
- threat
Intel string | AzureMode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat
Intel FirewallWhitelist Policy Threat Intel Whitelist - ThreatIntel Whitelist for Firewall Policy.
- firewall_
policy_ strname - The name of the Firewall Policy.
- resource_
group_ strname - The name of the resource group.
- base_
policy SubResource Args - The parent firewall policy from which rules are inherited.
- dns_
settings DnsSettings Args - DNS Proxy Settings definition.
- explicit_
proxy ExplicitProxy Args - Explicit Proxy Settings definition.
- id str
- Resource ID.
- insights
Firewall
Policy Insights Args - Insights on Firewall Policy.
- intrusion_
detection FirewallPolicy Intrusion Detection Args - The configuration for Intrusion detection.
- location str
- Resource location.
- snat
Firewall
Policy SNATArgs - The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql
Firewall
Policy SQLArgs - SQL Settings definition.
- Mapping[str, str]
- Resource tags.
- threat_
intel_ str | Azuremode Firewall Threat Intel Mode - The operation mode for Threat Intelligence.
- threat_
intel_ Firewallwhitelist Policy Threat Intel Whitelist Args - ThreatIntel Whitelist for Firewall Policy.
- firewall
Policy StringName - The name of the Firewall Policy.
- resource
Group StringName - The name of the resource group.
- base
Policy Property Map - The parent firewall policy from which rules are inherited.
- dns
Settings Property Map - DNS Proxy Settings definition.
- explicit
Proxy Property Map - Explicit Proxy Settings definition.
- id String
- Resource ID.
- insights Property Map
- Insights on Firewall Policy.
- intrusion
Detection Property Map - The configuration for Intrusion detection.
- location String
- Resource location.
- snat Property Map
- The private IP addresses/IP ranges to which traffic will not be SNAT.
- sql Property Map
- SQL Settings definition.
- Map<String>
- Resource tags.
- threat
Intel String | "Alert" | "Deny" | "Off"Mode - The operation mode for Threat Intelligence.
- threat
Intel Property MapWhitelist - ThreatIntel Whitelist for Firewall Policy.
Outputs
All input properties are implicitly available as output properties. Additionally, the FirewallPolicyDraft resource produces the following output properties:
Supporting Types
AutoLearnPrivateRangesMode, AutoLearnPrivateRangesModeArgs
- Enabled
- Enabled
- Disabled
- Disabled
- Auto
Learn Private Ranges Mode Enabled - Enabled
- Auto
Learn Private Ranges Mode Disabled - Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- Enabled
- Enabled
- Disabled
- Disabled
- ENABLED
- Enabled
- DISABLED
- Disabled
- "Enabled"
- Enabled
- "Disabled"
- Disabled
AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Azure
Firewall Threat Intel Mode Alert - Alert
- Azure
Firewall Threat Intel Mode Deny - Deny
- Azure
Firewall Threat Intel Mode Off - Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- ALERT
- Alert
- DENY
- Deny
- OFF
- Off
- "Alert"
- Alert
- "Deny"
- Deny
- "Off"
- Off
DnsSettings, DnsSettingsArgs
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers List<string>
- List of Custom DNS Servers.
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers []string
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
- enable
Proxy boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy booleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers string[]
- List of Custom DNS Servers.
- enable_
proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require_
proxy_ boolfor_ network_ rules - FQDNs in Network Rules are supported when set to true.
- servers Sequence[str]
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
DnsSettingsResponse, DnsSettingsResponseArgs
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers List<string>
- List of Custom DNS Servers.
- Enable
Proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- Require
Proxy boolFor Network Rules - FQDNs in Network Rules are supported when set to true.
- Servers []string
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
- enable
Proxy boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy booleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers string[]
- List of Custom DNS Servers.
- enable_
proxy bool - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require_
proxy_ boolfor_ network_ rules - FQDNs in Network Rules are supported when set to true.
- servers Sequence[str]
- List of Custom DNS Servers.
- enable
Proxy Boolean - Enable DNS Proxy on Firewalls attached to the Firewall Policy.
