Firewall Policy Rule Collection Groups - Create Or Update

Referencia

Service:: Virtual Networks

API Version:: 2023-09-01

Létrehozza vagy frissíti a megadott FirewallPolicyRuleCollectionGroup objektumot.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}?api-version=2023-09-01

URI-paraméterek

Name	In	Kötelező	Típus	Description
firewallPolicyName	path	True	string	A tűzfalszabályzat neve.
resourceGroupName	path	True	string	Az erőforráscsoport neve.
ruleCollectionGroupName	path	True	string	A FirewallPolicyRuleCollectionGroup neve.
subscriptionId	path	True	string	Az előfizetés hitelesítő adatai, amelyek egyedileg azonosítják a Microsoft Azure-előfizetést. Az előfizetés-azonosító az URI részét képezi minden szolgáltatáshíváshoz.
api-version	query	True	string	Ügyfél API-verziója.

Kérelem törzse

Name	Típus	Description
id	string	Erőforrás-azonosító.
name	string	Az erőforráscsoporton belül egyedi erőforrás neve. Ez a név használható az erőforrás eléréséhez.
properties.priority	integer	A tűzfalszabályzat-gyűjteménycsoport erőforrásának prioritása.
properties.ruleCollections	FirewallPolicyRuleCollection[]: FirewallPolicyNatRuleCollection[] FirewallPolicyFilterRuleCollection[]	Tűzfalszabály-gyűjtemények csoportja.

Válaszok

Name	Típus	Description
200 OK	FirewallPolicyRuleCollectionGroup	A kérés sikeres. A művelet az eredményül kapott FirewallPolicyRuleCollectionGroup erőforrást adja vissza.
201 Created	FirewallPolicyRuleCollectionGroup	A kérelem sikeresen érkezett. A művelet az eredményül kapott FirewallPolicyRuleCollectionGroup erőforrást adja vissza.
Other Status Codes	CloudError	Hibaválasz, amely leírja, hogy a művelet miért hiúsult meg.

Biztonság

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	felhasználói fiók megszemélyesítése

Példák

Create Firewall Policy Nat Rule Collection Group

Create Firewall Policy Rule Collection Group

Create Firewall Policy Rule Collection Group With http header to insert

Create Firewall Policy Rule Collection Group With IP Groups

Create Firewall Policy Rule Collection Group With Web Categories

Create Firewall Policy Nat Rule Collection Group

Sample Request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01

{
  "properties": {
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyNatRuleCollection",
        "priority": 100,
        "name": "Example-Nat-Rule-Collection",
        "action": {
          "type": "DNAT"
        },
        "rules": [
          {
            "ruleType": "NatRule",
            "name": "nat-rule1",
            "translatedFqdn": "internalhttp.server.net",
            "translatedPort": "8080",
            "ipProtocols": [
              "TCP",
              "UDP"
            ],
            "sourceAddresses": [
              "2.2.2.2"
            ],
            "sourceIpGroups": [],
            "destinationAddresses": [
              "152.23.32.23"
            ],
            "destinationPorts": [
              "8080"
            ]
          }
        ]
      }
    ]
  }
}

