Share via


az network firewall

Note

This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall command. Learn more about extensions.

Manage and configure Azure Firewalls.

Commands

Name Description Type Status
az network firewall application-rule

Manage and configure Azure Firewall application rules.

Extension GA
az network firewall application-rule collection

Manage and configure Azure Firewall application rule collections.

Extension GA
az network firewall application-rule collection delete

Delete an Azure Firewall application rule collection.

Extension GA
az network firewall application-rule collection list

List Azure Firewall application rule collections.

Extension GA
az network firewall application-rule collection show

Get the details of an Azure Firewall application rule collection.

Extension GA
az network firewall application-rule create

Create an Azure Firewall application rule.

Extension GA
az network firewall application-rule delete

Delete an Azure Firewall application rule.

Extension GA
az network firewall application-rule list

List Azure Firewall application rules.

Extension GA
az network firewall application-rule show

Get the details of an Azure Firewall application rule.

Extension GA
az network firewall create

Create an Azure Firewall.

Extension GA
az network firewall delete

Delete an Azure Firewall.

Extension GA
az network firewall ip-config

Manage and configure Azure Firewall IP configurations.

Extension GA
az network firewall ip-config create

Create an Azure Firewall IP configuration.

Extension GA
az network firewall ip-config delete

Delete an Azure Firewall IP configuration.

Extension GA
az network firewall ip-config list

List Azure Firewall IP configurations.

Extension GA
az network firewall ip-config show

Get the details of an Azure Firewall IP configuration.

Extension GA
az network firewall learned-ip-prefix

Retrieves a list of all IP prefixes that azure firewall has learned to not SNAT.

Extension Preview
az network firewall list

List Azure Firewalls.

Extension GA
az network firewall list-fqdn-tags

Gets all the Azure Firewall FQDN Tags in a subscription.

Extension GA
az network firewall management-ip-config

Manage and configure Azure Firewall Management IP configurations.

Extension Preview
az network firewall management-ip-config show

Get the details of an Azure Firewall Management IP configuration.

Extension Preview
az network firewall management-ip-config update

Update an Azure Firewall Management IP configuration.

Extension Preview
az network firewall nat-rule

Manage and configure Azure Firewall NAT rules.

Extension GA
az network firewall nat-rule collection

Manage and configure Azure Firewall NAT rules.

Extension GA
az network firewall nat-rule collection delete

Delete an Azure Firewall NAT rule collection.

Extension GA
az network firewall nat-rule collection list

List Azure Firewall NAT rule collections.

Extension GA
az network firewall nat-rule collection show

Get the details of an Azure Firewall NAT rule collection.

Extension GA
az network firewall nat-rule create

Create an Azure Firewall NAT rule.

Extension GA
az network firewall nat-rule delete

Delete an Azure Firewall NAT rule.

Extension GA
az network firewall nat-rule list

List Azure Firewall NAT rules.

Extension GA
az network firewall nat-rule show

Get the details of an Azure Firewall NAT rule.

Extension GA
az network firewall network-rule

Manage and configure Azure Firewall network rules.

Extension GA
az network firewall network-rule collection

Manage and configure Azure Firewall network rule collections.

Extension GA
az network firewall network-rule collection delete

Delete an Azure Firewall network rule collection.

Extension GA
az network firewall network-rule collection list

List Azure Firewall network rule collections.

Extension GA
az network firewall network-rule collection show

Get the details of an Azure Firewall network rule collection.

Extension GA
az network firewall network-rule create

Create an Azure Firewall network rule.

Extension GA
az network firewall network-rule delete

Delete an Azure Firewall network rule. If you want to delete the last rule in a collection, please delete the collection instead.

Extension GA
az network firewall network-rule list

List Azure Firewall network rules.

Extension GA
az network firewall network-rule show

Get the details of an Azure Firewall network rule.

Extension GA
az network firewall policy

Manage and configure Azure firewall policy.

Extension GA
az network firewall policy create

Create an Azure firewall policy.

Extension GA
az network firewall policy delete

Delete an Azure firewall policy.

Extension GA
az network firewall policy deploy

Deploys the firewall policy draft and child rule collection group drafts.

Extension Preview
az network firewall policy draft

Manage and configure Azure firewall policy draft,.