- require
Proxy BooleanFor Network Rules - FQDNs in Network Rules are supported when set to true.
- servers List<String>
- List of Custom DNS Servers.
ExplicitProxy, ExplicitProxyArgs
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Integer - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Integer - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File IntegerPort - Port number for firewall to serve PAC file.
- enable
Explicit booleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac booleanFile - When set to true, pac file port and url needs to be provided.
- http
Port number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File string - SAS URL for PAC file.
- pac
File numberPort - Port number for firewall to serve PAC file.
- enable_
explicit_ boolproxy - When set to true, explicit proxy mode is enabled.
- enable_
pac_ boolfile - When set to true, pac file port and url needs to be provided.
- http_
port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https_
port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac_
file str - SAS URL for PAC file.
- pac_
file_ intport - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File NumberPort - Port number for firewall to serve PAC file.
ExplicitProxyResponse, ExplicitProxyResponseArgs
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- Enable
Explicit boolProxy - When set to true, explicit proxy mode is enabled.
- Enable
Pac boolFile - When set to true, pac file port and url needs to be provided.
- Http
Port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- Https
Port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- Pac
File string - SAS URL for PAC file.
- Pac
File intPort - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Integer - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Integer - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File IntegerPort - Port number for firewall to serve PAC file.
- enable
Explicit booleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac booleanFile - When set to true, pac file port and url needs to be provided.
- http
Port number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File string - SAS URL for PAC file.
- pac
File numberPort - Port number for firewall to serve PAC file.
- enable_
explicit_ boolproxy - When set to true, explicit proxy mode is enabled.
- enable_
pac_ boolfile - When set to true, pac file port and url needs to be provided.
- http_
port int - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https_
port int - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac_
file str - SAS URL for PAC file.
- pac_
file_ intport - Port number for firewall to serve PAC file.
- enable
Explicit BooleanProxy - When set to true, explicit proxy mode is enabled.
- enable
Pac BooleanFile - When set to true, pac file port and url needs to be provided.
- http
Port Number - Port number for explicit proxy http protocol, cannot be greater than 64000.
- https
Port Number - Port number for explicit proxy https protocol, cannot be greater than 64000.
- pac
File String - SAS URL for PAC file.
- pac
File NumberPort - Port number for firewall to serve PAC file.
FirewallPolicyInsights, FirewallPolicyInsightsArgs
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics Pulumi.Resources Azure Native. Network. Inputs. Firewall Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Integer - Number of days the insights should be enabled on the policy.
- is
Enabled boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days number - Number of days the insights should be enabled on the policy.
- is_
enabled bool - A flag to indicate if the insights are enabled on the policy.
- log_
analytics_ Firewallresources Policy Log Analytics Resources - Workspaces needed to configure the Firewall Policy Insights.
- retention_
days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics Property MapResources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Number - Number of days the insights should be enabled on the policy.
FirewallPolicyInsightsResponse, FirewallPolicyInsightsResponseArgs
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics Pulumi.Resources Azure Native. Network. Inputs. Firewall Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- Is
Enabled bool - A flag to indicate if the insights are enabled on the policy.
- Log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- Retention
Days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Integer - Number of days the insights should be enabled on the policy.
- is
Enabled boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics FirewallResources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days number - Number of days the insights should be enabled on the policy.
- is_
enabled bool - A flag to indicate if the insights are enabled on the policy.
- log_
analytics_ Firewallresources Policy Log Analytics Resources Response - Workspaces needed to configure the Firewall Policy Insights.
- retention_
days int - Number of days the insights should be enabled on the policy.
- is
Enabled Boolean - A flag to indicate if the insights are enabled on the policy.
- log
Analytics Property MapResources - Workspaces needed to configure the Firewall Policy Insights.
- retention
Days Number - Number of days the insights should be enabled on the policy.
FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs
- Configuration
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- Mode
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- Configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- Mode
string | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile
string | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
String | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
String | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
string | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
string | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration - Intrusion detection configuration properties.
- mode
str | Firewall
Policy Intrusion Detection State Type - Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile
str | Firewall
Policy Intrusion Detection Profile Type - IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration Property Map
- Intrusion detection configuration properties.
