Firewall Policy Drafts - Create Or Update

Referencia

Servicio:: Virtual Networks

Versión de la API:: 2024-05-01

Cree o actualice un borrador de directiva de firewall.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default?api-version=2024-05-01

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
firewallPolicyName	path	True	string pattern: ^[^_\W][\w-._]{0,79}(?	Nombre de la directiva de firewall.
resourceGroupName	path	True	string	Nombre del grupo de recursos.
subscriptionId	path	True	string	Credenciales de suscripción que identifican de forma única la suscripción de Microsoft Azure. El identificador de suscripción forma parte del URI de cada llamada de servicio.
api-version	query	True	string	Versión de la API de cliente.

Cuerpo de la solicitud

Nombre	Tipo	Description
id	string	Identificador de recurso.
location	string	Ubicación del recurso.
properties.basePolicy	SubResource	Directiva de firewall primaria de la que se heredan las reglas.
properties.dnsSettings	DnsSettings	Definición de configuración del proxy DNS.
properties.explicitProxy	ExplicitProxy	Definición de configuración de proxy explícita.
properties.insights	FirewallPolicyInsights	Información sobre la directiva de firewall.
properties.intrusionDetection	FirewallPolicyIntrusionDetection	Configuración para la detección de intrusiones.
properties.snat	FirewallPolicySNAT	Las direcciones IP privadas o los intervalos IP a los que el tráfico no será SNAT.
properties.sql	FirewallPolicySQL	Definición de configuración de SQL.
properties.threatIntelMode	AzureFirewallThreatIntelMode	Modo de operación para inteligencia sobre amenazas.
properties.threatIntelWhitelist	FirewallPolicyThreatIntelWhitelist	Lista de permitidos de ThreatIntel para la directiva de firewall.
tags	object	Etiquetas de recursos.

Respuestas

Nombre	Tipo	Description
200 OK	FirewallPolicyDraft	De acuerdo
201 Created	FirewallPolicyDraft	Creado
Other Status Codes	CloudError	Respuesta de error que describe por qué se produjo un error en la operación.

Seguridad

azure_auth

Flujo de OAuth2 de Azure Active Directory.

Tipo: oauth2
Flujo: implicit
Dirección URL de autorización: https://login.microsoftonline.com/common/oauth2/authorize

Ámbitos

Nombre	Description
user_impersonation	suplantar la cuenta de usuario

Ejemplos

create or update firewall policy draft

Solicitud de ejemplo

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/firewallPolicyDrafts/default?api-version=2024-05-01

{
  "properties": {
    "threatIntelMode": "Alert",
    "threatIntelWhitelist": {
      "ipAddresses": [
        "20.3.4.5"
      ],
      "fqdns": [
        "*.microsoft.com"
      ]
    },
    "insights": {
      "isEnabled": true,
      "retentionDays": 100,
      "logAnalyticsResources": {
        "workspaces": [
          {
            "region": "westus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
            }
          },
          {
            "region": "eastus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
            }
          }
        ],
        "defaultWorkspaceId": {
          "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
        }
      }
    },
    "snat": {
      "privateRanges": [
        "IANAPrivateRanges"
      ]
    },
    "sql": {
      "allowSqlRedirect": true
    },
    "dnsSettings": {
      "servers": [
        "30.3.4.5"
      ],
      "enableProxy": true,
      "requireProxyForNetworkRules": false
    },
    "explicitProxy": {
      "enableExplicitProxy": true,
      "httpPort": 8087,
      "httpsPort": 8087,
      "enablePacFile": true,
      "pacFilePort": 8087,
      "pacFile": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"
    },
    "intrusionDetection": {
      "mode": "Alert",
      "profile": "Balanced",
      "configuration": {
        "signatureOverrides": [
          {
            "id": "2525004",
            "mode": "Deny"
          }
        ],
        "bypassTrafficSettings": [
          {
            "name": "bypassRule1",
            "description": "Rule 1",
            "protocol": "TCP",
            "sourceAddresses": [
              "1.2.3.4"
            ],
            "destinationAddresses": [
              "5.6.7.8"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    }
  }
}


import com.azure.core.management.SubResource;
import com.azure.resourcemanager.network.fluent.models.FirewallPolicyDraftInner;
import com.azure.resourcemanager.network.models.AzureFirewallThreatIntelMode;
import com.azure.resourcemanager.network.models.DnsSettings;
import com.azure.resourcemanager.network.models.ExplicitProxy;
import com.azure.resourcemanager.network.models.FirewallPolicyInsights;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetection;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionConfiguration;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionProfileType;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionProtocol;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionSignatureSpecification;
import com.azure.resourcemanager.network.models.FirewallPolicyIntrusionDetectionStateType;
import com.azure.resourcemanager.network.models.FirewallPolicyLogAnalyticsResources;
import com.azure.resourcemanager.network.models.FirewallPolicyLogAnalyticsWorkspace;
import com.azure.resourcemanager.network.models.FirewallPolicySnat;
import com.azure.resourcemanager.network.models.FirewallPolicySql;
import com.azure.resourcemanager.network.models.FirewallPolicyThreatIntelWhitelist;
import java.util.Arrays;

