지정된 FirewallPolicyRuleCollectionGroup을 만들거나 업데이트합니다.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}?api-version=2023-09-01
URI 매개 변수
Name |
In(다음 안에) |
필수 |
형식 |
Description |
firewallPolicyName
|
path |
True
|
string
|
방화벽 정책의 이름입니다.
|
resourceGroupName
|
path |
True
|
string
|
리소스 그룹의 이름.
|
ruleCollectionGroupName
|
path |
True
|
string
|
FirewallPolicyRuleCollectionGroup의 이름입니다.
|
subscriptionId
|
path |
True
|
string
|
Microsoft Azure 구독을 고유하게 식별하는 구독 자격 증명입니다. 구독 ID는 모든 서비스 호출에 대한 URI의 파트를 형성합니다.
|
api-version
|
query |
True
|
string
|
클라이언트 API 버전입니다.
|
요청 본문
Name |
형식 |
Description |
id
|
string
|
리소스 ID입니다.
|
name
|
string
|
리소스 그룹 내에서 고유한 리소스의 이름입니다. 이 이름은 리소스에 액세스하는 데 사용할 수 있습니다.
|
properties.priority
|
integer
|
방화벽 정책 규칙 컬렉션 그룹 리소스의 우선 순위입니다.
|
properties.ruleCollections
|
FirewallPolicyRuleCollection[]:
-
FirewallPolicyNatRuleCollection[]
-
FirewallPolicyFilterRuleCollection[]
|
방화벽 정책 규칙 컬렉션 그룹입니다.
|
응답
Name |
형식 |
Description |
200 OK
|
FirewallPolicyRuleCollectionGroup
|
요청이 성공했습니다. 이 작업은 결과 FirewallPolicyRuleCollectionGroup 리소스를 반환합니다.
|
201 Created
|
FirewallPolicyRuleCollectionGroup
|
요청이 성공적으로 수신되었습니다. 이 작업은 결과 FirewallPolicyRuleCollectionGroup 리소스를 반환합니다.
|
Other Status Codes
|
CloudError
|
작업이 실패한 이유를 설명하는 오류 응답입니다.
|
보안
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name |
Description |
user_impersonation
|
사용자 계정 가장
|
예제
Create Firewall Policy Nat Rule Collection Group
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"priority": 100,
"name": "Example-Nat-Rule-Collection",
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_nat_rule_collection_group_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 100,
"ruleCollections": [
{
"action": {"type": "DNAT"},
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"rules": [
{
"destinationAddresses": ["152.23.32.23"],
"destinationPorts": ["8080"],
"ipProtocols": ["TCP", "UDP"],
"name": "nat-rule1",
"ruleType": "NatRule",
"sourceAddresses": ["2.2.2.2"],
"sourceIpGroups": [],
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyNatRuleCollectionGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](100),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyNatRuleCollection{
Name: to.Ptr("Example-Nat-Rule-Collection"),
Priority: to.Ptr[int32](100),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.NatRule{
Name: to.Ptr("nat-rule1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
DestinationAddresses: []*string{
to.Ptr("152.23.32.23")},
DestinationPorts: []*string{
to.Ptr("8080")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
SourceAddresses: []*string{
to.Ptr("2.2.2.2")},
SourceIPGroups: []*string{},
TranslatedFqdn: to.Ptr("internalhttp.server.net"),
TranslatedPort: to.Ptr("8080"),
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](100),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyNatRuleCollection{
// Name: to.Ptr("Example-Nat-Rule-Collection"),
// Priority: to.Ptr[int32](100),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyNatRuleCollection),
// Action: &armnetwork.FirewallPolicyNatRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyNatRuleCollectionActionTypeDNAT),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.NatRule{
// Name: to.Ptr("nat-rule1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNatRule),
// DestinationAddresses: []*string{
// to.Ptr("152.23.32.23")},
// DestinationPorts: []*string{
// to.Ptr("8080")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP),
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolUDP)},
// SourceAddresses: []*string{
// to.Ptr("2.2.2.2")},
// SourceIPGroups: []*string{
// },
// TranslatedFqdn: to.Ptr("internalhttp.server.net"),
// TranslatedPort: to.Ptr("8080"),
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
*/
async function createFirewallPolicyNatRuleCollectionGroup() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 100,
ruleCollections: [
{
name: "Example-Nat-Rule-Collection",
action: { type: "DNAT" },
priority: 100,
ruleCollectionType: "FirewallPolicyNatRuleCollection",
rules: [
{
name: "nat-rule1",
destinationAddresses: ["152.23.32.23"],
destinationPorts: ["8080"],
ipProtocols: ["TCP", "UDP"],
ruleType: "NatRule",
sourceAddresses: ["2.2.2.2"],
sourceIpGroups: [],
translatedFqdn: "internalhttp.server.net",
translatedPort: "8080",
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyNatRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 100,
RuleCollections =
{
new FirewallPolicyNatRuleCollectionInfo()
{
ActionType = FirewallPolicyNatRuleCollectionActionType.Dnat,
Rules =
{
new NatRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp,FirewallPolicyRuleNetworkProtocol.Udp
},
SourceAddresses =
{
"2.2.2.2"
},
DestinationAddresses =
{
