In the reference documentation for creating rules in rule collection groups in Azure Firewall Policy the description field is listed as valid for individual rules: https://learn.microsoft.com/en-us/azure/templates/microsoft.network/firewallpolicies/rulecollectiongroups?pivots=deployment-language-bicep#firewallpolicyrulecollection-objects However, the description property is not visible in the portal, or when querying rules with PowerShell, even when the rules are deployed with this property set. Is this an error in the API definition/resource schema? Would be very useful if this property is 1) Actually represented in the resource properties in Azure 2) Visible in the portal (via Firewall Manager)

Hi @Mats Estensen , Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well. I was able to get this checked internally. I can confirm that our Product group is aware of this and are currently working to resolve this. Please let me know if you require additional details/information on this Cheers, Kapil

Missing description field for Azure Firewall Policy Rule Collection Group rules

Accepted answer

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2022-10-17T12:02:04.487+00:00

Hi @Mats Estensen ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I was able to get this checked internally.
I can confirm that our Product group is aware of this and are currently working to resolve this.

Please let me know if you require additional details/information on this

Cheers,
Kapil
Please sign in to rate this answer.
Jarvis 0 Reputation points

2023-10-26T21:25:26.4133333+00:00

@KapilAnanth-MSFT any update on this? I have the same issue.

Jarvis 0 Reputation points

2023-10-26T21:26:14.2466667+00:00

Is there a way to track the progress on this?

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2023-11-01T10:02:25.5066667+00:00

Jarvis

I shall check internally and update this thread for a ETA.

Cheers,

Kapil

Jarvis 0 Reputation points

2023-11-13T16:46:44.4366667+00:00

@KapilAnanth-MSFT Any updates on this? Also, can you pass along and see if the "Description" could also be a hover text at the collection table level as well? Thanks!

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2023-11-16T09:56:17.6333333+00:00

Jarvis,

Thank you for the follow up.

I was in contact with the Product team and they informed me the current ETA for the fix is Feb/March 2024.

Cheers,

Kapil

Jarvis 0 Reputation points

2024-04-17T20:28:14.53+00:00

@KapilAnanth-MSFT what ever happened to this?

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2024-04-22T14:18:37.2833333+00:00

Jarvis,

The issue has been fixed with latest versions of Powershell.

You should be able to see it using,

$ruleCollectionGroup = Get-AzFirewallPolicyRuleCollectionGroup -Name <NameOfRuleCollectionGroup> -ResourceGroupName <RGName> -AzureFirewallPolicyName <AzFwPolicyName> $ruleCollectionGroup.properties.rulecollection[0].rules[0].description

We do not have an ETA with Portal as of now.

Should I receive an update for Portal, I shall share the same in this thread

Cheers,

Kapil

Jarvis 0 Reputation points

2024-05-07T02:20:15.6333333+00:00

@KapilAnanth-MSFT thanks for the update. Definitely let me know if we can push it to the portal, too. Thanks again!

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2024-05-07T05:28:06.9366667+00:00

Jarvis,

Sure.

You are most welcome.

Cheers,

Kapil

Edgar Dockus 0 Reputation points

2024-08-06T15:34:35.1266667+00:00

And when do they intend to resolve it, given that it's the second half of 2024?

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2024-08-07T05:03:34.98+00:00

Edgar Dockus - Currently, we do not have an ETA

The recommendation is to use latest versions of Powershell.

Edgar Dockus 0 Reputation points

2024-08-07T10:26:25.39+00:00

It does not seem to work via PowerShell either. Or it could be a terraform provider issue. When I set a description on a rule via https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group and then check via PowerShell (7.4.4) description field is empty.

KapilAnanth-MSFT 47,196 Reputation points Microsoft Employee

2024-08-08T06:08:40.0433333+00:00

Edgar Dockus ,

I did a lab and I was able to see the Description.

I create the Firewall Policy and Rule Collection Group via the Terraform template.

resource "azurerm_resource_group" "fwrg" { name = "fwrg" location = "West Europe" } resource "azurerm_firewall_policy" "fwpolicy" { name = "fwpolicy" resource_group_name = azurerm_resource_group.fwrg.name location = azurerm_resource_group.fwrg.location } resource "azurerm_firewall_policy_rule_collection_group" "rcg" { name = "rcg" firewall_policy_id = azurerm_firewall_policy.fwpolicy.id priority = 500 network_rule_collection { name = "network_rule_collection1" priority = 400 action = "Deny" rule { name = "network_rule_collection1_rule1" protocols = ["TCP", "UDP"] source_addresses = ["10.0.0.1"] destination_addresses = ["192.168.1.1", "192.168.1.2"] destination_ports = ["80", "1000-2000"] description = "testDescFromTerraform" } } }

I then try to get the Description field of the rule, using Powershell

$ruleCollectionGroup = Get-AzFirewallPolicyRuleCollectionGroup -Name rcg -ResourceGroupName fwrg -AzureFirewallPolicyName fwpolicy $ruleCollectionGroup.properties.rulecollection[0].rules[0].description

As you can see, I am successful

Thanks,

Kapil

Edgar Dockus 0 Reputation points

2024-08-19T06:20:58.98+00:00

Indeed this does work!
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Missing description field for Azure Firewall Policy Rule Collection Group rules

0 additional answers

Your answer