az network firewall policy rule-collection-group collection rule
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.61.0 or higher). The extension will automatically install the first time you run an az network firewall policy rule-collection-group collection rule command. Learn more about extensions.
Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy rule-collection-group collection rule add |
Add a rule into an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule remove |
Remove a rule from an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule update |
Update a rule of an Azure firewall policy rule collection. |
Extension | Preview |
az network firewall policy rule-collection-group collection rule add
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Add a rule into an Azure firewall policy rule collection.
az network firewall policy rule-collection-group collection rule add --collection-name
--name
--policy-name
--rcg-name
--resource-group
--rule-type {ApplicationRule, NatRule, NetworkRule}
[--add]
[--description]
[--dest-addr]
[--dest-ipg]
[--destination-fqdns]
[--destination-ports]
[--enable-tls-insp {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdn-tags]
[--http-headers-to-insert]
[--ip-protocols]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--protocols]
[--remove]
[--set]
[--source-addresses]
[--source-ip-groups]
[--target-fqdns]
[--target-urls]
[--translated-address]
[--translated-fqdn]
[--translated-port]
[--web-categories]Required Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The type of rule.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The description of rule.
Space-separated list of destination IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of name or resource id of destination IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable flag to terminate TLS connection for this rule.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of FQDN tags for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of HTTP headers to insert, in NAME=VALUE format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Do not wait for the long-running operation to finish.
Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Space-separated list of source IP ddresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of name or resource id of source IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of FQDNs for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of target urls for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Translated address for this NAT rule collection.
Translated FQDN for this NAT rule collection.
Translated port for this NAT rule collection.
Space-separated list of web categories for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy rule-collection-group collection rule remove
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Remove a rule from an Azure firewall policy rule collection.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
az network firewall policy rule-collection-group collection rule remove --collection-name
--name
--policy-name
--rcg-name
--resource-group
[--add]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--set]Required Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall policy rule-collection-group collection rule update
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a rule of an Azure firewall policy rule collection.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
az network firewall policy rule-collection-group collection rule update --collection-name
--name
--policy-name
--rcg-name
--resource-group
[--add]
[--description]
[--dest-addr]
[--dest-ipg]
[--destination-fqdns]
[--destination-ports]
[--enable-tls-insp {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdn-tags]
[--http-headers-to-insert]
[--ip-protocols]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--protocols]
[--remove]
[--set]
[--source-addresses]
[--source-ip-groups]
[--target-fqdns]
[--target-urls]
[--translated-address]
[--translated-fqdn]
[--translated-port]
[--web-categories]Examples
Update a rule of an Azure firewall policy rule collection.
az network firewall policy rule-collection-group collection rule update -g {rg} --policy-
name {policy} --rule-collection-group-name {rcg} --collection-name {cn} -n {rule_name}
--target-fqdns XXXRequired Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
The description of rule.
Space-separated list of destination IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of name or resource id of destination IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Enable flag to terminate TLS connection for this rule.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of FQDN tags for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of HTTP headers to insert, in NAME=VALUE format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Do not wait for the long-running operation to finish.
Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Space-separated list of source IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of name or resource id of source IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of FQDNs for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of target urls for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Translated address for this NAT rule collection.
Translated FQDN for this NAT rule collection.
Translated port for this NAT rule collection.
Space-separated list of web categories for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