"152.23.32.23"
},
DestinationPorts =
{
"8080"
},
TranslatedPort = "8080",
SourceIPGroups =
{
},
TranslatedFqdn = "internalhttp.server.net",
Name = "nat-rule1",
}
},
Name = "Example-Nat-Rule-Collection",
Priority = 100,
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"name": "Example-Nat-Rule-Collection",
"priority": 100,
"action": {
"type": "DNAT"
},
"rules": [
{
"ruleType": "NatRule",
"name": "nat-rule1",
"translatedFqdn": "internalhttp.server.net",
"translatedPort": "8080",
"ipProtocols": [
"TCP",
"UDP"
],
"sourceAddresses": [
"2.2.2.2"
],
"sourceIpGroups": [],
"destinationAddresses": [
"152.23.32.23"
],
"destinationPorts": [
"8080"
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
import com.azure.resourcemanager.network.fluent.models.FirewallPolicyRuleCollectionGroupInner;
import com.azure.resourcemanager.network.models.ApplicationRule;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyFilterRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyHttpHeaderToInsert;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollection;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionAction;
import com.azure.resourcemanager.network.models.FirewallPolicyNatRuleCollectionActionType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocol;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleApplicationProtocolType;
import com.azure.resourcemanager.network.models.FirewallPolicyRuleNetworkProtocol;
import com.azure.resourcemanager.network.models.NatRule;
import com.azure.resourcemanager.network.models.NetworkRule;
import java.util.Arrays;
/**
* Samples for FirewallPolicyRuleCollectionGroups CreateOrUpdate.
*/
public final class Main {
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createFirewallPolicyRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection").withPriority(100)
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(Arrays.asList(new NetworkRule().withName("network-rule1")
.withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
.withSourceAddresses(Arrays.asList("10.1.25.0/24")).withDestinationAddresses(Arrays.asList("*"))
.withDestinationPorts(Arrays.asList("*")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With Web Categories.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyRuleCollectionGroupWithWebCategories(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(
Arrays.asList(new ApplicationRule().withName("rule1").withDescription("Deny inbound rule")
.withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
.withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
.withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTPS).withPort(443)))
.withWebCategories(Arrays.asList("Hacking")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyNatRuleCollectionGroupPut.json
*/
/**
* Sample code: Create Firewall Policy Nat Rule Collection Group.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyNatRuleCollectionGroup(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(100)
.withRuleCollections(Arrays.asList(new FirewallPolicyNatRuleCollection()
.withName("Example-Nat-Rule-Collection").withPriority(100)
.withAction(new FirewallPolicyNatRuleCollectionAction()
.withType(FirewallPolicyNatRuleCollectionActionType.DNAT))
.withRules(Arrays.asList(new NatRule().withName("nat-rule1")
.withIpProtocols(
Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP, FirewallPolicyRuleNetworkProtocol.UDP))
.withSourceAddresses(Arrays.asList("2.2.2.2"))
.withDestinationAddresses(Arrays.asList("152.23.32.23"))
.withDestinationPorts(Arrays.asList("8080")).withTranslatedPort("8080")
.withSourceIpGroups(Arrays.asList()).withTranslatedFqdn("internalhttp.server.net"))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With IP Groups.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void
createFirewallPolicyRuleCollectionGroupWithIPGroups(com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups().createOrUpdate("rg1",
"firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays.asList(new FirewallPolicyFilterRuleCollection()
.withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.DENY))
.withRules(Arrays.asList(new NetworkRule().withName("network-1")
.withIpProtocols(Arrays.asList(FirewallPolicyRuleNetworkProtocol.TCP))
.withDestinationPorts(Arrays.asList("*"))
.withSourceIpGroups(Arrays.asList(
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"))
.withDestinationIpGroups(Arrays.asList(
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")))))),
com.azure.core.util.Context.NONE);
}
/*
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/
* FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
*/
/**
* Sample code: Create Firewall Policy Rule Collection Group With http header to insert.