- mode String | "Off" | "Alert" | "Deny"
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String | "Basic" | "Standard" | "Advanced" | "Extended"
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
FirewallPolicyIntrusionDetectionBypassTrafficSpecifications, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses List<string> - List of destination IP addresses or ranges for this rule.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection Protocol - The rule bypass protocol.
- Source
Addresses List<string> - List of source IP addresses or ranges for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses []string - List of destination IP addresses or ranges for this rule.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol
string | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- Source
Addresses []string - List of source IP addresses or ranges for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol
String | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the bypass traffic rule.
- destination
Addresses string[] - List of destination IP addresses or ranges for this rule.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports or ranges.
- name string
- Name of the bypass traffic rule.
- protocol
string | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source
Addresses string[] - List of source IP addresses or ranges for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the bypass traffic rule.
- destination_
addresses Sequence[str] - List of destination IP addresses or ranges for this rule.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports or ranges.
- name str
- Name of the bypass traffic rule.
- protocol
str | Firewall
Policy Intrusion Detection Protocol - The rule bypass protocol.
- source_
addresses Sequence[str] - List of source IP addresses or ranges for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String | "TCP" | "UDP" | "ICMP" | "ANY"
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses List<string> - List of destination IP addresses or ranges for this rule.
- Destination
Ip List<string>Groups - List of destination IpGroups for this rule.
- Destination
Ports List<string> - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol string
- The rule bypass protocol.
- Source
Addresses List<string> - List of source IP addresses or ranges for this rule.
- Source
Ip List<string>Groups - List of source IpGroups for this rule.
- Description string
- Description of the bypass traffic rule.
- Destination
Addresses []string - List of destination IP addresses or ranges for this rule.
- Destination
Ip []stringGroups - List of destination IpGroups for this rule.
- Destination
Ports []string - List of destination ports or ranges.
- Name string
- Name of the bypass traffic rule.
- Protocol string
- The rule bypass protocol.
- Source
Addresses []string - List of source IP addresses or ranges for this rule.
- Source
Ip []stringGroups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
- description string
- Description of the bypass traffic rule.
- destination
Addresses string[] - List of destination IP addresses or ranges for this rule.
- destination
Ip string[]Groups - List of destination IpGroups for this rule.
- destination
Ports string[] - List of destination ports or ranges.
- name string
- Name of the bypass traffic rule.
- protocol string
- The rule bypass protocol.
- source
Addresses string[] - List of source IP addresses or ranges for this rule.
- source
Ip string[]Groups - List of source IpGroups for this rule.
- description str
- Description of the bypass traffic rule.
- destination_
addresses Sequence[str] - List of destination IP addresses or ranges for this rule.
- destination_
ip_ Sequence[str]groups - List of destination IpGroups for this rule.
- destination_
ports Sequence[str] - List of destination ports or ranges.
- name str
- Name of the bypass traffic rule.
- protocol str
- The rule bypass protocol.
- source_
addresses Sequence[str] - List of source IP addresses or ranges for this rule.
- source_
ip_ Sequence[str]groups - List of source IpGroups for this rule.
- description String
- Description of the bypass traffic rule.
- destination
Addresses List<String> - List of destination IP addresses or ranges for this rule.
- destination
Ip List<String>Groups - List of destination IpGroups for this rule.
- destination
Ports List<String> - List of destination ports or ranges.
- name String
- Name of the bypass traffic rule.
- protocol String
- The rule bypass protocol.
- source
Addresses List<String> - List of source IP addresses or ranges for this rule.
- source
Ip List<String>Groups - List of source IpGroups for this rule.
FirewallPolicyIntrusionDetectionConfiguration, FirewallPolicyIntrusionDetectionConfigurationArgs
- Bypass
Traffic List<Pulumi.Settings Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Bypass Traffic Specifications> - List of rules for traffic to bypass.
- Private
Ranges List<string> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides List<Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Signature Specification> - List of specific signatures states.
- Bypass
Traffic []FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications - List of rules for traffic to bypass.
- Private
Ranges []string - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Specification - List of specific signatures states.