/**
 * Samples for FirewallPolicyDrafts CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file:
     * specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/FirewallPolicyDraftPut.json
     */
    /**
     * Sample code: create or update firewall policy draft.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createOrUpdateFirewallPolicyDraft(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyDrafts().createOrUpdateWithResponse("rg1",
            "firewallPolicy",
            new FirewallPolicyDraftInner().withThreatIntelMode(AzureFirewallThreatIntelMode.ALERT)
                .withThreatIntelWhitelist(new FirewallPolicyThreatIntelWhitelist()
                    .withIpAddresses(Arrays.asList("20.3.4.5")).withFqdns(Arrays.asList("*.microsoft.com")))
                .withInsights(new FirewallPolicyInsights().withIsEnabled(true).withRetentionDays(100)
                    .withLogAnalyticsResources(new FirewallPolicyLogAnalyticsResources()
                        .withWorkspaces(Arrays.asList(new FirewallPolicyLogAnalyticsWorkspace().withRegion("westus")
                            .withWorkspaceId(new SubResource().withId(
                                "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1")),
                            new FirewallPolicyLogAnalyticsWorkspace().withRegion("eastus")
                                .withWorkspaceId(new SubResource().withId(
                                    "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"))))
                        .withDefaultWorkspaceId(new SubResource().withId(
                            "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"))))
                .withSnat(new FirewallPolicySnat().withPrivateRanges(Arrays.asList("IANAPrivateRanges")))
                .withSql(new FirewallPolicySql().withAllowSqlRedirect(true))
                .withDnsSettings(new DnsSettings().withServers(Arrays.asList("30.3.4.5")).withEnableProxy(true)
                    .withRequireProxyForNetworkRules(false))
                .withExplicitProxy(new ExplicitProxy().withEnableExplicitProxy(true).withHttpPort(8087)
                    .withHttpsPort(8087).withEnablePacFile(true).withPacFilePort(8087).withPacFile(
                        "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"))
                .withIntrusionDetection(
                    new FirewallPolicyIntrusionDetection().withMode(FirewallPolicyIntrusionDetectionStateType.ALERT)
                        .withProfile(FirewallPolicyIntrusionDetectionProfileType.fromString("Balanced"))
                        .withConfiguration(new FirewallPolicyIntrusionDetectionConfiguration()
                            .withSignatureOverrides(
                                Arrays.asList(new FirewallPolicyIntrusionDetectionSignatureSpecification()
                                    .withId("2525004").withMode(FirewallPolicyIntrusionDetectionStateType.DENY)))
                            .withBypassTrafficSettings(
                                Arrays.asList(new FirewallPolicyIntrusionDetectionBypassTrafficSpecifications()
                                    .withName("bypassRule1").withDescription("Rule 1")
                                    .withProtocol(FirewallPolicyIntrusionDetectionProtocol.TCP)
                                    .withSourceAddresses(Arrays.asList("1.2.3.4"))
                                    .withDestinationAddresses(Arrays.asList("5.6.7.8"))
                                    .withDestinationPorts(Arrays.asList("*")))))),
            com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_draft_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.firewall_policy_drafts.create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        parameters={
            "properties": {
                "dnsSettings": {"enableProxy": True, "requireProxyForNetworkRules": False, "servers": ["30.3.4.5"]},
                "explicitProxy": {
                    "enableExplicitProxy": True,
                    "enablePacFile": True,
                    "httpPort": 8087,
                    "httpsPort": 8087,
                    "pacFile": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
                    "pacFilePort": 8087,
                },
                "insights": {
                    "isEnabled": True,
                    "logAnalyticsResources": {
                        "defaultWorkspaceId": {
                            "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
                        },
                        "workspaces": [
                            {
                                "region": "westus",
                                "workspaceId": {
                                    "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
                                },
                            },
                            {
                                "region": "eastus",
                                "workspaceId": {
                                    "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
                                },
                            },
                        ],
                    },
                    "retentionDays": 100,
                },
                "intrusionDetection": {
