指定した FirewallPolicyRuleCollectionGroup を作成または更新します。
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}?api-version=2023-09-01
URI パラメーター
名前 |
/ |
必須 |
型 |
説明 |
firewallPolicyName
|
path |
True
|
string
|
ファイアウォール ポリシーの名前。
|
resourceGroupName
|
path |
True
|
string
|
リソース グループの名前。
|
ruleCollectionGroupName
|
path |
True
|
string
|
FirewallPolicyRuleCollectionGroup の名前。
|
subscriptionId
|
path |
True
|
string
|
Microsoft Azure サブスクリプションを一意に識別するサブスクリプションの資格情報。 サブスクリプション ID は、全ての修理依頼についてURI の一部を生じさせます。
|
api-version
|
query |
True
|
string
|
クライアント API バージョン。
|
要求本文
名前 |
型 |
説明 |
id
|
string
|
リソースの ID
|
name
|
string
|
リソース グループ内で一意のリソースの名前。 この名前は、リソースへのアクセスに使用できます。
|
properties.priority
|
integer
|
ファイアウォール ポリシー規則コレクション グループ リソースの優先度。
|
properties.ruleCollections
|
FirewallPolicyRuleCollection[]:
-
FirewallPolicyNatRuleCollection[]
-
FirewallPolicyFilterRuleCollection[]
|
ファイアウォール ポリシー規則コレクションのグループ。
|
応答
名前 |
型 |
説明 |
200 OK
|
FirewallPolicyRuleCollectionGroup
|
要求が成功しました。 この操作は、生成された FirewallPolicyRuleCollectionGroup リソースを返します。
|
201 Created
|
FirewallPolicyRuleCollectionGroup
|
要求が正常に受信されました。 この操作は、生成された FirewallPolicyRuleCollectionGroup リソースを返します。
|
Other Status Codes
|
CloudError
|
操作に失敗した理由を説明するエラー応答。
|
セキュリティ
azure_auth
Azure Active Directory OAuth2 フロー。
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
名前 |
説明 |
user_impersonation
|
ユーザー アカウントの借用
|
例
Create Firewall Policy Nat Rule Collection Group
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"priority": 100,
"name": "Example-Nat-Rule-Collection",
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_nat_rule_collection_group_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 100,
"ruleCollections": [
{
"action": {"type": "DNAT"},
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"rules": [
{
"destinationAddresses": ["152.23.32.23"],
"destinationPorts": ["8080"],
"ipProtocols": ["TCP", "UDP"],
"name": "nat-rule1",
"ruleType": "NatRule",
"sourceAddresses": ["2.2.2.2"],
"sourceIpGroups": [],
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyNatRuleCollectionGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](100),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyNatRuleCollection{
Name: to.Ptr("Example-Nat-Rule-Collection"),
Priority: to.Ptr[int32](100),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.NatRule{
Name: to.Ptr("nat-rule1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
DestinationAddresses: []*string{
to.Ptr("152.23.32.23")},
DestinationPorts: []*string{
to.Ptr("8080")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
SourceAddresses: []*string{
to.Ptr("2.2.2.2")},
SourceIPGroups: []*string{},
TranslatedFqdn: to.Ptr("internalhttp.server.net"),
TranslatedPort: to.Ptr("8080"),
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](100),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyNatRuleCollection{
// Name: to.Ptr("Example-Nat-Rule-Collection"),
// Priority: to.Ptr[int32](100),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
// Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.NatRule{
// Name: to.Ptr("nat-rule1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
// DestinationAddresses: []*string{
// to.Ptr("152.23.32.23")},
// DestinationPorts: []*string{
// to.Ptr("8080")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
// SourceAddresses: []*string{
// to.Ptr("2.2.2.2")},
// SourceIPGroups: []*string{
// },
// TranslatedFqdn: to.Ptr("internalhttp.server.net"),
// TranslatedPort: to.Ptr("8080"),
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
*/
async function createFirewallPolicyNatRuleCollectionGroup() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 100,
ruleCollections: [
{
name: "Example-Nat-Rule-Collection",
action: { type: "DNAT" },
priority: 100,