*
* @param azure The entry point for accessing resource management APIs in Azure.
*/
public static void createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert(
com.azure.resourcemanager.AzureResourceManager azure) {
azure.networks().manager().serviceClient().getFirewallPolicyRuleCollectionGroups()
.createOrUpdate("rg1", "firewallPolicy", "ruleCollectionGroup1",
new FirewallPolicyRuleCollectionGroupInner().withPriority(110)
.withRuleCollections(Arrays
.asList(new FirewallPolicyFilterRuleCollection().withName("Example-Filter-Rule-Collection")
.withAction(new FirewallPolicyFilterRuleCollectionAction()
.withType(FirewallPolicyFilterRuleCollectionActionType.ALLOW))
.withRules(Arrays.asList(
new ApplicationRule().withName("rule1").withDescription("Insert trusted tenants header")
.withSourceAddresses(Arrays.asList("216.58.216.164", "10.0.0.0/24"))
.withProtocols(Arrays.asList(new FirewallPolicyRuleApplicationProtocol()
.withProtocolType(FirewallPolicyRuleApplicationProtocolType.HTTP).withPort(80)))
.withFqdnTags(Arrays.asList("WindowsVirtualDesktop"))
.withHttpHeadersToInsert(Arrays.asList(new FirewallPolicyHttpHeaderToInsert()
.withHeaderName("Restrict-Access-To-Tenants")
.withHeaderValue("contoso.com,fabrikam.onmicrosoft.com"))))))),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 100,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"destinationAddresses": ["*"],
"destinationPorts": ["*"],
"ipProtocols": ["TCP"],
"name": "network-rule1",
"ruleType": "NetworkRule",
"sourceAddresses": ["10.1.25.0/24"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroup() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](100),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
Priority: to.Ptr[int32](100),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.Rule{
Name: to.Ptr("network-rule1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
DestinationAddresses: []*string{
to.Ptr("*")},
DestinationPorts: []*string{
to.Ptr("*")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
SourceAddresses: []*string{
to.Ptr("10.1.25.0/24")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](100),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// Priority: to.Ptr[int32](100),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.Rule{
// Name: to.Ptr("network-rule1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
// DestinationAddresses: []*string{
// to.Ptr("*")},
// DestinationPorts: []*string{
// to.Ptr("*")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
// SourceAddresses: []*string{
// to.Ptr("10.1.25.0/24")},
// }},
// }},
// Size: to.Ptr("1.2MB"),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
*/
async function createFirewallPolicyRuleCollectionGroup() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 100,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
priority: 100,
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "network-rule1",
destinationAddresses: ["*"],
destinationPorts: ["*"],
ipProtocols: ["TCP"],
ruleType: "NetworkRule",
sourceAddresses: ["10.1.25.0/24"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 100,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new NetworkRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp
},
SourceAddresses =
{
"10.1.25.0/24"
},
DestinationAddresses =
{
"*"
},
DestinationPorts =
{
"*"
},
Name = "network-rule1",
}
},
Name = "Example-Filter-Rule-Collection",
Priority = 100,
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"size": "1.2MB",
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"size": "1.2MB",
"provisioningState": "Succeeded",
"priority": 100,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"priority": 100,
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-rule1",
"sourceAddresses": [
"10.1.25.0/24"
],
"destinationAddresses": [
"*"
],
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
]
}
]
}
]
}
}
Sample Request
PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_http_headers_to_insert.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Allow"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"description": "Insert trusted tenants header",
"fqdnTags": ["WindowsVirtualDesktop"],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com",