                    "configuration": {
                        "bypassTrafficSettings": [
                            {
                                "description": "Rule 1",
                                "destinationAddresses": ["5.6.7.8"],
                                "destinationPorts": ["*"],
                                "name": "bypassRule1",
                                "protocol": "TCP",
                                "sourceAddresses": ["1.2.3.4"],
                            }
                        ],
                        "signatureOverrides": [{"id": "2525004", "mode": "Deny"}],
                    },
                    "mode": "Alert",
                    "profile": "Balanced",
                },
                "snat": {"privateRanges": ["IANAPrivateRanges"]},
                "sql": {"allowSqlRedirect": True},
                "threatIntelMode": "Alert",
                "threatIntelWhitelist": {"fqdns": ["*.microsoft.com"], "ipAddresses": ["20.3.4.5"]},
            }
        },
    )
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/FirewallPolicyDraftPut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v6"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/ab04533261eff228f28e08900445d0edef3eb70c/specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/FirewallPolicyDraftPut.json
func ExampleFirewallPolicyDraftsClient_CreateOrUpdate() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewFirewallPolicyDraftsClient().CreateOrUpdate(ctx, "rg1", "firewallPolicy", armnetwork.FirewallPolicyDraft{
		Properties: &armnetwork.FirewallPolicyDraftProperties{
			DNSSettings: &armnetwork.DNSSettings{
				EnableProxy:                 to.Ptr(true),
				RequireProxyForNetworkRules: to.Ptr(false),
				Servers: []*string{
					to.Ptr("30.3.4.5")},
			},
			ExplicitProxy: &armnetwork.ExplicitProxySettings{
				EnableExplicitProxy: to.Ptr(true),
				EnablePacFile:       to.Ptr(true),
				HTTPPort:            to.Ptr[int32](8087),
				HTTPSPort:           to.Ptr[int32](8087),
				PacFile:             to.Ptr("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
				PacFilePort:         to.Ptr[int32](8087),
			},
			Insights: &armnetwork.FirewallPolicyInsights{
				IsEnabled: to.Ptr(true),
				LogAnalyticsResources: &armnetwork.FirewallPolicyLogAnalyticsResources{
					DefaultWorkspaceID: &armnetwork.SubResource{
						ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
					},
					Workspaces: []*armnetwork.FirewallPolicyLogAnalyticsWorkspace{
						{
							Region: to.Ptr("westus"),
							WorkspaceID: &armnetwork.SubResource{
								ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
							},
						},
						{
							Region: to.Ptr("eastus"),
							WorkspaceID: &armnetwork.SubResource{
								ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
							},
						}},
				},
				RetentionDays: to.Ptr[int32](100),
			},
			IntrusionDetection: &armnetwork.FirewallPolicyIntrusionDetection{
				Configuration: &armnetwork.FirewallPolicyIntrusionDetectionConfiguration{
					BypassTrafficSettings: []*armnetwork.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications{
						{
							Name:        to.Ptr("bypassRule1"),
							Description: to.Ptr("Rule 1"),
							DestinationAddresses: []*string{
								to.Ptr("5.6.7.8")},
							DestinationPorts: []*string{
								to.Ptr("*")},
							SourceAddresses: []*string{
								to.Ptr("1.2.3.4")},
							Protocol: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionProtocolTCP),
						}},
					SignatureOverrides: []*armnetwork.FirewallPolicyIntrusionDetectionSignatureSpecification{
						{
							ID:   to.Ptr("2525004"),
							Mode: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionStateTypeDeny),
						}},
				},
				Mode:    to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionStateTypeAlert),
				Profile: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionProfileType("Balanced")),
			},
			Snat: &armnetwork.FirewallPolicySNAT{
				PrivateRanges: []*string{
					to.Ptr("IANAPrivateRanges")},
			},
			SQL: &armnetwork.FirewallPolicySQL{
				AllowSQLRedirect: to.Ptr(true),
			},
			ThreatIntelMode: to.Ptr(armnetwork.AzureFirewallThreatIntelModeAlert),
			ThreatIntelWhitelist: &armnetwork.FirewallPolicyThreatIntelWhitelist{
				Fqdns: []*string{
					to.Ptr("*.microsoft.com")},
				IPAddresses: []*string{
					to.Ptr("20.3.4.5")},
			},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyDraft = armnetwork.FirewallPolicyDraft{
	// 	Name: to.Ptr("firewallPolicy"),
	// 	Type: to.Ptr("Microsoft.Network/firewallPolicies"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy"),
	// 	Properties: &armnetwork.FirewallPolicyDraftProperties{
	// 		DNSSettings: &armnetwork.DNSSettings{
	// 			EnableProxy: to.Ptr(true),
	// 			RequireProxyForNetworkRules: to.Ptr(false),
	// 			Servers: []*string{
	// 				to.Ptr("30.3.4.5")},
	// 			},
	// 			ExplicitProxy: &armnetwork.ExplicitProxySettings{
	// 				EnableExplicitProxy: to.Ptr(true),
	// 				EnablePacFile: to.Ptr(true),
	// 				HTTPPort: to.Ptr[int32](8087),
	// 				HTTPSPort: to.Ptr[int32](8087),
	// 				PacFile: to.Ptr("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
	// 				PacFilePort: to.Ptr[int32](8087),
	// 			},
	// 			Insights: &armnetwork.FirewallPolicyInsights{
	// 				IsEnabled: to.Ptr(true),