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_nat_rule_collection_group_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        rule_collection_group_name="ruleCollectionGroup1",
        parameters={
            "properties": {
                "priority": 100,
                "ruleCollections": [
                    {
                        "action": {"type": "DNAT"},
                        "name": "Example-Nat-Rule-Collection",
                        "priority": 100,
                        "ruleCollectionType": "FirewallPolicyNatRuleCollection",
                        "rules": [
                            {
                                "destinationAddresses": ["152.23.32.23"],
                                "destinationPorts": ["8080"],
                                "ipProtocols": ["TCP", "UDP"],
                                "name": "nat-rule1",
                                "ruleType": "NatRule",
                                "sourceAddresses": ["2.2.2.2"],
                                "sourceIpGroups": [],
                                "translatedFqdn": "internalhttp.server.net",
                                "translatedPort": "8080",
                            }
                        ],
                    }
                ],
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyNatRuleCollectionGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
		Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
			Priority: to.Ptr[int32](100),
			RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
				&armnetwork.FirewallPolicyNatRuleCollection{
					Name:               to.Ptr("Example-Nat-Rule-Collection"),
					Priority:           to.Ptr[int32](100),
					RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
					Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
						Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
					},
					Rules: []armnetwork.FirewallPolicyRuleClassification{
						&armnetwork.NatRule{
							Name:     to.Ptr("nat-rule1"),
							RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
							DestinationAddresses: []*string{
								to.Ptr("152.23.32.23")},
							DestinationPorts: []*string{
								to.Ptr("8080")},
							IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
								to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
								to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
							SourceAddresses: []*string{
								to.Ptr("2.2.2.2")},
							SourceIPGroups: []*string{},
							TranslatedFqdn: to.Ptr("internalhttp.server.net"),
							TranslatedPort: to.Ptr("8080"),
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
	// 	Name: to.Ptr("ruleCollectionGroup1"),
	// 	Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
	// 	Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
	// 		Priority: to.Ptr[int32](100),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
	// 			&armnetwork.FirewallPolicyNatRuleCollection{
	// 				Name: to.Ptr("Example-Nat-Rule-Collection"),
	// 				Priority: to.Ptr[int32](100),
	// 				RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
	// 				Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
	// 					Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
	// 				},
	// 				Rules: []armnetwork.FirewallPolicyRuleClassification{
	// 					&armnetwork.NatRule{
	// 						Name: to.Ptr("nat-rule1"),
	// 						RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
	// 						DestinationAddresses: []*string{
	// 							to.Ptr("152.23.32.23")},
	// 							DestinationPorts: []*string{
	// 								to.Ptr("8080")},
	// 								IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
	// 									to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
	// 									to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
	// 									SourceAddresses: []*string{
	// 										to.Ptr("2.2.2.2")},
	// 										SourceIPGroups: []*string{
	// 										},
	// 										TranslatedFqdn: to.Ptr("internalhttp.server.net"),
	// 										TranslatedPort: to.Ptr("8080"),
	// 								}},
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 *
 * @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
 */
async function createFirewallPolicyNatRuleCollectionGroup() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const ruleCollectionGroupName = "ruleCollectionGroup1";
  const parameters = {
    priority: 100,
    ruleCollections: [
      {
        name: "Example-Nat-Rule-Collection",
        action: { type: "DNAT" },
        priority: 100,
        ruleCollectionType: "FirewallPolicyNatRuleCollection",
        rules: [
          {
            name: "nat-rule1",
            destinationAddresses: ["152.23.32.23"],
            destinationPorts: ["8080"],
            ipProtocols: ["TCP", "UDP"],
            ruleType: "NatRule",
            sourceAddresses: ["2.2.2.2"],
            sourceIpGroups: [],
            translatedFqdn: "internalhttp.server.net",
            translatedPort: "8080",
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
    resourceGroupName,
    firewallPolicyName,
    ruleCollectionGroupName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);

// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
    Priority = 100,
    RuleCollections =
    {
    new FirewallPolicyNatRuleCollectionInfo()
    {
    ActionType = FirewallPolicyNatRuleCollectionActionType.Dnat,
    Rules =
    {
    new NatRule()
    {
    IPProtocols =
    {
    FirewallPolicyRuleNetworkProtocol.Tcp,FirewallPolicyRuleNetworkProtocol.Udp
    },
    SourceAddresses =
    {
    "2.2.2.2"
    },
    DestinationAddresses =
    {
    "152.23.32.23"
    },
    DestinationPorts =
    {
    "8080"
    },
    TranslatedPort = "8080",
    SourceIPGroups =
    {
    },
    TranslatedFqdn = "internalhttp.server.net",
    Name = "nat-rule1",
    }
    },
    Name = "Example-Nat-Rule-Collection",
    Priority = 100,
    }
    },
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyNatRuleCollection",
        "name": "Example-Nat-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "DNAT"
        },
        "rules": [
          {
            "ruleType": "NatRule",
            "name": "nat-rule1",
            "translatedFqdn": "internalhttp.server.net",
            "translatedPort": "8080",
            "ipProtocols": [
              "TCP",
              "UDP"
            ],
            "sourceAddresses": [
              "2.2.2.2"
            ],
            "sourceIpGroups": [],
            "destinationAddresses": [
              "152.23.32.23"
            ],
            "destinationPorts": [
              "8080"
            ]
          }
        ]
      }
    ]
  }
}

Status code:: 201

{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyNatRuleCollection",
        "name": "Example-Nat-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "DNAT"
        },
        "rules": [
          {
            "ruleType": "NatRule",
            "name": "nat-rule1",
            "translatedFqdn": "internalhttp.server.net",
            "translatedPort": "8080",
            "ipProtocols": [
              "TCP",
              "UDP"
            ],
            "sourceAddresses": [
              "2.2.2.2"
            ],
            "sourceIpGroups": [],
            "destinationAddresses": [
              "152.23.32.23"
            ],
            "destinationPorts": [
              "8080"
            ]
          }
        ]
      }
    ]
  }
}

Create Firewall Policy Rule Collection Group

Sample Request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01

{
  "properties": {
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}


import com.azure.resourcemanager.network.fluent.models.FirewallPolicyRuleCollectionGroupInner;
import com.azure.resourcemanager.network.models.ApplicationRule;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyHttpHeaderToInsert;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocol;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocolType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleNetworkProtocol;
import com.azure.resourcemanager.network.models.NatRule;
import com.azure.resourcemanager.network.models.NetworkRule;
import java.util.Arrays;

