az network firewall policy
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall policy command. Learn more about extensions.
Manage and configure Azure firewall policy.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy create |
Create an Azure firewall policy. |
Extension | GA |
| az network firewall policy delete |
Delete an Azure firewall policy. |
Extension | GA |
| az network firewall policy deploy |
Deploys the firewall policy draft and child rule collection group drafts. |
Extension | Preview |
| az network firewall policy draft |
Manage and configure Azure firewall policy draft,. |
Extension | GA |
| az network firewall policy draft create |
Create a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft delete |
Delete a draft policy. |
Extension | GA |
| az network firewall policy draft intrusion-detection |
Manage intrusion signature rules and bypass rules. |
Extension | GA |
| az network firewall policy draft intrusion-detection add |
Update a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft intrusion-detection list |
List all intrusion detection configuration. |
Extension | Preview |
| az network firewall policy draft intrusion-detection remove |
Update a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft rule-collection-group | Extension | GA | |
| az network firewall policy draft rule-collection-group wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
| az network firewall policy draft show |
Get a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft update |
Update a draft Firewall Policy. |
Extension | Preview |
| az network firewall policy draft wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
| az network firewall policy intrusion-detection |
Manage intrusion signature rules and bypass rules. |
Extension | GA |
| az network firewall policy intrusion-detection add |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy intrusion-detection list |
List all intrusion detection configuration. |
Extension | GA |
| az network firewall policy intrusion-detection remove |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy list |
List all Azure firewall policies. |
Extension | GA |
| az network firewall policy rule-collection-group |
Manage and configure Azure firewall policy rule collection group. |
Extension | GA |
| az network firewall policy rule-collection-group collection |
Manage and configure Azure firewall policy rule collections in the rule collection group. |
Extension | GA |
| az network firewall policy rule-collection-group collection add-filter-collection |
Add a filter collection into an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group collection add-nat-collection |
Add a NAT collection into an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group collection list |
List all rule collections of an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group collection remove |
Remove a rule collection from an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule |
Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy. |
Extension | GA |
| az network firewall policy rule-collection-group collection rule add |
Add a rule into an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule remove |
Remove a rule from an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule update |
Update a rule of an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group create |
Create an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group delete |
Delete an Azure Firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group draft |
Manage and configure Azure firewall policy rule-collection-group draft. |
Extension | GA |
| az network firewall policy rule-collection-group draft collection |
Manage and configure Azure firewall policy rule collections in the rule collection group draft. |
Extension | GA |
| az network firewall policy rule-collection-group draft collection add-filter-collection |
Add a filter collection into an Azure firewall policy rule collection group draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection add-nat-collection |
Add a NAT collection into an Azure firewall policy rule collection group draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection list |
List all rule collections of an Azure firewall policy rule collection group draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection remove |
Remove a rule collection from an Azure firewall policy rule collection group draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection rule |
Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy. |
Extension | GA |
| az network firewall policy rule-collection-group draft collection rule add |
Add a rule into an Azure firewall policy draft rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection rule remove |
Remove a rule from an Azure firewall policy rule collection draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft collection rule update |
Update a rule of an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group draft create |
Create an Azure firewall policy rule collection group draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft delete |
Delete Rule Collection Group Draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft show |
Get Rule Collection Group Draft. |
Extension | Preview |
| az network firewall policy rule-collection-group draft update |
Update an Azure firewall policy rule collection group. |
Extension | GA |
| az network firewall policy rule-collection-group list |
List all Azure firewall policy rule collection groups. |
Extension | Preview |
| az network firewall policy rule-collection-group show |
Show an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group update |
Update an Azure firewall policy rule collection group. |
Extension | Preview |
| az network firewall policy rule-collection-group wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
| az network firewall policy show |
Show an Azure firewall policy. |
Extension | GA |
| az network firewall policy update |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az network firewall policy create
Create an Azure firewall policy.
az network firewall policy create --name
--resource-group
[--auto-learn-private-ranges {Disabled, Enabled}]
[--base-policy]
[--cert-name]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--fqdns]
[--identity]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Advanced, Basic, Standard}]
[--ip-addresses]
[--key-vault-secret-id]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--private-ranges]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Required Parameters
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The operation mode for automatically learning private ranges to not be SNAT.
The name or ID of parent firewall policy from which rules are inherited.
Name of the CA certificate.
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable DNS Proxy.
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of the ManagedIdentity Resource.
IDPS mode.
IDPS mode.
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Do not wait for the long-running operation to finish.
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
SKU of Firewall policy.
A flag to indicate if SQL Redirect traffic filtering is enabled.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy delete
Delete an Azure firewall policy.
az network firewall policy delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Firewall Policy.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy deploy
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Deploys the firewall policy draft and child rule collection group drafts.
az network firewall policy deploy [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Firewall Policy.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy list
List all Azure firewall policies.
az network firewall policy list [--max-items]
[--next-token]
[--resource-group]Optional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy show
Show an Azure firewall policy.
az network firewall policy show [--expand]
[--ids]
[--name]
[--resource-group]
[--subscription]Optional Parameters
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the Firewall Policy.
The name of the resource group.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy update
Update an Azure firewall policy.
az network firewall policy update [--add]
[--auto-learn-private-ranges {Disabled, Enabled}]
[--cert-name]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Advanced, Basic, Standard}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--private-ranges]
[--remove]
[--resource-group]
[--set]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The operation mode for automatically learning private ranges to not be SNAT.
Name of the CA certificate.
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable DNS Proxy.
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of the ManagedIdentity Resource.
IDPS mode.
IDPS mode.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
The name of the Firewall Policy.
Do not wait for the long-running operation to finish.
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
SKU of Firewall policy.
A flag to indicate if SQL Redirect traffic filtering is enabled.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy wait
Place the CLI in a waiting state until a condition is met.
az network firewall policy wait [--created]
[--custom]
[--deleted]
[--exists]
[--expand]
[--ids]
[--interval]
[--name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Expands referenced resources. Default value is None.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