- bypass
Traffic List<FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications> - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Specification> - List of specific signatures states.
- bypass
Traffic FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications[] - List of rules for traffic to bypass.
- private
Ranges string[] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides FirewallPolicy Intrusion Detection Signature Specification[] - List of specific signatures states.
- bypass_
traffic_ Sequence[Firewallsettings Policy Intrusion Detection Bypass Traffic Specifications] - List of rules for traffic to bypass.
- private_
ranges Sequence[str] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Specification] - List of specific signatures states.
- bypass
Traffic List<Property Map>Settings - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<Property Map> - List of specific signatures states.
FirewallPolicyIntrusionDetectionConfigurationResponse, FirewallPolicyIntrusionDetectionConfigurationResponseArgs
- Bypass
Traffic List<Pulumi.Settings Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Bypass Traffic Specifications Response> - List of rules for traffic to bypass.
- Private
Ranges List<string> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides List<Pulumi.Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Signature Specification Response> - List of specific signatures states.
- Bypass
Traffic []FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response - List of rules for traffic to bypass.
- Private
Ranges []string - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- Signature
Overrides []FirewallPolicy Intrusion Detection Signature Specification Response - List of specific signatures states.
- bypass
Traffic List<FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response> - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<FirewallPolicy Intrusion Detection Signature Specification Response> - List of specific signatures states.
- bypass
Traffic FirewallSettings Policy Intrusion Detection Bypass Traffic Specifications Response[] - List of rules for traffic to bypass.
- private
Ranges string[] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides FirewallPolicy Intrusion Detection Signature Specification Response[] - List of specific signatures states.
- bypass_
traffic_ Sequence[Firewallsettings Policy Intrusion Detection Bypass Traffic Specifications Response] - List of rules for traffic to bypass.
- private_
ranges Sequence[str] - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature_
overrides Sequence[FirewallPolicy Intrusion Detection Signature Specification Response] - List of specific signatures states.
- bypass
Traffic List<Property Map>Settings - List of rules for traffic to bypass.
- private
Ranges List<String> - IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
- signature
Overrides List<Property Map> - List of specific signatures states.
FirewallPolicyIntrusionDetectionProfileType, FirewallPolicyIntrusionDetectionProfileTypeArgs
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- Firewall
Policy Intrusion Detection Profile Type Basic - Basic
- Firewall
Policy Intrusion Detection Profile Type Standard - Standard
- Firewall
Policy Intrusion Detection Profile Type Advanced - Advanced
- Firewall
Policy Intrusion Detection Profile Type Extended - Extended
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- Basic
- Basic
- Standard
- Standard
- Advanced
- Advanced
- Extended
- Extended
- BASIC
- Basic
- STANDARD
- Standard
- ADVANCED
- Advanced
- EXTENDED
- Extended
- "Basic"
- Basic
- "Standard"
- Standard
- "Advanced"
- Advanced
- "Extended"
- Extended
FirewallPolicyIntrusionDetectionProtocol, FirewallPolicyIntrusionDetectionProtocolArgs
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- Firewall
Policy Intrusion Detection Protocol TCP - TCP
- Firewall
Policy Intrusion Detection Protocol UDP - UDP
- Firewall
Policy Intrusion Detection Protocol ICMP - ICMP
- Firewall
Policy Intrusion Detection Protocol ANY - ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- TCP
- TCP
- UDP
- UDP
- ICMP
- ICMP
- ANY
- ANY
- "TCP"
- TCP
- "UDP"
- UDP
- "ICMP"
- ICMP
- "ANY"
- ANY
FirewallPolicyIntrusionDetectionResponse, FirewallPolicyIntrusionDetectionResponseArgs
- Configuration
Pulumi.
Azure Native. Network. Inputs. Firewall Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- Mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- Configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- Mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- Profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode String
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode string
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile string
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration
Firewall
Policy Intrusion Detection Configuration Response - Intrusion detection configuration properties.
- mode str
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile str
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
- configuration Property Map
- Intrusion detection configuration properties.
- mode String
- Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
- profile String
- IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.