ruleCollectionType: "FirewallPolicyNatRuleCollection",
rules: [
{
name: "nat-rule1",
destinationAddresses: ["152.23.32.23"],
destinationPorts: ["8080"],
ipProtocols: ["TCP", "UDP"],
ruleType: "NatRule",
sourceAddresses: ["2.2.2.2"],
sourceIpGroups: [],
translatedFqdn: "internalhttp.server.net",
translatedPort: "8080",
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 100,
RuleCollections =
{
new FirewallPolicyNatRuleCollectionInfo()
{
ActionType = FirewallPolicyNatRuleCollectionActionType.Dnat,
Rules =
{
new NatRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp,FirewallPolicyRuleNetworkProtocol.Udp
},
SourceAddresses =
{
"2.2.2.2"
},
DestinationAddresses =
{
"152.23.32.23"
},
DestinationPorts =
{
"8080"
},
TranslatedPort = "8080",
SourceIPGroups =
{
},
TranslatedFqdn = "internalhttp.server.net",
Name = "nat-rule1",
}
},
Name = "Example-Nat-Rule-Collection",
Priority = 100,
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
import com.azure.resourcemanager.network.fluent.models.FirewallPolicyRuleCollectionGroupInner;
import com.azure.resourcemanager.network.models.ApplicationRule;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyHttpHeaderToInsert;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocol;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocolType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleNetworkProtocol;
import com.azure.resourcemanager.network.models.NatRule;
import com.azure.resourcemanager.network.models.NetworkRule;
import java.util.Arrays;
/**
* Samples for FirewallPolicyRuleCollectionGroups CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createFirewallPolicyRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection").withPriority(100)
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(Arrays.asList(new NetworkRule().withName("network-rule1")
.withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
.withSourceAddresses(Arrays.asList("10.1.25.0/24")).withDestinationAddresses(Arrays.asList("*"))
.withDestinationPorts(Arrays.asList("*")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With Web Categories.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyRuleCollectionGroupWithWebCategories(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(
Arrays.asList(new ApplicationRule().withName("rule1").withDescription("Deny inbound rule")
.withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
.withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
.withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTPS).withPort(443)))
.withWebCategories(Arrays.asList("Hacking")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyNatRuleCollectionGroupPut.json
*/
/**
* Sample code: Create Firewall Policy Nat Rule Collection Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyNatRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
.withRuleCollections(Arrays.asList(new FirewallPolicyNatRuleCollection()
.withName("Example-Nat-Rule-Collection").withPriority(100)
.withAction(new FirewallPolicyNatRuleCollectionAction()
.withType(FirewallPolicyNatRuleCollectionActionType.DNAT))
.withRules(Arrays.asList(new NatRule().withName("nat-rule1")
.withIpProtocols(
Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP, FirewallPolicyRuleNetworkProtocol.UDP))
.withSourceAddresses(Arrays.asList("2.2.2.2"))
.withDestinationAddresses(Arrays.asList("152.23.32.23"))
.withDestinationPorts(Arrays.asList("8080")).withTranslatedPort("8080")
.withSourceIpGroups(Arrays.asList()).withTranslatedFqdn("internalhttp.server.net"))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With IP Groups.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyRuleCollectionGroupWithIPGroups(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(Arrays.asList(new NetworkRule().withName("network-1")
.withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
.withDestinationPorts(Arrays.asList("*"))
.withSourceIpGroups(Arrays.asList(
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"))
.withDestinationIpGroups(Arrays.asList(
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With http header to insert.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups()
.createOrUpdate("rg1", "firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays
.asList(new FirewallPolicyFilterRuleCollection().withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.ALLOW))
.withRules(Arrays.asList(
new ApplicationRule().withName("rule1").withDescription("Insert trusted tenants header")
.withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
.withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
.withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTP).withPort(80)))
.withFqdnTags(Arrays.asList("WindowsVirtualDesktop"))
.withHttpHeadersToInsert(Arrays.asList(new FirewallPolicyHttpHeaderToInsert()
.withHeaderName("Restrict-Access-To-Tenants")
.withHeaderValue("contoso.com,fabrikam.onmicrosoft.com"))))))),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 100,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"destinationAddresses": ["*"],
"destinationPorts": ["*"],
"ipProtocols": ["TCP"],
"name": "network-rule1",
"ruleType": "NetworkRule",
"sourceAddresses": ["10.1.25.0/24"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](100),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
Priority: to.Ptr[int32](100),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.Rule{
Name: to.Ptr("network-rule1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
DestinationAddresses: []*string{
to.Ptr("*")},
DestinationPorts: []*string{
to.Ptr("*")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
SourceAddresses: []*string{
to.Ptr("10.1.25.0/24")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](100),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// Priority: to.Ptr[int32](100),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.Rule{
// Name: to.Ptr("network-rule1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
// DestinationAddresses: []*string{
// to.Ptr("*")},
// DestinationPorts: []*string{
// to.Ptr("*")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
// SourceAddresses: []*string{
// to.Ptr("10.1.25.0/24")},
// }},
// }},
// Size: to.Ptr("1.2MB"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
*/
async function createFirewallPolicyRuleCollectionGroup() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 100,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
priority: 100,
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "network-rule1",
destinationAddresses: ["*"],
destinationPorts: ["*"],
ipProtocols: ["TCP"],
ruleType: "NetworkRule",
sourceAddresses: ["10.1.25.0/24"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 100,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new NetworkRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp
},
SourceAddresses =
{
"10.1.25.0/24"
},
DestinationAddresses =
{
"*"
},
DestinationPorts =
{
"*"
},
Name = "network-rule1",
}
},
Name = "Example-Filter-Rule-Collection",
Priority = 100,
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"size": "1.2MB",
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"size": "1.2MB",
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
Sample Request
PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_http_headers_to_insert.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Allow"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"description": "Insert trusted tenants header",
"fqdnTags": ["WindowsVirtualDesktop"],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com",
}
],