	// 				LogAnalyticsResources: &armnetwork.FirewallPolicyLogAnalyticsResources{
	// 					DefaultWorkspaceID: &armnetwork.SubResource{
	// 						ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
	// 					},
	// 					Workspaces: []*armnetwork.FirewallPolicyLogAnalyticsWorkspace{
	// 						{
	// 							Region: to.Ptr("westus"),
	// 							WorkspaceID: &armnetwork.SubResource{
	// 								ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
	// 							},
	// 						},
	// 						{
	// 							Region: to.Ptr("eastus"),
	// 							WorkspaceID: &armnetwork.SubResource{
	// 								ID: to.Ptr("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
	// 							},
	// 					}},
	// 				},
	// 				RetentionDays: to.Ptr[int32](100),
	// 			},
	// 			IntrusionDetection: &armnetwork.FirewallPolicyIntrusionDetection{
	// 				Configuration: &armnetwork.FirewallPolicyIntrusionDetectionConfiguration{
	// 					BypassTrafficSettings: []*armnetwork.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications{
	// 						{
	// 							Name: to.Ptr("bypassRule1"),
	// 							Description: to.Ptr("Rule 1"),
	// 							DestinationAddresses: []*string{
	// 								to.Ptr("5.6.7.8")},
	// 								DestinationPorts: []*string{
	// 									to.Ptr("*")},
	// 									SourceAddresses: []*string{
	// 										to.Ptr("1.2.3.4")},
	// 										Protocol: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionProtocolTCP),
	// 								}},
	// 								SignatureOverrides: []*armnetwork.FirewallPolicyIntrusionDetectionSignatureSpecification{
	// 									{
	// 										ID: to.Ptr("2525004"),
	// 										Mode: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionStateTypeDeny),
	// 								}},
	// 							},
	// 							Mode: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionStateTypeAlert),
	// 							Profile: to.Ptr(armnetwork.FirewallPolicyIntrusionDetectionProfileType("Balanced")),
	// 						},
	// 						Snat: &armnetwork.FirewallPolicySNAT{
	// 							PrivateRanges: []*string{
	// 								to.Ptr("IANAPrivateRanges")},
	// 							},
	// 							SQL: &armnetwork.FirewallPolicySQL{
	// 								AllowSQLRedirect: to.Ptr(true),
	// 							},
	// 							ThreatIntelMode: to.Ptr(armnetwork.AzureFirewallThreatIntelModeAlert),
	// 							ThreatIntelWhitelist: &armnetwork.FirewallPolicyThreatIntelWhitelist{
	// 								Fqdns: []*string{
	// 									to.Ptr("*.microsoft.com")},
	// 									IPAddresses: []*string{
	// 										to.Ptr("20.3.4.5")},
	// 									},
	// 								},
	// 							}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Create or update a draft Firewall Policy.
 *
 * @summary Create or update a draft Firewall Policy.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/FirewallPolicyDraftPut.json
 */
async function createOrUpdateFirewallPolicyDraft() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const parameters = {
    dnsSettings: {
      enableProxy: true,
      requireProxyForNetworkRules: false,
      servers: ["30.3.4.5"],
    },
    explicitProxy: {
      enableExplicitProxy: true,
      enablePacFile: true,
      httpPort: 8087,
      httpsPort: 8087,
      pacFile:
        "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
      pacFilePort: 8087,
    },
    insights: {
      isEnabled: true,
      logAnalyticsResources: {
        defaultWorkspaceId: {
          id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
        },
        workspaces: [
          {
            region: "westus",
            workspaceId: {
              id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
            },
          },
          {
            region: "eastus",
            workspaceId: {
              id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
            },
          },
        ],
      },
      retentionDays: 100,
    },
    intrusionDetection: {
      configuration: {
        bypassTrafficSettings: [
          {
            name: "bypassRule1",
            description: "Rule 1",
            destinationAddresses: ["5.6.7.8"],
            destinationPorts: ["*"],
            sourceAddresses: ["1.2.3.4"],
            protocol: "TCP",
          },
        ],
        signatureOverrides: [{ id: "2525004", mode: "Deny" }],
      },
      mode: "Alert",
      profile: "Balanced",
    },
    snat: { privateRanges: ["IANAPrivateRanges"] },
    sql: { allowSqlRedirect: true },
    threatIntelMode: "Alert",
    threatIntelWhitelist: {
      fqdns: ["*.microsoft.com"],
      ipAddresses: ["20.3.4.5"],
    },
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyDrafts.createOrUpdate(
    resourceGroupName,
    firewallPolicyName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Network;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2024-05-01/examples/FirewallPolicyDraftPut.json
// this example is just showing the usage of "FirewallPolicyDrafts_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyDraftResource created on azure
// for more information of creating FirewallPolicyDraftResource, please refer to the document of FirewallPolicyDraftResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
ResourceIdentifier firewallPolicyDraftResourceId = FirewallPolicyDraftResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName);
FirewallPolicyDraftResource firewallPolicyDraft = client.GetFirewallPolicyDraftResource(firewallPolicyDraftResourceId);

