az palo-alto cloudngfw firewall
Note
This reference is part of the palo-alto-networks extension for the Azure CLI (version 2.51.0 or higher). The extension will automatically install the first time you run an az palo-alto cloudngfw firewall command. Learn more about extensions.
Manage cloudngfw firewall resource.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az palo-alto cloudngfw firewall create |
Create a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall delete |
Delete a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall list |
List FirewallResource resources by subscription ID. |
Extension | GA |
| az palo-alto cloudngfw firewall save-log-profile |
Save Log Profile for Firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall show |
Get a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall show-log-profile |
Get Log Profile for Firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall show-support-info |
Support info for firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall status |
Manage cloudngfw firewall status resource. |
Extension | GA |
| az palo-alto cloudngfw firewall status default |
Manage cloudngfw firewall status default resource. |
Extension | GA |
| az palo-alto cloudngfw firewall status default show |
Get a FirewallStatusResource. |
Extension | GA |
| az palo-alto cloudngfw firewall status list |
List FirewallStatusResource resources by Firewalls. |
Extension | GA |
| az palo-alto cloudngfw firewall update |
Update a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az palo-alto cloudngfw firewall create
Create a FirewallResource.
az palo-alto cloudngfw firewall create --dns-settings
--firewall-name --name
--marketplace-details
--network-profile
--plan-data
--resource-group
[--associated-rulestack]
[--front-end-settings]
[--identity]
[--is-panorama-managed {FALSE, TRUE}]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--pan-etag]
[--panorama-config]
[--tags]Examples
Create a FirewallResource
az palo-alto cloudngfw firewall create --name MyCloudngfwFirewall -g MyResourceGroup --location eastus --associated-rulestack "{location:eastus,resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/PaloAltoNetworks.Cloudngfw/localRulestacks/MyLocalRulestacks}" --dns-settings "{enable-dns-proxy:DISABLED,enabled-dns-type:CUSTOM}" --is-panorama-managed FALSE --marketplace-details "{marketplace-subscription-status:Subscribed,offer-id:offer-id,publisher-id:publisher-id}" --network-profile "{egress-nat-ip:[],enable-egress-nat:DISABLED,network-type:VNET,public-ips:[{address:10.0.0.0/16,resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/publicIPAddresses/MypublicIP}],vnet-configuration:{ip-of-trust-subnet-for-udr:{address:10.0.0.0/16},trust-subnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/subnet1},un-trust-subnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/subnet1},vnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet}}}" --panorama-config "{config-string:bas64EncodedString}" --plan-data "{billing-cycle:MONTHLY,plan-id:plan-id,usage-type:PAYG}"Required Parameters
DNS settings for Firewall Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Firewall resource name.
Marketplace details Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Network settings Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Billing plan information. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Associated Rulestack Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Frontend settings for Firewall Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
The managed service identities assigned to this resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Resource Arguments |
Panorama Managed: Default is False. Default will be CloudSec managed.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
| Accepted values: | FALSE, TRUE |
The geo-location where the resource lives When not specified, the location of the resource group will be used.
| Property | Value |
|---|---|
| Parameter group: | Resource Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
PanEtag info.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Panorama Configuration Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Properties Arguments |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Resource Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall delete
Delete a FirewallResource.
az palo-alto cloudngfw firewall delete [--firewall-name --name]
[--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete a FirewallResource
az palo-alto cloudngfw firewall delete --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall list
List FirewallResource resources by subscription ID.
az palo-alto cloudngfw firewall list [--max-items]
[--next-token]
[--resource-group]Examples
List FirewallResource resources by subscription ID
az palo-alto cloudngfw firewall list --resource-group MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Token to specify where to start paginating. This is the token value from a previously truncated response.
| Property | Value |
|---|---|
| Parameter group: | Pagination Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall save-log-profile
Save Log Profile for Firewall.
az palo-alto cloudngfw firewall save-log-profile [--application-insights]
[--common-destination]
[--decrypt-destination --decrypt-log-destination]
[--firewall-name --name]
[--ids]
[--log-option {INDIVIDUAL_DESTINATION, SAME_DESTINATION}]
[--log-type {AUDIT, DECRYPTION, DLP, THREAT, TRAFFIC, WILDFIRE}]
[--resource-group]
[--subscription]
[--threat-destination --threat-log-destination]
[--traffic-destination --traffic-log-destination]Examples
Save Log Profile for Firewall
az palo-alto cloudngfw firewall save-log-profile --resource-group MyResourceGroup -n MyCloudngfwFirewall --log-option "SAME_DESTINATION" --log-type "TRAFFIC"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Application Insight details Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
Common destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
Decrypt destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Log option SAME/INDIVIDUAL.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
| Accepted values: | INDIVIDUAL_DESTINATION, SAME_DESTINATION |
One of possible log type.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
| Accepted values: | AUDIT, DECRYPTION, DLP, THREAT, TRAFFIC, WILDFIRE |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Threat destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
Traffic destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | LogSettings Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall show
Get a FirewallResource.
az palo-alto cloudngfw firewall show [--firewall-name --name]
[--ids]
[--resource-group]
[--subscription]Examples
Get a FirewallResource
az palo-alto cloudngfw firewall show --name MyCloudngfwFirewall -g MyResourceGroupOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall show-log-profile
Get Log Profile for Firewall.
az palo-alto cloudngfw firewall show-log-profile [--firewall-name --name]
[--ids]
[--resource-group]
[--subscription]Examples
Get Log Profile for Firewall
az palo-alto cloudngfw firewall show-log-profile --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall show-support-info
Support info for firewall.
az palo-alto cloudngfw firewall show-support-info [--email]
[--firewall-name --name]
[--ids]
[--resource-group]
[--subscription]Examples
Get support info for firewall.
az palo-alto cloudngfw firewall show-support-info --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Email address on behalf of which this API called.
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall update
Update a FirewallResource.
az palo-alto cloudngfw firewall update [--add]
[--firewall-name --name]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--identity]
[--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]Examples
Update a FirewallResource
az palo-alto cloudngfw firewall update --name MyCloudngfwFirewall -g MyResourceGroup --tags "{tagName:value}"Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The managed service identities assigned to this resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Resource Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Resource Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az palo-alto cloudngfw firewall wait
Place the CLI in a waiting state until a condition is met.
az palo-alto cloudngfw firewall wait [--created]
[--custom]
[--deleted]
[--exists]
[--firewall-name --name]
[--ids]
[--interval]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Firewall resource name.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
