How to migrate Azure Firewall Policies/Configuration to a different Azure account?

Jaikishan A Sah (jaisah) 0 Reputation points
2024-01-29T10:24:03.38+00:00

What is the process for migrating or importing existing Azure Firewall Policies/Configuration to different Azure accounts? I have a "template.json" and "parameters.json" file from another Azure Firewall setup, and I want to import those files into my Azure account to verify the Policies and Configuration rules. How can I achieve this?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
544 questions
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
76 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 32,426 Reputation points Microsoft Employee
    2024-01-30T06:21:55.8866667+00:00

    @Jaikishan A Sah (jaisah)

    Can you please confirm if the JSON file which you are referring, is it from a "Firewall Policy" or "Azure Firewall using Classic Rules" ?

    • If you only have the JSON file and not access to the Firewall Policy, I don't think so any Azure commands would help.
    • Because, you are just processing a JSON file and not an Azure Resource - in which case, the community members will be unable to provide a script.
    • However, should you have access to the Firewall Policy - you can refer to How to get all firewall rules with all the properties.

    With that said,

    • I would not recommend this.
    • The rules and rule collection groups is a complex nesting of Rules, Rule Collection and Rule Collection Group on JSON and is not suitable to be stored as a CSV or Excel file.
    • It's better to store them as JSON file only - which would further be easy for you to reuse this code in future deployments.

    E.g.,

    I have the below set up

    • User's image
    • This would contain three JSON objects, each for one RuleCollectionGroup.
    • And each RuleCollectionGroup will contain a list of RuleCollections.
    • And each RuleCollection will contain a list of Rules.
    • All in JSON Format.

    See:

    1.The entire RuleCollectionGroup "DefaultApplicationRuleCollectionGroup"

    User's image

    2.A RuleCollection called "applicationRuleCollection" inside the "DefaultApplicationRuleCollectionGroup" (highlighted)

    User's image

    1. Similarly, the rules section further contains the Rules inside this RuleCollection

    The advantage here is that,

    • if you want to reuse a Rule or RuleCollection or RuleCollectionGroup, you can simply copy the Rule or RuleCollection or RuleCollectionGroup and paste it into the new ARM/Bicep/Terraform template (respectively).
    • They all use a similar syntax to a JSON template.

    So, if your intention is to store and reuse the code - I'd suggest you to keep it as JSON only.

    Hope this helps.

    Cheers,

    Kapil

    0 comments No comments