Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/firewallPolicies/ruleGroups@2020-04-01' = {
parent: resourceSymbolicName
name: 'string'
properties: {
priority: int
rules: [
{
name: 'string'
priority: int
ruleType: 'string'
// For remaining properties, see FirewallPolicyRule objects
}
]
}
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
destinationAddresses: [
'string'
]
fqdnTags: [
'string'
]
protocols: [
{
port: int
protocolType: 'string'
}
]
ruleConditionType: 'ApplicationRuleCondition'
sourceAddresses: [
'string'
]
sourceIpGroups: [
'string'
]
targetFqdns: [
'string'
]
}
For NatRuleCondition, use:
{
destinationAddresses: [
'string'
]
destinationPorts: [
'string'
]
ipProtocols: [
'string'
]
ruleConditionType: 'NatRuleCondition'
sourceAddresses: [
'string'
]
sourceIpGroups: [
'string'
]
}
For NetworkRuleCondition, use:
{
destinationAddresses: [
'string'
]
destinationIpGroups: [
'string'
]
destinationPorts: [
'string'
]
ipProtocols: [
'string'
]
ruleConditionType: 'NetworkRuleCondition'
sourceAddresses: [
'string'
]
sourceIpGroups: [
'string'
]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
action: {
type: 'string'
}
ruleConditions: [
{
description: 'string'
name: 'string'
ruleConditionType: 'string'
// For remaining properties, see FirewallPolicyRuleCondition objects
}
]
ruleType: 'FirewallPolicyFilterRule'
}
For FirewallPolicyNatRule, use:
{
action: {
type: 'string'
}
ruleCondition: {
description: 'string'
name: 'string'
ruleConditionType: 'string'
// For remaining properties, see FirewallPolicyRuleCondition objects
}
ruleType: 'FirewallPolicyNatRule'
translatedAddress: 'string'
translatedPort: 'string'
}
Property Values
Microsoft.Network/firewallPolicies/ruleGroups
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
parent | In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource. For more information, see Child resource outside parent resource. |
Symbolic name for resource of type: firewallPolicies |
properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
ApplicationRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
fqdnTags | List of FQDN Tags for this rule condition. | string[] |
protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
Name | Description | Value |
---|---|---|
action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
Name | Description | Value |
---|---|---|
action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
translatedAddress | The translated address for this NAT rule. | string |
translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'DNAT' |
FirewallPolicyRule
Name | Description | Value |
---|---|---|
name | The name of the rule. | string |
priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
Name | Description | Value |
---|---|---|
description | Description of the rule condition. | string |
name | Name of the rule condition. | string |
ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NatRuleCondition' for type NatRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NatRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
Name | Description | Value |
---|---|---|
port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
Name | Description | Value |
---|---|---|
priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
NatRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NatRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
NetworkRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationIpGroups | List of destination IpGroups for this rule. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
ARM template resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following JSON to your template.
{
"type": "Microsoft.Network/firewallPolicies/ruleGroups",
"apiVersion": "2020-04-01",
"name": "string",
"properties": {
"priority": "int",
"rules": [ {
"name": "string",
"priority": "int",
"ruleType": "string"
// For remaining properties, see FirewallPolicyRule objects
} ]
}
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
"destinationAddresses": [ "string" ],
"fqdnTags": [ "string" ],
"protocols": [
{
"port": "int",
"protocolType": "string"
}
],
"ruleConditionType": "ApplicationRuleCondition",
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ],
"targetFqdns": [ "string" ]
}
For NatRuleCondition, use:
{
"destinationAddresses": [ "string" ],
"destinationPorts": [ "string" ],
"ipProtocols": [ "string" ],
"ruleConditionType": "NatRuleCondition",
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ]
}
For NetworkRuleCondition, use:
{
"destinationAddresses": [ "string" ],
"destinationIpGroups": [ "string" ],
"destinationPorts": [ "string" ],
"ipProtocols": [ "string" ],
"ruleConditionType": "NetworkRuleCondition",
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
"action": {
"type": "string"
},
"ruleConditions": [ {
"description": "string",
"name": "string",
"ruleConditionType": "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
} ],
"ruleType": "FirewallPolicyFilterRule"
}
For FirewallPolicyNatRule, use:
{
"action": {
"type": "string"
},
"ruleCondition": {
"description": "string",
"name": "string",
"ruleConditionType": "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
},
"ruleType": "FirewallPolicyNatRule",
"translatedAddress": "string",
"translatedPort": "string"
}
Property Values
Microsoft.Network/firewallPolicies/ruleGroups
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2020-04-01' |
name | The resource name | string (required) |
properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
type | The resource type | 'Microsoft.Network/firewallPolicies/ruleGroups' |
ApplicationRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
fqdnTags | List of FQDN Tags for this rule condition. | string[] |
protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
Name | Description | Value |
---|---|---|
action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
Name | Description | Value |
---|---|---|
action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
translatedAddress | The translated address for this NAT rule. | string |
translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'DNAT' |
FirewallPolicyRule
Name | Description | Value |
---|---|---|
name | The name of the rule. | string |
priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
Name | Description | Value |
---|---|---|
description | Description of the rule condition. | string |
name | Name of the rule condition. | string |
ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NatRuleCondition' for type NatRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NatRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
Name | Description | Value |
---|---|---|
port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
Name | Description | Value |
---|---|---|
priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
NatRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NatRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
NetworkRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationIpGroups | List of destination IpGroups for this rule. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
Usage Examples
Terraform (AzAPI provider) resource definition
The firewallPolicies/ruleGroups resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/firewallPolicies/ruleGroups resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/firewallPolicies/ruleGroups@2020-04-01"
name = "string"
parent_id = "string"
body = {
properties = {
priority = int
rules = [
{
name = "string"
priority = int
ruleType = "string"
// For remaining properties, see FirewallPolicyRule objects
}
]
}
}
}
FirewallPolicyRuleCondition objects
Set the ruleConditionType property to specify the type of object.