Extension GA
az network firewall policy draft create

Create a draft Firewall Policy.

Extension Preview
az network firewall policy draft delete

Delete a draft policy.

Extension GA
az network firewall policy draft intrusion-detection

Manage intrusion signature rules and bypass rules.

Extension GA
az network firewall policy draft intrusion-detection add

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft intrusion-detection list

List all intrusion detection configuration.

Extension Preview
az network firewall policy draft intrusion-detection remove

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft rule-collection-group Extension GA
az network firewall policy draft rule-collection-group wait

Place the CLI in a waiting state until a condition is met.

Extension GA
az network firewall policy draft show

Get a draft Firewall Policy.

Extension Preview
az network firewall policy draft update

Update a draft Firewall Policy.

Extension Preview
az network firewall policy draft wait

Place the CLI in a waiting state until a condition is met.

Extension GA
az network firewall policy intrusion-detection

Manage intrusion signature rules and bypass rules.

Extension GA
az network firewall policy intrusion-detection add

Update an Azure firewall policy.

Extension GA
az network firewall policy intrusion-detection list

List all intrusion detection configuration.

Extension GA
az network firewall policy intrusion-detection remove

Update an Azure firewall policy.

Extension GA
az network firewall policy list

List all Azure firewall policies.

Extension GA
az network firewall policy rule-collection-group

Manage and configure Azure firewall policy rule collection group.

Extension GA
az network firewall policy rule-collection-group collection

Manage and configure Azure firewall policy rule collections in the rule collection group.

Extension GA
az network firewall policy rule-collection-group collection add-filter-collection

Add a filter collection into an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group collection add-nat-collection

Add a NAT collection into an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group collection list

List all rule collections of an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group collection remove

Remove a rule collection from an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group collection rule

Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy.

Extension GA
az network firewall policy rule-collection-group collection rule add

Add a rule into an Azure firewall policy rule collection.

Extension Preview
az network firewall policy rule-collection-group collection rule remove

Remove a rule from an Azure firewall policy rule collection.

Extension Preview
az network firewall policy rule-collection-group collection rule update

Update a rule of an Azure firewall policy rule collection.

Extension Preview
az network firewall policy rule-collection-group create

Create an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group delete

Delete an Azure Firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group draft

Manage and configure Azure firewall policy rule-collection-group draft.

Extension GA
az network firewall policy rule-collection-group draft collection

Manage and configure Azure firewall policy rule collections in the rule collection group draft.

Extension GA
az network firewall policy rule-collection-group draft collection add-filter-collection

Add a filter collection into an Azure firewall policy rule collection group draft.

Extension Preview
az network firewall policy rule-collection-group draft collection add-nat-collection

Add a NAT collection into an Azure firewall policy rule collection group draft.

Extension Preview
az network firewall policy rule-collection-group draft collection list

List all rule collections of an Azure firewall policy rule collection group draft.

Extension Preview
az network firewall policy rule-collection-group draft collection remove

Remove a rule collection from an Azure firewall policy rule collection group draft.

Extension Preview
az network firewall policy rule-collection-group draft collection rule

Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy.

Extension GA
az network firewall policy rule-collection-group draft collection rule add

Add a rule into an Azure firewall policy draft rule collection.

Extension Preview
az network firewall policy rule-collection-group draft collection rule remove

Remove a rule from an Azure firewall policy rule collection draft.

Extension Preview
az network firewall policy rule-collection-group draft collection rule update

Update a rule of an Azure firewall policy rule collection.

Extension Preview
az network firewall policy rule-collection-group draft create

Create an Azure firewall policy rule collection group draft.

Extension Preview
az network firewall policy rule-collection-group draft delete

Delete Rule Collection Group Draft.

Extension Preview
az network firewall policy rule-collection-group draft show

Get Rule Collection Group Draft.

Extension Preview
az network firewall policy rule-collection-group draft update

Update an Azure firewall policy rule collection group.

Extension GA
az network firewall policy rule-collection-group list

List all Azure firewall policy rule collection groups.

Extension Preview
az network firewall policy rule-collection-group show

Show an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group update

Update an Azure firewall policy rule collection group.

Extension Preview
az network firewall policy rule-collection-group wait

Place the CLI in a waiting state until a condition is met.