// invoke the operation
FirewallPolicyDraftData data = new FirewallPolicyDraftData
{
    ThreatIntelMode = AzureFirewallThreatIntelMode.Alert,
    ThreatIntelWhitelist = new FirewallPolicyThreatIntelWhitelist
    {
        IPAddresses = { "20.3.4.5" },
        Fqdns = { "*.microsoft.com" },
    },
    Insights = new FirewallPolicyInsights
    {
        IsEnabled = true,
        RetentionDays = 100,
        LogAnalyticsResources = new FirewallPolicyLogAnalyticsResources
        {
            Workspaces = {new FirewallPolicyLogAnalyticsWorkspace
            {
            Region = "westus",
            WorkspaceIdId = new ResourceIdentifier("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
            }, new FirewallPolicyLogAnalyticsWorkspace
            {
            Region = "eastus",
            WorkspaceIdId = new ResourceIdentifier("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
            }},
            DefaultWorkspaceIdId = new ResourceIdentifier("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
        },
    },
    Snat = new FirewallPolicySnat
    {
        PrivateRanges = { "IANAPrivateRanges" },
    },
    AllowSqlRedirect = true,
    DnsSettings = new DnsSettings
    {
        Servers = { "30.3.4.5" },
        EnableProxy = true,
        RequireProxyForNetworkRules = false,
    },
    ExplicitProxy = new FirewallPolicyExplicitProxy
    {
        EnableExplicitProxy = true,
        HttpPort = 8087,
        HttpsPort = 8087,
        EnablePacFile = true,
        PacFilePort = 8087,
        PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
    },
    IntrusionDetection = new FirewallPolicyIntrusionDetection
    {
        Mode = FirewallPolicyIntrusionDetectionStateType.Alert,
        Profile = new FirewallPolicyIntrusionDetectionProfileType("Balanced"),
        Configuration = new FirewallPolicyIntrusionDetectionConfiguration
        {
            SignatureOverrides = {new FirewallPolicyIntrusionDetectionSignatureSpecification
            {
            Id = "2525004",
            Mode = FirewallPolicyIntrusionDetectionStateType.Deny,
            }},
            BypassTrafficSettings = {new FirewallPolicyIntrusionDetectionBypassTrafficSpecifications
            {
            Name = "bypassRule1",
            Description = "Rule 1",
            Protocol = FirewallPolicyIntrusionDetectionProtocol.Tcp,
            SourceAddresses = {"1.2.3.4"},
            DestinationAddresses = {"5.6.7.8"},
            DestinationPorts = {"*"},
            }},
        },
    },
};
ArmOperation<FirewallPolicyDraftResource> lro = await firewallPolicyDraft.CreateOrUpdateAsync(WaitUntil.Completed, data);
FirewallPolicyDraftResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyDraftData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Respuesta de muestra