/**
 * Samples for FirewallPolicyRuleCollectionGroups CreateOrUpdate.
 */
public final class Main {
    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * FirewallPolicyRuleCollectionGroupPut.json
     */
    /**
     * Sample code: Create Firewall Policy Rule Collection Group.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createFirewallPolicyRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
            "firewallPolicy", "ruleCollectionGroup1",
            new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
                .withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
                    .withName("Example-Filter-Rule-Collection").withPriority(100)
                    .withAction(new FirewallPolicyFilterRuleCollectionAction()
                        .withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
                    .withRules(Arrays.asList(new NetworkRule().withName("network-rule1")
                        .withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
                        .withSourceAddresses(Arrays.asList("10.1.25.0/24")).withDestinationAddresses(Arrays.asList("*"))
                        .withDestinationPorts(Arrays.asList("*")))))),
            com.azure.core.util.Context.NONE);
    }

    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
     */
    /**
     * Sample code: Create Firewall Policy Rule Collection Group With Web Categories.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        createFirewallPolicyRuleCollectionGroupWithWebCategories(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
            "firewallPolicy", "ruleCollectionGroup1",
            new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
                .withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
                    .withName("Example-Filter-Rule-Collection")
                    .withAction(new FirewallPolicyFilterRuleCollectionAction()
                        .withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
                    .withRules(
                        Arrays.asList(new ApplicationRule().withName("rule1").withDescription("Deny inbound rule")
                            .withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
                            .withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
                                .withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTPS).withPort(443)))
                            .withWebCategories(Arrays.asList("Hacking")))))),
            com.azure.core.util.Context.NONE);
    }

    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * FirewallPolicyNatRuleCollectionGroupPut.json
     */
    /**
     * Sample code: Create Firewall Policy Nat Rule Collection Group.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        createFirewallPolicyNatRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
            "firewallPolicy", "ruleCollectionGroup1",
            new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
                .withRuleCollections(Arrays.asList(new FirewallPolicyNatRuleCollection()
                    .withName("Example-Nat-Rule-Collection").withPriority(100)
                    .withAction(new FirewallPolicyNatRuleCollectionAction()
                        .withType(FirewallPolicyNatRuleCollectionActionType.DNAT))
                    .withRules(Arrays.asList(new NatRule().withName("nat-rule1")
                        .withIpProtocols(
                            Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP, FirewallPolicyRuleNetworkProtocol.UDP))
                        .withSourceAddresses(Arrays.asList("2.2.2.2"))
                        .withDestinationAddresses(Arrays.asList("152.23.32.23"))
                        .withDestinationPorts(Arrays.asList("8080")).withTranslatedPort("8080")
                        .withSourceIpGroups(Arrays.asList()).withTranslatedFqdn("internalhttp.server.net"))))),
            com.azure.core.util.Context.NONE);
    }

    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
     */
    /**
     * Sample code: Create Firewall Policy Rule Collection Group With IP Groups.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void
        createFirewallPolicyRuleCollectionGroupWithIPGroups(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
            "firewallPolicy", "ruleCollectionGroup1",
            new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
                .withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
                    .withName("Example-Filter-Rule-Collection")
                    .withAction(new FirewallPolicyFilterRuleCollectionAction()
                        .withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
                    .withRules(Arrays.asList(new NetworkRule().withName("network-1")
                        .withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
                        .withDestinationPorts(Arrays.asList("*"))
                        .withSourceIpGroups(Arrays.asList(
                            "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"))
                        .withDestinationIpGroups(Arrays.asList(
                            "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")))))),
            com.azure.core.util.Context.NONE);
    }