Extension GA
az network firewall policy show

Show an Azure firewall policy.

Extension GA
az network firewall policy update

Update an Azure firewall policy.

Extension GA
az network firewall policy wait

Place the CLI in a waiting state until a condition is met.

Extension GA
az network firewall show

Get the details of an Azure Firewall.

Extension GA
az network firewall threat-intel-allowlist

Manage and configure Azure Firewall Threat Intelligence Allow List.

Extension GA
az network firewall threat-intel-allowlist create

Create an Azure Firewall Threat Intelligence Allow List.

Extension GA
az network firewall threat-intel-allowlist delete

Delete an Azure Firewall Threat Intelligence Allow List.

Extension GA
az network firewall threat-intel-allowlist show

Get the details of an Azure Firewall Threat Intelligence Allow List.

Extension GA
az network firewall threat-intel-allowlist update

Update Azure Firewall Threat Intelligence Allow List.

Extension GA
az network firewall update

Update an Azure Firewall.

Extension GA
az network firewall wait

Place the CLI in a waiting state until a condition is met.

Extension GA

az network firewall create

Create an Azure Firewall.

az network firewall create --name
                           --resource-group
                           [--allow-active-ftp {0, 1, f, false, n, no, t, true, y, yes}]
                           [--conf-name]
                           [--count]
                           [--dns-servers]
                           [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-explicit-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-fat-flow-logging {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-pac-file {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-udp-log-optimization {0, 1, f, false, n, no, t, true, y, yes}]
                           [--firewall-policy]
                           [--http-port]
                           [--https-port {0, 1, f, false, n, no, t, true, y, yes}]
                           [--location]
                           [--m-conf-name]
                           [--m-public-ip]
                           [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                           [--pac-file]
                           [--pac-file-port]
                           [--private-ranges]
                           [--public-ip]
                           [--route-server-id]
                           [--sku {AZFW_Hub, AZFW_VNet}]
                           [--tags]
                           [--threat-intel-mode {Alert, Deny, Off}]
                           [--tier {Basic, Premium, Standard}]
                           [--vhub]
                           [--vnet-name]
                           [--zones]

Examples

Create a Azure firewall with private ranges

az network firewall create -g MyResourceGroup -n MyFirewall --private-ranges 10.0.0.0 10.0.0.0/16 IANAPrivateRanges

Create a Virtual WAN Secure Hub Firewall

az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_Hub --tier Standard --virtual-hub MyVirtualHub1 --public-ip-count 1

Create a Basic SKU Firewall with Management IP Configuration

az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_VNet --tier Basic --vnet-name MyVNet --conf-name MyIpConfig --m-conf-name MyManagementIpConfig --m-public-ip MyPublicIp

Create a Basic SKU Firewall with Virtual Hub

az network firewall create -g MyResourceGroup -n MyFirewall --sku AZFW_Hub --tier Basic --vhub MyVHub --public-ip-count 2

Required Parameters

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allow-active-ftp

Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--conf-name

Name of the IP configuration.

--count --public-ip-count

Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-explicit-proxy

When set to true, explicit proxy mode is enabled.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-fat-flow-logging --fat-flow-logging

Allow fat flow logging. By default it is false.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-pac-file

When set to true, pac file port and url needs to be provided.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-udp-log-optimization --udp-log-optimization

Allow UDP log optimization. By default it is false.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--firewall-policy --policy

Name or ID of the firewallPolicy associated with this azure firewall.

--http-port

Port number for explicit proxy http protocol, cannot be greater than 64000.

--https-port

Port number for explicit proxy https protocol, cannot be greater than 64000.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--location -l

Resource location.

--m-conf-name

Name of the management IP configuration.

--m-public-ip

Name or ID of the public IP to use for management IP configuration.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--pac-file

SAS URL for PAC file.

--pac-file-port

Port number for firewall to serve PAC file.

--private-ranges

Space-separated list of SNAT privaterange. Validate values are single Ip, Ipprefixes or a single special value "IANAPrivateRanges". Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--public-ip

Name or ID of the public IP to use.

--route-server-id

The Route Server Id for the firewall.

--sku

SKU of Azure firewall. This field cannot be updated after the creation. The default sku in server end is AZFW_VNet. If you want to attach azure firewall to vhub, you should set sku to AZFW_Hub.