For ApplicationRuleCondition, use:
{
destinationAddresses = [
"string"
]
fqdnTags = [
"string"
]
protocols = [
{
port = int
protocolType = "string"
}
]
ruleConditionType = "ApplicationRuleCondition"
sourceAddresses = [
"string"
]
sourceIpGroups = [
"string"
]
targetFqdns = [
"string"
]
}
For NatRuleCondition, use:
{
destinationAddresses = [
"string"
]
destinationPorts = [
"string"
]
ipProtocols = [
"string"
]
ruleConditionType = "NatRuleCondition"
sourceAddresses = [
"string"
]
sourceIpGroups = [
"string"
]
}
For NetworkRuleCondition, use:
{
destinationAddresses = [
"string"
]
destinationIpGroups = [
"string"
]
destinationPorts = [
"string"
]
ipProtocols = [
"string"
]
ruleConditionType = "NetworkRuleCondition"
sourceAddresses = [
"string"
]
sourceIpGroups = [
"string"
]
}
FirewallPolicyRule objects
Set the ruleType property to specify the type of object.
For FirewallPolicyFilterRule, use:
{
action = {
type = "string"
}
ruleConditions = [
{
description = "string"
name = "string"
ruleConditionType = "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
}
]
ruleType = "FirewallPolicyFilterRule"
}
For FirewallPolicyNatRule, use:
{
action = {
type = "string"
}
ruleCondition = {
description = "string"
name = "string"
ruleConditionType = "string"
// For remaining properties, see FirewallPolicyRuleCondition objects
}
ruleType = "FirewallPolicyNatRule"
translatedAddress = "string"
translatedPort = "string"
}
Property Values
Microsoft.Network/firewallPolicies/ruleGroups
Name | Description | Value |
---|---|---|
name | The resource name | string (required) |
parent_id | The ID of the resource that is the parent for this resource. | ID for resource of type: firewallPolicies |
properties | The properties of the firewall policy rule group. | FirewallPolicyRuleGroupProperties |
type | The resource type | "Microsoft.Network/firewallPolicies/ruleGroups@2020-04-01" |
ApplicationRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
fqdnTags | List of FQDN Tags for this rule condition. | string[] |
protocols | Array of Application Protocols. | FirewallPolicyRuleConditionApplicationProtocol[] |
ruleConditionType | Rule Condition Type. | 'ApplicationRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
targetFqdns | List of FQDNs for this rule condition. | string[] |
FirewallPolicyFilterRule
Name | Description | Value |
---|---|---|
action | The action type of a Filter rule. | FirewallPolicyFilterRuleAction |
ruleConditions | Collection of rule conditions used by a rule. | FirewallPolicyRuleCondition[] |
ruleType | The type of the rule. | 'FirewallPolicyFilterRule' (required) |
FirewallPolicyFilterRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'Allow' 'Deny' |
FirewallPolicyNatRule
Name | Description | Value |
---|---|---|
action | The action type of a Nat rule. | FirewallPolicyNatRuleAction |
ruleCondition | The match conditions for incoming traffic. | FirewallPolicyRuleCondition |
ruleType | The type of the rule. | 'FirewallPolicyNatRule' (required) |
translatedAddress | The translated address for this NAT rule. | string |
translatedPort | The translated port for this NAT rule. | string |
FirewallPolicyNatRuleAction
Name | Description | Value |
---|---|---|
type | The type of action. | 'DNAT' |
FirewallPolicyRule
Name | Description | Value |
---|---|---|
name | The name of the rule. | string |
priority | Priority of the Firewall Policy Rule resource. | int Constraints: Min value = 100 Max value = 65000 |
ruleType | Set to 'FirewallPolicyFilterRule' for type FirewallPolicyFilterRule. Set to 'FirewallPolicyNatRule' for type FirewallPolicyNatRule. | 'FirewallPolicyFilterRule' 'FirewallPolicyNatRule' (required) |
FirewallPolicyRuleCondition
Name | Description | Value |
---|---|---|
description | Description of the rule condition. | string |
name | Name of the rule condition. | string |
ruleConditionType | Set to 'ApplicationRuleCondition' for type ApplicationRuleCondition. Set to 'NatRuleCondition' for type NatRuleCondition. Set to 'NetworkRuleCondition' for type NetworkRuleCondition. | 'ApplicationRuleCondition' 'NatRuleCondition' 'NetworkRuleCondition' (required) |
FirewallPolicyRuleConditionApplicationProtocol
Name | Description | Value |
---|---|---|
port | Port number for the protocol, cannot be greater than 64000. | int Constraints: Min value = 0 Max value = 64000 |
protocolType | Protocol type. | 'Http' 'Https' |
FirewallPolicyRuleGroupProperties
Name | Description | Value |
---|---|---|
priority | Priority of the Firewall Policy Rule Group resource. | int Constraints: Min value = 100 Max value = 65000 |
rules | Group of Firewall Policy rules. | FirewallPolicyRule[] |
NatRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NatRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
NetworkRuleCondition
Name | Description | Value |
---|---|---|
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationIpGroups | List of destination IpGroups for this rule. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleConditionNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
ruleConditionType | Rule Condition Type. | 'NetworkRuleCondition' (required) |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |