How to get all firewall rules across multiple subscriptions and multiple RG's with all the properties via Azures Resource Graph?
Hi, We are looking for some help with proper formulation of a query that would give us all firewall rules with all properties . We have multiple firewall both with classic rules and firewall policy ones as well spread across multiple subscriptions.
Azure Firewall
Azure Firewall Manager
-
ChaitanyaNaykodi-MSFT 24,656 Reputation points • Microsoft Employee
2024-03-11T22:05:29.7+00:00 Thank you for reaching out.
I understand you want to create backup of all the Azure Firewall and Azure firewall policies across different Resource groups and Subscriptions.
I think it will help if you could go through this blogs and see if that satisfies your requirements.
- Backup Azure Firewall and Azure Firewall Policy with Logic Apps: For multiple resource groups and subscriptions you can try the for each loop of azure logic app to loop through an array of RG names and Subscriptions. You can use this thread as reference.
Hope this helps. Please let me know if you have any additional questions. Thanks!
-
Nishant Sharma 0 Reputation points
2024-03-12T09:01:42.8133333+00:00 @ChaitanyaNaykodi-MSFT We are not looking for backup of rules, we are trying to create inventory and overview of all the rules across firewall. Do you have any suggestions for such cases ?
-
GitaraniSharma-MSFT 49,391 Reputation points • Microsoft Employee
2024-03-18T11:28:24.17+00:00 Hello @Nishant Sharma ,
You can use Azure Firewall Workbook. Using Azure Firewall Workbook, you can gain insights into Azure Firewall events, learn about your application and network rules, and see statistics for firewall activities across URLs, ports, and addresses.
You can tap into multiple Firewalls deployed across Azure and combine them into unified interactive experiences.
Before deploying Azure Firewall Workbook, you should enable diagnostic logging for Azure Firewall structured logs through the Azure portal.
Refer: https://learn.microsoft.com/en-us/azure/firewall/firewall-structured-logs#enable-structured-logs
Then deploy Azure Firewall workbook and monitor logs using Azure Firewall workbook:
https://learn.microsoft.com/en-us/azure/firewall/firewall-workbook
If you want to use legacy logs, you can enable diagnostic logging using the Azure portal. Then go to GitHub Workbook for Azure Firewall and follow the instructions on the page.
Kindly let us know if the above helps or you need further assistance on this issue.
Regards,
Gita
-
GitaraniSharma-MSFT 49,391 Reputation points • Microsoft Employee
2024-03-21T12:56:40.2433333+00:00 @Nishant Sharma , Could you please provide an update on this post? Kindly let us know if the above helps or you need further assistance on this issue.
-
Nishant Sharma 0 Reputation points
2024-03-26T15:14:31.92+00:00 Azure workbooks doesn't serves the purpose since it pulls data from log table, so it might or might not contain all the rules specific information.
-
Shivam Singh 215 Reputation points
2024-03-26T16:19:47.56+00:00 Hi Nishant,
you can try below queryresources
| where type == 'microsoft.network/securityGroups' // For classic firewall rules or type == 'microsoft.network/firewallPolicies' // For firewall policy rules
| project subscriptionId = subscription.id,
resourceGroup = resourceGroup,location = location,
name = name,
priority = properties.priority,
direction = properties.direction,
sourceAddressPrefix = properties.sourceAddressPrefix,
destinationAddressPrefix = properties.destinationAddressPrefix,
destinationPortRange = properties.destinationPortRange,
access = properties.access,
protocol = properties.protocol
| extend outboundNatRules = todynamic(outboundNatRules)
| project-away outboundNatRules
-
GitaraniSharma-MSFT 49,391 Reputation points • Microsoft Employee
2024-04-05T12:26:01.6533333+00:00 Hello @Nishant Sharma ,
I checked but looks like Classic rules for Azure firewall are not directly accessible via Azure Resource Graph. To retrieve classic firewall rules, you would need to use Azure PowerShell or Azure CLI commands.
Azure Firewall supports both Classic rules and policies, but policies are the recommended configuration.
Refer: https://learn.microsoft.com/en-us/azure/firewall-manager/policy-overview#classic-rules-and-policies
https://github.com/quiveringbacon/azfwclassicrulesbackup/blob/main/classicrulesbackup.ps1
Regards,
Gita
Sign in to comment