"name": "rule1",
"protocols": [{"port": 80, "protocolType": "Http"}],
"ruleType": "ApplicationRule",
"sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.ApplicationRule{
Name: to.Ptr("rule1"),
Description: to.Ptr("Insert trusted tenants header"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
FqdnTags: []*string{
to.Ptr("WindowsVirtualDesktop")},
HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
{
HeaderName: to.Ptr("Restrict-Access-To-Tenants"),
HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
}},
Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
{
Port: to.Ptr[int32](80),
ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
}},
SourceAddresses: []*string{
to.Ptr("216.58.216.164"),
to.Ptr("10.0.0.0/24")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.ApplicationRule{
// Name: to.Ptr("rule1"),
// Description: to.Ptr("Insert trusted tenants header"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
// FqdnTags: []*string{
// to.Ptr("WindowsVirtualDesktop")},
// HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
// {
// HeaderName: to.Ptr("Restrict-Access-To-Tenants"),
// HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
// }},
// Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
// {
// Port: to.Ptr[int32](80),
// ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
// }},
// SourceAddresses: []*string{
// to.Ptr("216.58.216.164"),
// to.Ptr("10.0.0.0/24")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
*/
async function createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Allow" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "rule1",
description: "Insert trusted tenants header",
fqdnTags: ["WindowsVirtualDesktop"],
httpHeadersToInsert: [
{
headerName: "Restrict-Access-To-Tenants",
headerValue: "contoso.com,fabrikam.onmicrosoft.com",
},
],
protocols: [{ port: 80, protocolType: "Http" }],
ruleType: "ApplicationRule",
sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Allow,
Rules =
{
new ApplicationRule()
{
SourceAddresses =
{
"216.58.216.164","10.0.0.0/24"
},
Protocols =
{
new FirewallPolicyRuleApplicationProtocol()
{
ProtocolType = FirewallPolicyRuleApplicationProtocolType.Http,
Port = 80,
}
},
FqdnTags =
{
"WindowsVirtualDesktop"
},
HttpHeadersToInsert =
{
new FirewallPolicyHttpHeaderToInsert()
{
HeaderName = "Restrict-Access-To-Tenants",
HeaderValue = "contoso.com,fabrikam.onmicrosoft.com",
}
},
Name = "rule1",
Description = "Insert trusted tenants header",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group With IP Groups
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_ip_groups_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
],
"destinationPorts": ["*"],
"ipProtocols": ["TCP"],
"name": "network-1",
"ruleType": "NetworkRule",
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithIpGroups() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.Rule{
Name: to.Ptr("network-1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
DestinationIPGroups: []*string{
to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
DestinationPorts: []*string{
to.Ptr("*")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
SourceIPGroups: []*string{
to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.Rule{
// Name: to.Ptr("network-1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
// DestinationIPGroups: []*string{
// to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
// DestinationPorts: []*string{
// to.Ptr("*")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
// SourceIPGroups: []*string{
// to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
*/
async function createFirewallPolicyRuleCollectionGroupWithIPGroups() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "network-1",
destinationIpGroups: [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2",