status code:: 200

{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "type": "Microsoft.Network/firewallPolicies",
  "properties": {
    "threatIntelMode": "Alert",
    "threatIntelWhitelist": {
      "ipAddresses": [
        "20.3.4.5"
      ],
      "fqdns": [
        "*.microsoft.com"
      ]
    },
    "insights": {
      "isEnabled": true,
      "retentionDays": 100,
      "logAnalyticsResources": {
        "workspaces": [
          {
            "region": "westus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
            }
          },
          {
            "region": "eastus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
            }
          }
        ],
        "defaultWorkspaceId": {
          "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
        }
      }
    },
    "snat": {
      "privateRanges": [
        "IANAPrivateRanges"
      ]
    },
    "sql": {
      "allowSqlRedirect": true
    },
    "dnsSettings": {
      "servers": [
        "30.3.4.5"
      ],
      "enableProxy": true,
      "requireProxyForNetworkRules": false
    },
    "explicitProxy": {
      "enableExplicitProxy": true,
      "httpPort": 8087,
      "httpsPort": 8087,
      "enablePacFile": true,
      "pacFilePort": 8087,
      "pacFile": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"
    },
    "intrusionDetection": {
      "mode": "Alert",
      "profile": "Balanced",
      "configuration": {
        "signatureOverrides": [
          {
            "id": "2525004",
            "mode": "Deny"
          }
        ],
        "bypassTrafficSettings": [
          {
            "name": "bypassRule1",
            "description": "Rule 1",
            "protocol": "TCP",
            "sourceAddresses": [
              "1.2.3.4"
            ],
            "destinationAddresses": [
              "5.6.7.8"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    }
  }
}

status code:: 201

{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "type": "Microsoft.Network/firewallPolicies",
  "properties": {
    "threatIntelMode": "Alert",
    "threatIntelWhitelist": {
      "ipAddresses": [
        "20.3.4.5"
      ],
      "fqdns": [
        "*.microsoft.com"
      ]
    },
    "insights": {
      "isEnabled": true,
      "retentionDays": 100,
      "logAnalyticsResources": {
        "workspaces": [
          {
            "region": "westus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
            }
          },
          {
            "region": "eastus",
            "workspaceId": {
              "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
            }
          }
        ],
        "defaultWorkspaceId": {
          "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
        }
      }
    },
    "snat": {
      "privateRanges": [
        "IANAPrivateRanges"
      ]
    },
    "sql": {
      "allowSqlRedirect": true
    },
    "dnsSettings": {
      "servers": [
        "30.3.4.5"
      ],
      "enableProxy": true,
      "requireProxyForNetworkRules": false
    },
    "explicitProxy": {
      "enableExplicitProxy": true,
      "httpPort": 8087,
      "httpsPort": 8087,
      "enablePacFile": true,
      "pacFilePort": 8087,
      "pacFile": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"
    },
    "intrusionDetection": {
      "mode": "Alert",
      "profile": "Balanced",
      "configuration": {
        "signatureOverrides": [
          {
            "id": "2525004",
            "mode": "Deny"
          }
        ],
        "bypassTrafficSettings": [
          {
            "name": "bypassRule1",
            "description": "Rule 1",
            "protocol": "TCP",
            "sourceAddresses": [
              "1.2.3.4"
            ],
            "destinationAddresses": [
              "5.6.7.8"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    }
  }
}

Definiciones

Nombre	Description
AutoLearnPrivateRangesMode	Modo de operación para el aprendizaje automático de intervalos privados que no sean SNAT
AzureFirewallThreatIntelMode	Modo de operación para Threat Intel.
CloudError	Respuesta de error del servicio.
CloudErrorBody	Respuesta de error del servicio.
DnsSettings	Configuración del proxy DNS en la directiva de firewall.
ExplicitProxy	Configuración de proxy explícita en la directiva de firewall.
FirewallPolicyDraft	Recurso FirewallPolicy.
FirewallPolicyInsights	Información de directiva de firewall.
FirewallPolicyIntrusionDetection	Configuración del modo y las reglas de detección de intrusiones.
FirewallPolicyIntrusionDetectionBypassTrafficSpecifications	Especificación de tráfico de omisión de detección de intrusiones.
FirewallPolicyIntrusionDetectionConfiguration	Operación para configurar la detección de intrusiones.
FirewallPolicyIntrusionDetectionProfileType	Nombre del perfil de IDPS. Cuando se adjunta a una directiva primaria, el perfil efectivo del firewall es el nombre del perfil de la directiva primaria.
FirewallPolicyIntrusionDetectionProtocol	Protocolo de omisión de reglas.
FirewallPolicyIntrusionDetectionSignatureSpecification	Estados de especificación de firmas de detección de intrusiones.
FirewallPolicyIntrusionDetectionStateType	Estado general de detección de intrusiones. Cuando se adjunta a una directiva primaria, el modo IDPS efectivo del firewall es el modo más estricto de los dos.
FirewallPolicyLogAnalyticsResources	Recursos de Log Analytics para Firewall Policy Insights.
FirewallPolicyLogAnalyticsWorkspace	Área de trabajo de Log Analytics para Firewall Policy Insights.
FirewallPolicySNAT	Las direcciones IP privadas o los intervalos IP a los que el tráfico no será SNAT.
FirewallPolicySQL	Configuración de SQL en directiva de firewall.
FirewallPolicyThreatIntelWhitelist	Lista de permitidos de ThreatIntel para la directiva de firewall.
SubResource	Referencia a otro subrecurso.

