question

KaushalendraKumar avatar image
0 Votes"
KaushalendraKumar asked GitaraniSharmaMSFT-4262 answered

"IP Group" azurerm_firewall_policy_rule_collection_group

I have to implement "IP Groups" Azure Firewall Firewall Policy Rule Collection using terraform but I am not able to find any code block which I can refer to create it. May be some one else already did and can share it?

azure-firewall
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @KaushalendraKumar ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

Could you please explain your requirement a bit further? Do you want to add IP groups in your firewall rules using Terraform?

Regards,
Gita

1 Vote 1 ·

Hi @GitaraniSharmaMSFT-4262 Yes. I want to add IP groups in to my firewall policy using terraform.

0 Votes 0 ·

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered

Hello @KaushalendraKumar ,

Thank you for the update.

I understand that you would like to add IP groups in your firewall policy rule collection group using Terraform.

I couldn't find any existing code block to do this using Terraform but if we look into the resource "azurerm_firewall_network_rule_collection", we can see it supports source_ip_groups & destination_ip_groups arguments in the form of IP Group IDs for the rule.

The resource "azurerm_firewall_policy_rule_collection_group" contains the Network/NAT/Application rule collections and that is where you specify the IP groups.

1) Create an Azure IP Group.
Refer : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group

2)Create "azurerm_firewall_policy_rule_collection_group" with Network/NAT/Application rule collections which has reference to the above created IP group by it's resource ID.
Refer : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_network_rule_collection

Example Code Block:

 resource "azurerm_firewall_policy_rule_collection_group" "example" {
   name               = "example-fwpolicy-rcg"
   firewall_policy_id = azurerm_firewall_policy.example.id
   priority           = 500
   network_rule_collection {
     name     = "network_rule_collection1"
     priority = 400
     action   = "Deny"
     rule {
       name                  = "network_rule_collection1_rule1"
       protocols             = ["TCP", "UDP"]
       source_addresses      = []
       destination_addresses = []
       destination_ports     = ["80"]
       source_ip_groups      = ["/subscriptions/xxx/resourceGroups/xxxRG/providers/Microsoft.Network/ipGroups/sipgxxx"]
       destination_ip_groups = ["/subscriptions/xxx/resourceGroups/xxxRG/providers/Microsoft.Network/ipGroups/dipgxxx"]
     }
   }

ARM template reference : https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-create-with-firewallpolicy-ipgroups

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.