    /*
     * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
     * FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
     */
    /**
     * Sample code: Create Firewall Policy Rule Collection Group With http header to insert.
     * 
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert(
        com.azure.resourcemanager.AzureResourceManager azure) {
        azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups()
            .createOrUpdate("rg1", "firewallPolicy", "ruleCollectionGroup1",
                new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
                    .withRuleCollections(Arrays
                        .asList(new FirewallPolicyFilterRuleCollection().withName("Example-Filter-Rule-Collection")
                            .withAction(new FirewallPolicyFilterRuleCollectionAction()
                                .withType(FirewallPolicyFilterRuleCollectionActionType.ALLOW))
                            .withRules(Arrays.asList(
                                new ApplicationRule().withName("rule1").withDescription("Insert trusted tenants header")
                                    .withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
                                    .withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
                                        .withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTP).withPort(80)))
                                    .withFqdnTags(Arrays.asList("WindowsVirtualDesktop"))
                                    .withHttpHeadersToInsert(Arrays.asList(new FirewallPolicyHttpHeaderToInsert()
                                        .withHeaderName("Restrict-Access-To-Tenants")
                                        .withHeaderValue("contoso.com,fabrikam.onmicrosoft.com"))))))),
                com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_rule_collection_group_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        rule_collection_group_name="ruleCollectionGroup1",
        parameters={
            "properties": {
                "priority": 100,
                "ruleCollections": [
                    {
                        "action": {"type": "Deny"},
                        "name": "Example-Filter-Rule-Collection",
                        "priority": 100,
                        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
                        "rules": [
                            {
                                "destinationAddresses": ["*"],
                                "destinationPorts": ["*"],
                                "ipProtocols": ["TCP"],
                                "name": "network-rule1",
                                "ruleType": "NetworkRule",
                                "sourceAddresses": ["10.1.25.0/24"],
                            }
                        ],
                    }
                ],
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroup() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
		Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
			Priority: to.Ptr[int32](100),
			RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
				&armnetwork.FirewallPolicyFilterRuleCollection{
					Name:               to.Ptr("Example-Filter-Rule-Collection"),
					Priority:           to.Ptr[int32](100),
					RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
					Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
						Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
					},
					Rules: []armnetwork.FirewallPolicyRuleClassification{
						&armnetwork.Rule{
							Name:     to.Ptr("network-rule1"),
							RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
							DestinationAddresses: []*string{
								to.Ptr("*")},
							DestinationPorts: []*string{
								to.Ptr("*")},
							IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
								to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
							SourceAddresses: []*string{
								to.Ptr("10.1.25.0/24")},
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
	// 	Name: to.Ptr("ruleCollectionGroup1"),
	// 	Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
	// 	Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
	// 		Priority: to.Ptr[int32](100),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
	// 			&armnetwork.FirewallPolicyFilterRuleCollection{
	// 				Name: to.Ptr("Example-Filter-Rule-Collection"),
	// 				Priority: to.Ptr[int32](100),
	// 				RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
	// 				Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
	// 					Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
	// 				},
	// 				Rules: []armnetwork.FirewallPolicyRuleClassification{
	// 					&armnetwork.Rule{
	// 						Name: to.Ptr("network-rule1"),
	// 						RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
	// 						DestinationAddresses: []*string{
	// 							to.Ptr("*")},
	// 							DestinationPorts: []*string{
	// 								to.Ptr("*")},
	// 								IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
	// 									to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
	// 									SourceAddresses: []*string{
	// 										to.Ptr("10.1.25.0/24")},
	// 								}},
	// 						}},
	// 						Size: to.Ptr("1.2MB"),
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 *
 * @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
 */
async function createFirewallPolicyRuleCollectionGroup() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const ruleCollectionGroupName = "ruleCollectionGroup1";
  const parameters = {
    priority: 100,
    ruleCollections: [
      {
        name: "Example-Filter-Rule-Collection",
        action: { type: "Deny" },
        priority: 100,
        ruleCollectionType: "FirewallPolicyFilterRuleCollection",
        rules: [
          {
            name: "network-rule1",
            destinationAddresses: ["*"],
            destinationPorts: ["*"],
            ipProtocols: ["TCP"],
            ruleType: "NetworkRule",
            sourceAddresses: ["10.1.25.0/24"],
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
    resourceGroupName,
    firewallPolicyName,
    ruleCollectionGroupName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);

// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
    Priority = 100,
    RuleCollections =
    {
    new FirewallPolicyFilterRuleCollectionInfo()
    {
    ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
    Rules =
    {
    new NetworkRule()
    {
    IPProtocols =
    {
    FirewallPolicyRuleNetworkProtocol.Tcp
    },
    SourceAddresses =
    {
    "10.1.25.0/24"
    },
    DestinationAddresses =
    {
    "*"
    },
    DestinationPorts =
    {
    "*"
    },
    Name = "network-rule1",
    }
    },
    Name = "Example-Filter-Rule-Collection",
    Priority = 100,
    }
    },
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "size": "1.2MB",
    "provisioningState": "Succeeded",
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}

Status code:: 201

{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "size": "1.2MB",
    "provisioningState": "Succeeded",
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}

Create Firewall Policy Rule Collection Group With http header to insert

Sample Request

PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01

{
  "properties": {
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Allow"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Insert trusted tenants header",
            "protocols": [
              {
                "protocolType": "Http",
                "port": 80
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "fqdnTags": [
              "WindowsVirtualDesktop"
            ],
            "httpHeadersToInsert": [
              {
                "headerName": "Restrict-Access-To-Tenants",
                "headerValue": "contoso.com,fabrikam.onmicrosoft.com"
              }
            ]
          }
        ]
      }
    ]
  }
}

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_rule_collection_group_with_http_headers_to_insert.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
    )