AutoLearnPrivateRangesMode

Enumeración

Modo de operación para el aprendizaje automático de intervalos privados que no sean SNAT

Valor	Description
Disabled
Enabled

AzureFirewallThreatIntelMode

Enumeración

Modo de operación para Threat Intel.

Valor	Description
Alert
Deny
Off

CloudError

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
error	CloudErrorBody	Cuerpo del error en la nube.

CloudErrorBody

Object

Respuesta de error del servicio.

Nombre	Tipo	Description
code	string	Identificador del error. Los códigos son invariables y están diseñados para consumirse mediante programación.
details	CloudErrorBody[]	Lista de detalles adicionales sobre el error.
message	string	Mensaje que describe el error, diseñado para ser adecuado para mostrarse en una interfaz de usuario.
target	string	Destino del error concreto. Por ejemplo, el nombre de la propiedad en error.

DnsSettings

Object

Configuración del proxy DNS en la directiva de firewall.

Nombre	Tipo	Description
enableProxy	boolean	Habilite el proxy DNS en firewalls conectados a la directiva de firewall.
requireProxyForNetworkRules	boolean	Los FQDN en reglas de red se admiten cuando se establece en true.
servers	string[]	Lista de servidores DNS personalizados.

ExplicitProxy

Object

Configuración de proxy explícita en la directiva de firewall.

Nombre	Tipo	Description
enableExplicitProxy	boolean	Cuando se establece en true, el modo proxy explícito está habilitado.
enablePacFile	boolean	Cuando se establece en true, se debe proporcionar el puerto de archivo pac y la dirección URL.
httpPort	integer (int32) minimum: 0 maximum: 64000 exclusiveMinimum: False exclusiveMaximum: False	El número de puerto para el protocolo HTTP proxy explícito no puede ser mayor que 64000.
httpsPort	integer (int32) minimum: 0 maximum: 64000 exclusiveMinimum: False exclusiveMaximum: False	El número de puerto para el protocolo https de proxy explícito no puede ser mayor que 64000.
pacFile	string	DIRECCIÓN URL de SAS para el archivo PAC.
pacFilePort	integer (int32) minimum: 0 maximum: 64000 exclusiveMinimum: False exclusiveMaximum: False	Número de puerto para que el firewall sirva el archivo PAC.

FirewallPolicyDraft

Object

Recurso FirewallPolicy.

Nombre	Tipo	Description
id	string	Identificador de recurso.
location	string	Ubicación del recurso.
name	string	Nombre del recurso.
properties.basePolicy	SubResource	Directiva de firewall primaria de la que se heredan las reglas.
properties.dnsSettings	DnsSettings	Definición de configuración del proxy DNS.
properties.explicitProxy	ExplicitProxy	Definición de configuración de proxy explícita.
properties.insights	FirewallPolicyInsights	Información sobre la directiva de firewall.
properties.intrusionDetection	FirewallPolicyIntrusionDetection	Configuración para la detección de intrusiones.
properties.snat	FirewallPolicySNAT	Las direcciones IP privadas o los intervalos IP a los que el tráfico no será SNAT.
properties.sql	FirewallPolicySQL	Definición de configuración de SQL.
properties.threatIntelMode	AzureFirewallThreatIntelMode	Modo de operación para inteligencia sobre amenazas.
properties.threatIntelWhitelist	FirewallPolicyThreatIntelWhitelist	Lista de permitidos de ThreatIntel para la directiva de firewall.
tags	object	Etiquetas de recursos.
type	string	Tipo de recurso.

FirewallPolicyInsights

Object

Información de directiva de firewall.

Nombre	Tipo	Description
isEnabled	boolean	Marca para indicar si la información está habilitada en la directiva.
logAnalyticsResources	FirewallPolicyLogAnalyticsResources	Áreas de trabajo necesarias para configurar Firewall Policy Insights.
retentionDays	integer (int32)	Número de días que la información debe habilitarse en la directiva.

FirewallPolicyIntrusionDetection

Object

Configuración del modo y las reglas de detección de intrusiones.

Nombre	Tipo	Description
configuration	FirewallPolicyIntrusionDetectionConfiguration	Propiedades de configuración de detección de intrusiones.
mode	FirewallPolicyIntrusionDetectionStateType	Estado general de detección de intrusiones. Cuando se adjunta a una directiva primaria, el modo IDPS efectivo del firewall es el modo más estricto de los dos.
profile	FirewallPolicyIntrusionDetectionProfileType	Nombre del perfil de IDPS. Cuando se adjunta a una directiva primaria, el perfil efectivo del firewall es el nombre del perfil de la directiva primaria.