Accepted values: AZFW_Hub, AZFW_VNet
--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
--tier

Tier of an azure firewall. --tier will take effect only when --sku is set.

Accepted values: Basic, Premium, Standard
Default value: Standard
--vhub --virtual-hub

Name or ID of the virtualHub to which the firewall belongs.

--vnet-name

The virtual network (VNet) name. It should contain one subnet called "AzureFirewallSubnet".

--zones -z

Space-separated list of availability zones into which to provision the resource. Allowed values: 1, 2, 3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall delete

Delete an Azure Firewall.

az network firewall delete [--ids]
                           [--name]
                           [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                           [--resource-group]
                           [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Azure Firewall name.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall learned-ip-prefix

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Retrieves a list of all IP prefixes that azure firewall has learned to not SNAT.

az network firewall learned-ip-prefix [--ids]
                                      [--name]
                                      [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                      [--resource-group]
                                      [--subscription]

Examples

List Learned IP Prefixes

az network firewall learned-ip-prefix -g MyResourceGroup -n MyFirewall

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Azure Firewall name.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall list

List Azure Firewalls.

az network firewall list [--max-items]
                         [--next-token]
                         [--resource-group]

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall list-fqdn-tags

Gets all the Azure Firewall FQDN Tags in a subscription.

az network firewall list-fqdn-tags [--max-items]
                                   [--next-token]

Optional Parameters

--max-items

Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.

--next-token

Token to specify where to start paginating. This is the token value from a previously truncated response.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall show

Get the details of an Azure Firewall.

az network firewall show [--ids]
                         [--name]
                         [--resource-group]
                         [--subscription]

Optional Parameters

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall update

Update an Azure Firewall.

az network firewall update [--add]
                           [--allow-active-ftp {0, 1, f, false, n, no, t, true, y, yes}]
                           [--count]
                           [--dns-servers]
                           [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-fat-flow-logging {0, 1, f, false, n, no, t, true, y, yes}]
                           [--enable-udp-log-optimization {0, 1, f, false, n, no, t, true, y, yes}]
                           [--firewall-policy]
                           [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                           [--ids]
                           [--name]
                           [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                           [--private-ranges]
                           [--public-ips]
                           [--remove]
                           [--resource-group]
                           [--route-server-id]
                           [--set]
                           [--subscription]
                           [--tags]
                           [--threat-intel-mode {Alert, Deny, Off}]
                           [--vhub]
                           [--zones]

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--allow-active-ftp

Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--count --public-ip-count

Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--enable-dns-proxy

Enable DNS Proxy.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-fat-flow-logging --fat-flow-logging

Allow fat flow logging. By default it is false.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--enable-udp-log-optimization --udp-log-optimization

Allow UDP log optimization. By default it is false.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--firewall-policy --policy

Name or ID of the firewallPolicy associated with this azure firewall.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--name -n

Azure Firewall name.

--no-wait

Do not wait for the long-running operation to finish.

Accepted values: 0, 1, f, false, n, no, t, true, y, yes
--private-ranges

Space-separated list of SNAT private ranges. Valid values are single IP, IP prefixes or a single special value "IANAPrivateRanges". Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--public-ips

Space-separated list of Public IP addresses associated with azure firewall. It's used to delete public ip addresses from this firewall. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--route-server-id

The Route Server Id for the firewall.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--tags

Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Accepted values: Alert, Deny, Off
--vhub --virtual-hub

Name or ID of the virtualHub to which the firewall belongs.

--zones -z

Space-separated list of availability zones into which to provision the resource. Allowed values: 1, 2, 3. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az network firewall wait

Place the CLI in a waiting state until a condition is met.

az network firewall wait [--created]
                         [--custom]
                         [--deleted]
                         [--exists]
                         [--ids]
                         [--interval]
                         [--name]
                         [--resource-group]
                         [--subscription]
                         [--timeout]
                         [--updated]

Optional Parameters

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Default value: False
--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

--deleted

Wait until deleted.

Default value: False
--exists

Wait until the resource exists.

Default value: False
--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

--interval

Polling interval in seconds.

Default value: 30
--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--timeout

Maximum wait in seconds.

Default value: 3600
--updated

Wait until updated with provisioningState at 'Succeeded'.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.