    response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        rule_collection_group_name="ruleCollectionGroup1",
        parameters={
            "properties": {
                "priority": 110,
                "ruleCollections": [
                    {
                        "action": {"type": "Allow"},
                        "name": "Example-Filter-Rule-Collection",
                        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
                        "rules": [
                            {
                                "description": "Insert trusted tenants header",
                                "fqdnTags": ["WindowsVirtualDesktop"],
                                "httpHeadersToInsert": [
                                    {
                                        "headerName": "Restrict-Access-To-Tenants",
                                        "headerValue": "contoso.com,fabrikam.onmicrosoft.com",
                                    }
                                ],
                                "name": "rule1",
                                "protocols": [{"port": 80, "protocolType": "Http"}],
                                "ruleType": "ApplicationRule",
                                "sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
                            }
                        ],
                    }
                ],
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
		Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
			Priority: to.Ptr[int32](110),
			RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
				&armnetwork.FirewallPolicyFilterRuleCollection{
					Name:               to.Ptr("Example-Filter-Rule-Collection"),
					RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
					Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
						Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
					},
					Rules: []armnetwork.FirewallPolicyRuleClassification{
						&armnetwork.ApplicationRule{
							Name:        to.Ptr("rule1"),
							Description: to.Ptr("Insert trusted tenants header"),
							RuleType:    to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
							FqdnTags: []*string{
								to.Ptr("WindowsVirtualDesktop")},
							HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
								{
									HeaderName:  to.Ptr("Restrict-Access-To-Tenants"),
									HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
								}},
							Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
								{
									Port:         to.Ptr[int32](80),
									ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
								}},
							SourceAddresses: []*string{
								to.Ptr("216.58.216.164"),
								to.Ptr("10.0.0.0/24")},
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
	// 	ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
	// 	Name: to.Ptr("ruleCollectionGroup1"),
	// 	Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
	// 	Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
	// 		Priority: to.Ptr[int32](110),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
	// 			&armnetwork.FirewallPolicyFilterRuleCollection{
	// 				Name: to.Ptr("Example-Filter-Rule-Collection"),
	// 				RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
	// 				Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
	// 					Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
	// 				},
	// 				Rules: []armnetwork.FirewallPolicyRuleClassification{
	// 					&armnetwork.ApplicationRule{
	// 						Name: to.Ptr("rule1"),
	// 						Description: to.Ptr("Insert trusted tenants header"),
	// 						RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
	// 						FqdnTags: []*string{
	// 							to.Ptr("WindowsVirtualDesktop")},
	// 							HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
	// 								{
	// 									HeaderName: to.Ptr("Restrict-Access-To-Tenants"),
	// 									HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
	// 							}},
	// 							Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
	// 								{
	// 									Port: to.Ptr[int32](80),
	// 									ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
	// 							}},
	// 							SourceAddresses: []*string{
	// 								to.Ptr("216.58.216.164"),
	// 								to.Ptr("10.0.0.0/24")},
	// 						}},
	// 				}},
	// 			},
	// 		}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 *
 * @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
 */
async function createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const ruleCollectionGroupName = "ruleCollectionGroup1";
  const parameters = {
    priority: 110,
    ruleCollections: [
      {
        name: "Example-Filter-Rule-Collection",
        action: { type: "Allow" },
        ruleCollectionType: "FirewallPolicyFilterRuleCollection",
        rules: [
          {
            name: "rule1",
            description: "Insert trusted tenants header",
            fqdnTags: ["WindowsVirtualDesktop"],
            httpHeadersToInsert: [
              {
                headerName: "Restrict-Access-To-Tenants",
                headerValue: "contoso.com,fabrikam.onmicrosoft.com",
              },
            ],
            protocols: [{ port: 80, protocolType: "Http" }],
            ruleType: "ApplicationRule",
            sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
    resourceGroupName,
    firewallPolicyName,
    ruleCollectionGroupName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);

// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
    Priority = 110,
    RuleCollections =
    {
    new FirewallPolicyFilterRuleCollectionInfo()
    {
    ActionType = FirewallPolicyFilterRuleCollectionActionType.Allow,
    Rules =
    {
    new ApplicationRule()
    {
    SourceAddresses =
    {
    "216.58.216.164","10.0.0.0/24"
    },
    Protocols =
    {
    new FirewallPolicyRuleApplicationProtocol()
    {
    ProtocolType = FirewallPolicyRuleApplicationProtocolType.Http,
    Port = 80,
    }
    },
    FqdnTags =
    {
    "WindowsVirtualDesktop"
    },
    HttpHeadersToInsert =
    {
    new FirewallPolicyHttpHeaderToInsert()
    {
    HeaderName = "Restrict-Access-To-Tenants",
    HeaderValue = "contoso.com,fabrikam.onmicrosoft.com",
    }
    },
    Name = "rule1",
    Description = "Insert trusted tenants header",
    }
    },
    Name = "Example-Filter-Rule-Collection",
    }
    },
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Allow"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Insert trusted tenants header",
            "protocols": [
              {
                "protocolType": "Http",
                "port": 80
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "fqdnTags": [
              "WindowsVirtualDesktop"
            ],
            "httpHeadersToInsert": [
              {
                "headerName": "Restrict-Access-To-Tenants",
                "headerValue": "contoso.com,fabrikam.onmicrosoft.com"
              }
            ]
          }
        ]
      }
    ]
  }
}

Status code:: 201

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Allow"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Insert trusted tenants header",
            "protocols": [
              {
                "protocolType": "Http",
                "port": 80
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "fqdnTags": [
              "WindowsVirtualDesktop"
            ],
            "httpHeadersToInsert": [
              {
                "headerName": "Restrict-Access-To-Tenants",
                "headerValue": "contoso.com,fabrikam.onmicrosoft.com"
              }
            ]
          }
        ]
      }
    ]
  }
}

Create Firewall Policy Rule Collection Group With IP Groups

Sample Request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01

{
  "properties": {
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-1",
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ],
            "sourceIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
            ],
            "destinationIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
            ]
          }
        ]
      }
    ]
  }
}