],
destinationPorts: ["*"],
ipProtocols: ["TCP"],
ruleType: "NetworkRule",
sourceIpGroups: [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1",
],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new NetworkRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp
},
DestinationPorts =
{
"*"
},
SourceIPGroups =
{
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
},
DestinationIPGroups =
{
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
},
Name = "network-1",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group With Web Categories
Sample Request
PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_web_categories_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{"port": 443, "protocolType": "Https"}],
"ruleType": "ApplicationRule",
"sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
"webCategories": ["Hacking"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithWebCategories() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.ApplicationRule{
Name: to.Ptr("rule1"),
Description: to.Ptr("Deny inbound rule"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
{
Port: to.Ptr[int32](443),
ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
}},
SourceAddresses: []*string{
to.Ptr("216.58.216.164"),
to.Ptr("10.0.0.0/24")},
WebCategories: []*string{
to.Ptr("Hacking")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.ApplicationRule{
// Name: to.Ptr("rule1"),
// Description: to.Ptr("Deny inbound rule"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
// Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
// {
// Port: to.Ptr[int32](443),
// ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
// }},
// SourceAddresses: []*string{
// to.Ptr("216.58.216.164"),
// to.Ptr("10.0.0.0/24")},
// WebCategories: []*string{
// to.Ptr("Hacking")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
*/
async function createFirewallPolicyRuleCollectionGroupWithWebCategories() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "rule1",
description: "Deny inbound rule",
protocols: [{ port: 443, protocolType: "Https" }],
ruleType: "ApplicationRule",
sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
webCategories: ["Hacking"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new ApplicationRule()
{
SourceAddresses =
{
"216.58.216.164","10.0.0.0/24"
},
Protocols =
{
new FirewallPolicyRuleApplicationProtocol()
{
ProtocolType = FirewallPolicyRuleApplicationProtocolType.Https,
Port = 443,
}
},
WebCategories =
{
"Hacking"
},
Name = "rule1",
Description = "Deny inbound rule",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
定義
ApplicationRule
アプリケーションの種類のルール。
名前 |
型 |
説明 |
description
|
string
|
ルールの説明。
|
destinationAddresses
|
string[]
|
宛先 IP アドレスまたはサービス タグの一覧。
|
fqdnTags
|
string[]
|
このルールの FQDN タグの一覧。
|
httpHeadersToInsert
|
FirewallPolicyHttpHeaderToInsert[]
|
挿入する HTTP/S ヘッダーの一覧。
|
name
|
string
|
ルールの名前。
|
protocols
|
FirewallPolicyRuleApplicationProtocol[]
|
アプリケーション プロトコルの配列。
|
ruleType
|
string:
ApplicationRule
|
ルールの種類。
|
sourceAddresses
|
string[]
|
この規則のソース IP アドレスの一覧。
|
sourceIpGroups
|
string[]
|
このルールのソース IpGroup の一覧。
|
targetFqdns
|
string[]
|
このルールの FQDN の一覧。
|
targetUrls
|
string[]
|
このルール条件の URL の一覧。
|
terminateTLS
|
boolean
|
このルールの TLS 接続を終了します。
|
webCategories
|
string[]
|
移行先の Azure Web カテゴリの一覧。
|
CloudError
サービスからのエラー応答。
名前 |
型 |
説明 |
error
|
CloudErrorBody
|
クラウド エラー本文。
|
CloudErrorBody
サービスからのエラー応答。
名前 |
型 |
説明 |
code
|
string
|
エラーの識別子。 コードは不変であり、プログラムによって使用されることを意図しています。
|
details
|
CloudErrorBody[]
|
エラーに関するその他の詳細の一覧。
|
message
|
string
|
ユーザー インターフェイスでの表示に適したエラーを説明するメッセージ。
|
target
|
string
|
特定のエラーのターゲット。 たとえば、エラーが発生したプロパティの名前です。
|
FirewallPolicyFilterRuleCollection
ファイアウォール ポリシー フィルター規則コレクション。
名前 |
型 |
説明 |
action
|