FirewallPolicyIntrusionDetectionSignatureSpecification, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
- Id string
- Signature id.
- Mode
string | Pulumi.
Azure Native. Network. Firewall Policy Intrusion Detection State Type - The signature state.
- Id string
- Signature id.
- Mode
string | Firewall
Policy Intrusion Detection State Type - The signature state.
- id String
- Signature id.
- mode
String | Firewall
Policy Intrusion Detection State Type - The signature state.
- id string
- Signature id.
- mode
string | Firewall
Policy Intrusion Detection State Type - The signature state.
- id str
- Signature id.
- mode
str | Firewall
Policy Intrusion Detection State Type - The signature state.
- id String
- Signature id.
- mode String | "Off" | "Alert" | "Deny"
- The signature state.
FirewallPolicyIntrusionDetectionSignatureSpecificationResponse, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs
FirewallPolicyIntrusionDetectionStateType, FirewallPolicyIntrusionDetectionStateTypeArgs
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Firewall
Policy Intrusion Detection State Type Off - Off
- Firewall
Policy Intrusion Detection State Type Alert - Alert
- Firewall
Policy Intrusion Detection State Type Deny - Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- OFF
- Off
- ALERT
- Alert
- DENY
- Deny
- "Off"
- Off
- "Alert"
- Alert
- "Deny"
- Deny
FirewallPolicyLogAnalyticsResources, FirewallPolicyLogAnalyticsResourcesArgs
- Default
Workspace Pulumi.Id Azure Native. Network. Inputs. Sub Resource - The default workspace Id for Firewall Policy Insights.
- Workspaces
List<Pulumi.
Azure Native. Network. Inputs. Firewall Policy Log Analytics Workspace> - List of workspaces for Firewall Policy Insights.
- Default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- Workspaces
[]Firewall
Policy Log Analytics Workspace - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
List<Firewall
Policy Log Analytics Workspace> - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
Firewall
Policy Log Analytics Workspace[] - List of workspaces for Firewall Policy Insights.
- default_
workspace_ Subid Resource - The default workspace Id for Firewall Policy Insights.
- workspaces
Sequence[Firewall
Policy Log Analytics Workspace] - List of workspaces for Firewall Policy Insights.
- default
Workspace Property MapId - The default workspace Id for Firewall Policy Insights.
- workspaces List<Property Map>
- List of workspaces for Firewall Policy Insights.
FirewallPolicyLogAnalyticsResourcesResponse, FirewallPolicyLogAnalyticsResourcesResponseArgs
- Default
Workspace Pulumi.Id Azure Native. Network. Inputs. Sub Resource Response - The default workspace Id for Firewall Policy Insights.
- Workspaces
List<Pulumi.
Azure Native. Network. Inputs. Firewall Policy Log Analytics Workspace Response> - List of workspaces for Firewall Policy Insights.
- Default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- Workspaces
[]Firewall
Policy Log Analytics Workspace Response - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
List<Firewall
Policy Log Analytics Workspace Response> - List of workspaces for Firewall Policy Insights.
- default
Workspace SubId Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
Firewall
Policy Log Analytics Workspace Response[] - List of workspaces for Firewall Policy Insights.
- default_
workspace_ Subid Resource Response - The default workspace Id for Firewall Policy Insights.
- workspaces
Sequence[Firewall
Policy Log Analytics Workspace Response] - List of workspaces for Firewall Policy Insights.
- default
Workspace Property MapId - The default workspace Id for Firewall Policy Insights.
- workspaces List<Property Map>
- List of workspaces for Firewall Policy Insights.
FirewallPolicyLogAnalyticsWorkspace, FirewallPolicyLogAnalyticsWorkspaceArgs
- Region string
- Region to configure the Workspace.
- Workspace
Id Pulumi.Azure Native. Network. Inputs. Sub Resource - The workspace Id for Firewall Policy Insights.
- Region string
- Region to configure the Workspace.
- Workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region string
- Region to configure the Workspace.
- workspace
Id SubResource - The workspace Id for Firewall Policy Insights.
- region str
- Region to configure the Workspace.
- workspace_
id SubResource - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id Property Map - The workspace Id for Firewall Policy Insights.