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_rule_collection_group_with_ip_groups_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        rule_collection_group_name="ruleCollectionGroup1",
        parameters={
            "properties": {
                "priority": 110,
                "ruleCollections": [
                    {
                        "action": {"type": "Deny"},
                        "name": "Example-Filter-Rule-Collection",
                        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
                        "rules": [
                            {
                                "destinationIpGroups": [
                                    "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
                                ],
                                "destinationPorts": ["*"],
                                "ipProtocols": ["TCP"],
                                "name": "network-1",
                                "ruleType": "NetworkRule",
                                "sourceIpGroups": [
                                    "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
                                ],
                            }
                        ],
                    }
                ],
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithIpGroups() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
		Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
			Priority: to.Ptr[int32](110),
			RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
				&armnetwork.FirewallPolicyFilterRuleCollection{
					Name:               to.Ptr("Example-Filter-Rule-Collection"),
					RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
					Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
						Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
					},
					Rules: []armnetwork.FirewallPolicyRuleClassification{
						&armnetwork.Rule{
							Name:     to.Ptr("network-1"),
							RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
							DestinationIPGroups: []*string{
								to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
							DestinationPorts: []*string{
								to.Ptr("*")},
							IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
								to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
							SourceIPGroups: []*string{
								to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
	// 	Name: to.Ptr("ruleCollectionGroup1"),
	// 	Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
	// 	Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
	// 		Priority: to.Ptr[int32](110),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
	// 			&armnetwork.FirewallPolicyFilterRuleCollection{
	// 				Name: to.Ptr("Example-Filter-Rule-Collection"),
	// 				RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
	// 				Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
	// 					Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
	// 				},
	// 				Rules: []armnetwork.FirewallPolicyRuleClassification{
	// 					&armnetwork.Rule{
	// 						Name: to.Ptr("network-1"),
	// 						RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
	// 						DestinationIPGroups: []*string{
	// 							to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
	// 							DestinationPorts: []*string{
	// 								to.Ptr("*")},
	// 								IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
	// 									to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
	// 									SourceIPGroups: []*string{
	// 										to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
	// 								}},
	// 						}},
	// 					},
	// 				}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 *
 * @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
 */
async function createFirewallPolicyRuleCollectionGroupWithIPGroups() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const ruleCollectionGroupName = "ruleCollectionGroup1";
  const parameters = {
    priority: 110,
    ruleCollections: [
      {
        name: "Example-Filter-Rule-Collection",
        action: { type: "Deny" },
        ruleCollectionType: "FirewallPolicyFilterRuleCollection",
        rules: [
          {
            name: "network-1",
            destinationIpGroups: [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2",
            ],
            destinationPorts: ["*"],
            ipProtocols: ["TCP"],
            ruleType: "NetworkRule",
            sourceIpGroups: [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1",
            ],
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
    resourceGroupName,
    firewallPolicyName,
    ruleCollectionGroupName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);

// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
    Priority = 110,
    RuleCollections =
    {
    new FirewallPolicyFilterRuleCollectionInfo()
    {
    ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
    Rules =
    {
    new NetworkRule()
    {
    IPProtocols =
    {
    FirewallPolicyRuleNetworkProtocol.Tcp
    },
    DestinationPorts =
    {
    "*"
    },
    SourceIPGroups =
    {
    "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
    },
    DestinationIPGroups =
    {
    "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
    },
    Name = "network-1",
    }
    },
    Name = "Example-Filter-Rule-Collection",
    }
    },
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-1",
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ],
            "sourceIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
            ],
            "destinationIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
            ]
          }
        ]
      }
    ]
  }
}

Status code:: 201

{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-1",
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ],
            "sourceIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
            ],
            "destinationIpGroups": [
              "/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
            ]
          }
        ]
      }
    ]
  }
}

Create Firewall Policy Rule Collection Group With Web Categories

Sample Request

PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01

{
  "properties": {
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Deny inbound rule",
            "protocols": [
              {
                "protocolType": "Https",
                "port": 443
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "webCategories": [
              "Hacking"
            ]
          }
        ]
      }
    ]
  }
}

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python firewall_policy_rule_collection_group_with_web_categories_put.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
    )