FirewallPolicyFilterRuleCollectionAction
|
フィルター ルール コレクションのアクションの種類。
|
name
|
string
|
ルール コレクションの名前。
|
priority
|
integer
|
ファイアウォール ポリシー規則コレクション リソースの優先度。
|
ruleCollectionType
|
string:
FirewallPolicyFilterRuleCollection
|
ルール コレクションの型。
|
rules
|
FirewallPolicyRule[]:
-
ApplicationRule[]
-
NatRule[]
-
NetworkRule[]
|
ルール コレクションに含まれるルールの一覧。
|
FirewallPolicyFilterRuleCollectionAction
FirewallPolicyFilterRuleCollectionAction のプロパティ。
名前 |
型 |
説明 |
type
|
FirewallPolicyFilterRuleCollectionActionType
|
アクションの種類。
|
FirewallPolicyFilterRuleCollectionActionType
ルールのアクションの種類。
名前 |
型 |
説明 |
Allow
|
string
|
|
Deny
|
string
|
|
挿入する HTTP/S ヘッダーの名前と値
名前 |
型 |
説明 |
headerName
|
string
|
ヘッダーの名前を含みます
|
headerValue
|
string
|
ヘッダーの値を格納します
|
FirewallPolicyNatRuleCollection
ファイアウォール ポリシー NAT 規則コレクション。
名前 |
型 |
説明 |
action
|
FirewallPolicyNatRuleCollectionAction
|
Nat ルール コレクションのアクションの種類。
|
name
|
string
|
ルール コレクションの名前。
|
priority
|
integer
|
ファイアウォール ポリシー規則コレクション リソースの優先度。
|
ruleCollectionType
|
string:
FirewallPolicyNatRuleCollection
|
ルール コレクションの型。
|
rules
|
FirewallPolicyRule[]:
-
ApplicationRule[]
-
NatRule[]
-
NetworkRule[]
|
ルール コレクションに含まれるルールの一覧。
|
FirewallPolicyNatRuleCollectionAction
FirewallPolicyNatRuleCollectionAction のプロパティ。
名前 |
型 |
説明 |
type
|
FirewallPolicyNatRuleCollectionActionType
|
アクションの種類。
|
FirewallPolicyNatRuleCollectionActionType
ルールのアクションの種類。
FirewallPolicyRuleApplicationProtocol
アプリケーション 規則プロトコルのプロパティ。
名前 |
型 |
説明 |
port
|
integer
|
プロトコルのポート番号は、64000 を超えることはできません。
|
protocolType
|
FirewallPolicyRuleApplicationProtocolType
|
プロトコルの種類。
|
FirewallPolicyRuleApplicationProtocolType
Rule のアプリケーション プロトコルの種類。
名前 |
型 |
説明 |
Http
|
string
|
|
Https
|
string
|
|
FirewallPolicyRuleCollectionGroup
ルール コレクション グループ リソース。
名前 |
型 |
説明 |
etag
|
string
|
リソースが更新されるたびに変更される一意の読み取り専用文字列。
|
id
|
string
|
リソースの ID
|
name
|
string
|
リソース グループ内で一意のリソースの名前。 この名前は、リソースへのアクセスに使用できます。
|
properties.priority
|
integer
|
ファイアウォール ポリシー規則コレクション グループ リソースの優先度。
|
properties.provisioningState
|
ProvisioningState
|
ファイアウォール ポリシー規則コレクション グループ リソースのプロビジョニング状態。
|
properties.ruleCollections
|
FirewallPolicyRuleCollection[]:
-
FirewallPolicyFilterRuleCollection[]
-
FirewallPolicyNatRuleCollection[]
|
ファイアウォール ポリシー規則コレクションのグループ。
|
properties.size
|
string
|
FirewallPolicyRuleCollectionGroupProperties のサイズを MB 単位で表す読み取り専用文字列。 (例: 1.2 MB)
|
type
|
string
|
ルール グループの種類。
|
FirewallPolicyRuleNetworkProtocol
ルールのネットワーク プロトコル。
名前 |
型 |
説明 |
Any
|
string
|
|
ICMP
|
string
|
|
TCP
|
string
|
|
UDP
|
string
|
|
NatRule
nat 型のルール。
名前 |
型 |
説明 |
description
|
string
|
ルールの説明。
|
destinationAddresses
|
string[]
|
宛先 IP アドレスまたはサービス タグの一覧。
|
destinationPorts
|
string[]
|
宛先ポートの一覧。
|
ipProtocols
|
FirewallPolicyRuleNetworkProtocol[]
|
FirewallPolicyRuleNetworkProtocols の配列。
|
name
|
string
|
ルールの名前。
|
ruleType
|
string:
NatRule
|
ルールの種類。
|
sourceAddresses
|
string[]
|
この規則のソース IP アドレスの一覧。
|
sourceIpGroups
|
string[]
|
このルールのソース IpGroup の一覧。
|
translatedAddress
|
string
|
この NAT 規則の変換されたアドレス。
|
translatedFqdn
|
string
|
この NAT 規則の変換された FQDN。
|
translatedPort
|
string
|
この NAT 規則の変換されたポート。
|
NetworkRule
ネットワーク型のルール。
名前 |
型 |
説明 |
description
|
string
|
ルールの説明。
|
destinationAddresses
|
string[]
|
宛先 IP アドレスまたはサービス タグの一覧。
|
destinationFqdns
|
string[]
|
宛先 FQDN の一覧。
|
destinationIpGroups
|
string[]
|
この規則の宛先 IpGroup の一覧。
|
destinationPorts
|
string[]
|
宛先ポートの一覧。
|
ipProtocols
|
FirewallPolicyRuleNetworkProtocol[]
|
FirewallPolicyRuleNetworkProtocols の配列。
|
name
|
string
|
ルールの名前。
|
ruleType
|
string:
NetworkRule
|
ルールの種類。
|
sourceAddresses
|
string[]
|
この規則のソース IP アドレスの一覧。
|
sourceIpGroups
|
string[]
|
このルールのソース IpGroup の一覧。
|
ProvisioningState
現在のプロビジョニング状態。
名前 |
型 |
説明 |
Deleting
|
string
|
|
Failed
|
string
|
|
Succeeded
|
string
|
|
Updating
|
string
|
|