FirewallPolicyLogAnalyticsWorkspaceResponse, FirewallPolicyLogAnalyticsWorkspaceResponseArgs
- Region string
- Region to configure the Workspace.
- Workspace
Id Pulumi.Azure Native. Network. Inputs. Sub Resource Response - The workspace Id for Firewall Policy Insights.
- Region string
- Region to configure the Workspace.
- Workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region string
- Region to configure the Workspace.
- workspace
Id SubResource Response - The workspace Id for Firewall Policy Insights.
- region str
- Region to configure the Workspace.
- workspace_
id SubResource Response - The workspace Id for Firewall Policy Insights.
- region String
- Region to configure the Workspace.
- workspace
Id Property Map - The workspace Id for Firewall Policy Insights.
FirewallPolicySNAT, FirewallPolicySNATArgs
- Auto
Learn string | Pulumi.Private Ranges Azure Native. Network. Auto Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges List<string> - List of private IP addresses/IP address ranges to not be SNAT.
- Auto
Learn string | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges []string - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn String | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn string | AutoPrivate Ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges string[] - List of private IP addresses/IP address ranges to not be SNAT.
- auto_
learn_ str | Autoprivate_ ranges Learn Private Ranges Mode - The operation mode for automatically learning private ranges to not be SNAT
- private_
ranges Sequence[str] - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn String | "Enabled" | "Disabled"Private Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
FirewallPolicySNATResponse, FirewallPolicySNATResponseArgs
- Auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges List<string> - List of private IP addresses/IP address ranges to not be SNAT.
- Auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- Private
Ranges []string - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn StringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn stringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges string[] - List of private IP addresses/IP address ranges to not be SNAT.
- auto_
learn_ strprivate_ ranges - The operation mode for automatically learning private ranges to not be SNAT
- private_
ranges Sequence[str] - List of private IP addresses/IP address ranges to not be SNAT.
- auto
Learn StringPrivate Ranges - The operation mode for automatically learning private ranges to not be SNAT
- private
Ranges List<String> - List of private IP addresses/IP address ranges to not be SNAT.
FirewallPolicySQL, FirewallPolicySQLArgs
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql booleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow_
sql_ boolredirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
FirewallPolicySQLResponse, FirewallPolicySQLResponseArgs
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- Allow
Sql boolRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql booleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow_
sql_ boolredirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
- allow
Sql BooleanRedirect - A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.
FirewallPolicyThreatIntelWhitelist, FirewallPolicyThreatIntelWhitelistArgs
- Fqdns List<string>
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses List<string> - List of IP addresses for the ThreatIntel Whitelist.
- Fqdns []string
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses []string - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
- fqdns string[]
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses string[] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns Sequence[str]
- List of FQDNs for the ThreatIntel Whitelist.
- ip_
addresses Sequence[str] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
FirewallPolicyThreatIntelWhitelistResponse, FirewallPolicyThreatIntelWhitelistResponseArgs
- Fqdns List<string>
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses List<string> - List of IP addresses for the ThreatIntel Whitelist.
- Fqdns []string
- List of FQDNs for the ThreatIntel Whitelist.
- Ip
Addresses []string - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
- fqdns string[]
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses string[] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns Sequence[str]
- List of FQDNs for the ThreatIntel Whitelist.
- ip_
addresses Sequence[str] - List of IP addresses for the ThreatIntel Whitelist.
- fqdns List<String>
- List of FQDNs for the ThreatIntel Whitelist.
- ip
Addresses List<String> - List of IP addresses for the ThreatIntel Whitelist.
SubResource, SubResourceArgs
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id str
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
SubResourceResponse, SubResourceResponseArgs
- Id string
- Resource ID.
- Id string
- Resource ID.
- id String
- Resource ID.
- id string
- Resource ID.
- id str
- Resource ID.
- id String
- Resource ID.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:network:FirewallPolicyDraft firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0
This is the latest version of Azure Native. Use the Azure Native v1 docs if using the v1 version of this package.
Azure Native v2.89.1 published on Sunday, Mar 2, 2025 by Pulumi