    response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
        resource_group_name="rg1",
        firewall_policy_name="firewallPolicy",
        rule_collection_group_name="ruleCollectionGroup1",
        parameters={
            "properties": {
                "priority": 110,
                "ruleCollections": [
                    {
                        "action": {"type": "Deny"},
                        "name": "Example-Filter-Rule-Collection",
                        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
                        "rules": [
                            {
                                "description": "Deny inbound rule",
                                "name": "rule1",
                                "protocols": [{"port": 443, "protocolType": "Https"}],
                                "ruleType": "ApplicationRule",
                                "sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
                                "webCategories": ["Hacking"],
                            }
                        ],
                    }
                ],
            }
        },
    ).result()
    print(response)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithWebCategories() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
		Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
			Priority: to.Ptr[int32](110),
			RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
				&armnetwork.FirewallPolicyFilterRuleCollection{
					Name:               to.Ptr("Example-Filter-Rule-Collection"),
					RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
					Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
						Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
					},
					Rules: []armnetwork.FirewallPolicyRuleClassification{
						&armnetwork.ApplicationRule{
							Name:        to.Ptr("rule1"),
							Description: to.Ptr("Deny inbound rule"),
							RuleType:    to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
							Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
								{
									Port:         to.Ptr[int32](443),
									ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
								}},
							SourceAddresses: []*string{
								to.Ptr("216.58.216.164"),
								to.Ptr("10.0.0.0/24")},
							WebCategories: []*string{
								to.Ptr("Hacking")},
						}},
				}},
		},
	}, nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	res, err := poller.PollUntilDone(ctx, nil)
	if err != nil {
		log.Fatalf("failed to pull the result: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
	// 	ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
	// 	Name: to.Ptr("ruleCollectionGroup1"),
	// 	Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
	// 	Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
	// 		Priority: to.Ptr[int32](110),
	// 		ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
	// 		RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
	// 			&armnetwork.FirewallPolicyFilterRuleCollection{
	// 				Name: to.Ptr("Example-Filter-Rule-Collection"),
	// 				RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
	// 				Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
	// 					Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
	// 				},
	// 				Rules: []armnetwork.FirewallPolicyRuleClassification{
	// 					&armnetwork.ApplicationRule{
	// 						Name: to.Ptr("rule1"),
	// 						Description: to.Ptr("Deny inbound rule"),
	// 						RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
	// 						Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
	// 							{
	// 								Port: to.Ptr[int32](443),
	// 								ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
	// 						}},
	// 						SourceAddresses: []*string{
	// 							to.Ptr("216.58.216.164"),
	// 							to.Ptr("10.0.0.0/24")},
	// 							WebCategories: []*string{
	// 								to.Ptr("Hacking")},
	// 						}},
	// 				}},
	// 			},
	// 		}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 *
 * @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
 */
async function createFirewallPolicyRuleCollectionGroupWithWebCategories() {
  const subscriptionId =
    process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const firewallPolicyName = "firewallPolicy";
  const ruleCollectionGroupName = "ruleCollectionGroup1";
  const parameters = {
    priority: 110,
    ruleCollections: [
      {
        name: "Example-Filter-Rule-Collection",
        action: { type: "Deny" },
        ruleCollectionType: "FirewallPolicyFilterRuleCollection",
        rules: [
          {
            name: "rule1",
            description: "Deny inbound rule",
            protocols: [{ port: 443, protocolType: "Https" }],
            ruleType: "ApplicationRule",
            sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
            webCategories: ["Hacking"],
          },
        ],
      },
    ],
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
    resourceGroupName,
    firewallPolicyName,
    ruleCollectionGroupName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);

// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
    Priority = 110,
    RuleCollections =
    {
    new FirewallPolicyFilterRuleCollectionInfo()
    {
    ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
    Rules =
    {
    new ApplicationRule()
    {
    SourceAddresses =
    {
    "216.58.216.164","10.0.0.0/24"
    },
    Protocols =
    {
    new FirewallPolicyRuleApplicationProtocol()
    {
    ProtocolType = FirewallPolicyRuleApplicationProtocolType.Https,
    Port = 443,
    }
    },
    WebCategories =
    {
    "Hacking"
    },
    Name = "rule1",
    Description = "Deny inbound rule",
    }
    },
    Name = "Example-Filter-Rule-Collection",
    }
    },
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Deny inbound rule",
            "protocols": [
              {
                "protocolType": "Https",
                "port": 443
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "webCategories": [
              "Hacking"
            ]
          }
        ]
      }
    ]
  }
}

Status code:: 201

{
  "name": "firewallPolicy",
  "id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
  "properties": {
    "provisioningState": "Succeeded",
    "priority": 110,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "ApplicationRule",
            "name": "rule1",
            "description": "Deny inbound rule",
            "protocols": [
              {
                "protocolType": "Https",
                "port": 443
              }
            ],
            "sourceAddresses": [
              "216.58.216.164",
              "10.0.0.0/24"
            ],
            "webCategories": [
              "Hacking"
            ]
          }
        ]
      }
    ]
  }
}

Definíciók

Name	Description
ApplicationRule	Szabály típusú alkalmazás.
CloudError	Hibaválasz a szolgáltatástól.
CloudErrorBody	Hibaválasz a szolgáltatástól.
FirewallPolicyFilterRuleCollection	Tűzfalszabály-szűrőszabály-gyűjtemény.
FirewallPolicyFilterRuleCollectionAction	A FirewallPolicyFilterRuleCollectionAction tulajdonságai.
FirewallPolicyFilterRuleCollectionActionType	A szabály művelettípusa.
FirewallPolicyHttpHeaderToInsert	a beszúrni kívánt HTTP/S fejléc neve és értéke
FirewallPolicyNatRuleCollection	Tűzfalszabályzat NAT-szabálygyűjteménye.
FirewallPolicyNatRuleCollectionAction	A FirewallPolicyNatRuleCollectionAction tulajdonságai.
FirewallPolicyNatRuleCollectionActionType	A szabály művelettípusa.
FirewallPolicyRuleApplicationProtocol	Az alkalmazásszabály-protokoll tulajdonságai.
FirewallPolicyRuleApplicationProtocolType	Egy szabály alkalmazásprotokoll-típusa.
FirewallPolicyRuleCollectionGroup	Szabálygyűjteményi csoport erőforrása.
FirewallPolicyRuleNetworkProtocol	Egy szabály hálózati protokollja.
NatRule	Nat típusú szabály.
NetworkRule	A hálózat típusú szabály.
ProvisioningState	Az aktuális kiépítési állapot.