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

Object

Especificación de tráfico de omisión de detección de intrusiones.

Nombre	Tipo	Description
description	string	Descripción de la regla de tráfico de omisión.
destinationAddresses	string[]	Lista de direcciones IP o intervalos de destino para esta regla.
destinationIpGroups	string[]	Lista de ipGroups de destino para esta regla.
destinationPorts	string[]	Lista de puertos o intervalos de destino.
name	string	Nombre de la regla de tráfico de omisión.
protocol	FirewallPolicyIntrusionDetectionProtocol	Protocolo de omisión de reglas.
sourceAddresses	string[]	Lista de direcciones IP de origen o intervalos para esta regla.
sourceIpGroups	string[]	Lista de ipGroups de origen para esta regla.

FirewallPolicyIntrusionDetectionConfiguration

Object

Operación para configurar la detección de intrusiones.

Nombre	Tipo	Description
bypassTrafficSettings	FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]	Lista de reglas para que el tráfico omita.
privateRanges	string[]	Los intervalos de direcciones IP privadas de IDPS se usan para identificar la dirección del tráfico (es decir, entrante, saliente, etc.). De forma predeterminada, solo los intervalos definidos por IANA RFC 1918 se consideran direcciones IP privadas. Para modificar los intervalos predeterminados, especifique los intervalos de direcciones IP privadas con esta propiedad.
signatureOverrides	FirewallPolicyIntrusionDetectionSignatureSpecification[]	Lista de estados de firmas específicos.

FirewallPolicyIntrusionDetectionProfileType

Enumeración

Nombre del perfil de IDPS. Cuando se adjunta a una directiva primaria, el perfil efectivo del firewall es el nombre del perfil de la directiva primaria.

Valor	Description
Advanced
Basic
Extended
Standard

FirewallPolicyIntrusionDetectionProtocol

Enumeración

Protocolo de omisión de reglas.

Valor	Description
ANY
ICMP
TCP
UDP

FirewallPolicyIntrusionDetectionSignatureSpecification

Object

Estados de especificación de firmas de detección de intrusiones.

Nombre	Tipo	Description
id	string	Identificador de firma.
mode	FirewallPolicyIntrusionDetectionStateType	Estado de firma.

FirewallPolicyIntrusionDetectionStateType

Enumeración

Estado general de detección de intrusiones. Cuando se adjunta a una directiva primaria, el modo IDPS efectivo del firewall es el modo más estricto de los dos.

Valor	Description
Alert
Deny
Off

FirewallPolicyLogAnalyticsResources

Object

Recursos de Log Analytics para Firewall Policy Insights.

Nombre	Tipo	Description
defaultWorkspaceId	SubResource	Identificador de área de trabajo predeterminado para Firewall Policy Insights.
workspaces	FirewallPolicyLogAnalyticsWorkspace[]	Lista de áreas de trabajo para Firewall Policy Insights.

FirewallPolicyLogAnalyticsWorkspace

Object

Área de trabajo de Log Analytics para Firewall Policy Insights.

Nombre	Tipo	Description
region	string	Región para configurar el área de trabajo.
workspaceId	SubResource	Identificador del área de trabajo de Firewall Policy Insights.

FirewallPolicySNAT

Object

Las direcciones IP privadas o los intervalos IP a los que el tráfico no será SNAT.

Nombre	Tipo	Description
autoLearnPrivateRanges	AutoLearnPrivateRangesMode	Modo de operación para el aprendizaje automático de intervalos privados que no sean SNAT
privateRanges	string[]	Lista de direcciones IP privadas o intervalos de direcciones IP que no deben ser SNAT.

FirewallPolicySQL

Object

Configuración de SQL en directiva de firewall.

Nombre	Tipo	Description
allowSqlRedirect	boolean	Marca que indica si está habilitado el filtrado de tráfico de redirección de SQL. Activar la marca no requiere ninguna regla mediante el puerto 11000-11999.

FirewallPolicyThreatIntelWhitelist

Object

Lista de permitidos de ThreatIntel para la directiva de firewall.

Nombre	Tipo	Description
fqdns	string[]	Lista de FQDN para la lista blanca threatIntel.
ipAddresses	string[]	Lista de direcciones IP de la lista blanca ThreatIntel.

SubResource

Object

Referencia a otro subrecurso.

Nombre	Tipo	Description
id	string	Identificador de recurso.