ApplicationRule

Szabály típusú alkalmazás.

Name	Típus	Description
description	string	A szabály leírása.
destinationAddresses	string[]	Cél IP-címek vagy szolgáltatáscímkék listája.
fqdnTags	string[]	A szabály FQDN-címkéinek listája.
httpHeadersToInsert	FirewallPolicyHttpHeaderToInsert[]	A beszúrni kívánt HTTP/S fejlécek listája.
name	string	A szabály neve.
protocols	FirewallPolicyRuleApplicationProtocol[]	Alkalmazásprotokollok tömbje.
ruleType	string: ApplicationRule	Szabálytípus.
sourceAddresses	string[]	A szabály forrás IP-címeinek listája.
sourceIpGroups	string[]	A szabályhoz tartozó forrás IpGroupok listája.
targetFqdns	string[]	A szabály teljes tartományneveinek listája.
targetUrls	string[]	A szabályfeltétel URL-címeinek listája.
terminateTLS	boolean	Állítsa le a szabály TLS-kapcsolatait.
webCategories	string[]	A cél azure-webkategóriák listája.

CloudError

Hibaválasz a szolgáltatástól.

Name	Típus	Description
error	CloudErrorBody	Felhőbeli hibatörzs.

CloudErrorBody

Hibaválasz a szolgáltatástól.

Name	Típus	Description
code	string	A hiba azonosítója. A kódok invariánsak, és programozott módon használhatók.
details	CloudErrorBody[]	A hibával kapcsolatos további részletek listája.
message	string	A hibát leíró üzenet, amely alkalmas a felhasználói felületen való megjelenítésre.
target	string	Az adott hiba célja. Például a hibás tulajdonság neve.

FirewallPolicyFilterRuleCollection

Tűzfalszabály-szűrőszabály-gyűjtemény.

Name	Típus	Description
action	FirewallPolicyFilterRuleCollectionAction	A Szűrőszabály-gyűjtemény művelettípusa.
name	string	A szabálygyűjtemény neve.
priority	integer	A tűzfalszabály-gyűjtemény erőforrás prioritása.
ruleCollectionType	string: FirewallPolicyFilterRuleCollection	A szabálygyűjtemény típusa.
rules	FirewallPolicyRule[]: ApplicationRule[] NatRule[] NetworkRule[]	A szabálygyűjteményben szereplő szabályok listája.

FirewallPolicyFilterRuleCollectionAction

A FirewallPolicyFilterRuleCollectionAction tulajdonságai.

Name	Típus	Description
type	FirewallPolicyFilterRuleCollectionActionType	A művelet típusa.

FirewallPolicyFilterRuleCollectionActionType

A szabály művelettípusa.

Name	Típus	Description
Allow	string
Deny	string

FirewallPolicyHttpHeaderToInsert

a beszúrni kívánt HTTP/S fejléc neve és értéke

Name	Típus	Description
headerName	string	A fejléc nevét tartalmazza
headerValue	string	A fejléc értékét tartalmazza

FirewallPolicyNatRuleCollection

Tűzfalszabályzat NAT-szabálygyűjteménye.

Name	Típus	Description
action	FirewallPolicyNatRuleCollectionAction	Nat-szabálygyűjtemény művelettípusa.
name	string	A szabálygyűjtemény neve.
priority	integer	A tűzfalszabály-gyűjtemény erőforrás prioritása.
ruleCollectionType	string: FirewallPolicyNatRuleCollection	A szabálygyűjtemény típusa.
rules	FirewallPolicyRule[]: ApplicationRule[] NatRule[] NetworkRule[]	A szabálygyűjteményben szereplő szabályok listája.

FirewallPolicyNatRuleCollectionAction

A FirewallPolicyNatRuleCollectionAction tulajdonságai.

Name	Típus	Description
type	FirewallPolicyNatRuleCollectionActionType	A művelet típusa.

FirewallPolicyNatRuleCollectionActionType

A szabály művelettípusa.

Name	Típus	Description
DNAT	string

FirewallPolicyRuleApplicationProtocol

Az alkalmazásszabály-protokoll tulajdonságai.

Name	Típus	Description
port	integer	A protokoll portszáma nem lehet nagyobb 64000-nél.
protocolType	FirewallPolicyRuleApplicationProtocolType	Protokoll típusa.

FirewallPolicyRuleApplicationProtocolType

Egy szabály alkalmazásprotokoll-típusa.

Name	Típus	Description
Http	string
Https	string