}
],
"name": "rule1",
"protocols": [{"port": 80, "protocolType": "Http"}],
"ruleType": "ApplicationRule",
"sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.ApplicationRule{
Name: to.Ptr("rule1"),
Description: to.Ptr("Insert trusted tenants header"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
FqdnTags: []*string{
to.Ptr("WindowsVirtualDesktop")},
HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
{
HeaderName: to.Ptr("Restrict-Access-To-Tenants"),
HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
}},
Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
{
Port: to.Ptr[int32](80),
ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
}},
SourceAddresses: []*string{
to.Ptr("216.58.216.164"),
to.Ptr("10.0.0.0/24")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeAllow),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.ApplicationRule{
// Name: to.Ptr("rule1"),
// Description: to.Ptr("Insert trusted tenants header"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
// FqdnTags: []*string{
// to.Ptr("WindowsVirtualDesktop")},
// HTTPHeadersToInsert: []*armnetwork.FirewallPolicyHTTPHeaderToInsert{
// {
// HeaderName: to.Ptr("Restrict-Access-To-Tenants"),
// HeaderValue: to.Ptr("contoso.com,fabrikam.onmicrosoft.com"),
// }},
// Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
// {
// Port: to.Ptr[int32](80),
// ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTP),
// }},
// SourceAddresses: []*string{
// to.Ptr("216.58.216.164"),
// to.Ptr("10.0.0.0/24")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
*/
async function createFirewallPolicyRuleCollectionGroupWithHttpHeaderToInsert() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Allow" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "rule1",
description: "Insert trusted tenants header",
fqdnTags: ["WindowsVirtualDesktop"],
httpHeadersToInsert: [
{
headerName: "Restrict-Access-To-Tenants",
headerValue: "contoso.com,fabrikam.onmicrosoft.com",
},
],
protocols: [{ port: 80, protocolType: "Http" }],
ruleType: "ApplicationRule",
sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithHttpHeadersToInsert.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Allow,
Rules =
{
new ApplicationRule()
{
SourceAddresses =
{
"216.58.216.164","10.0.0.0/24"
},
Protocols =
{
new FirewallPolicyRuleApplicationProtocol()
{
ProtocolType = FirewallPolicyRuleApplicationProtocolType.Http,
Port = 80,
}
},
FqdnTags =
{
"WindowsVirtualDesktop"
},
HttpHeadersToInsert =
{
new FirewallPolicyHttpHeaderToInsert()
{
HeaderName = "Restrict-Access-To-Tenants",
HeaderValue = "contoso.com,fabrikam.onmicrosoft.com",
}
},
Name = "rule1",
Description = "Insert trusted tenants header",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Allow"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Insert trusted tenants header",
"protocols": [
{
"protocolType": "Http",
"port": 80
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"fqdnTags": [
"WindowsVirtualDesktop"
],
"httpHeadersToInsert": [
{
"headerName": "Restrict-Access-To-Tenants",
"headerValue": "contoso.com,fabrikam.onmicrosoft.com"
}
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group With IP Groups
Sample Request
PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_ip_groups_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
],
"destinationPorts": ["*"],
"ipProtocols": ["TCP"],
"name": "network-1",
"ruleType": "NetworkRule",
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithIpGroups() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.Rule{
Name: to.Ptr("network-1"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
DestinationIPGroups: []*string{
to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
DestinationPorts: []*string{
to.Ptr("*")},
IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
SourceIPGroups: []*string{
to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.Rule{
// Name: to.Ptr("network-1"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeNetworkRule),
// DestinationIPGroups: []*string{
// to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2")},
// DestinationPorts: []*string{
// to.Ptr("*")},
// IPProtocols: []*armnetwork.FirewallPolicyRuleNetworkProtocol{
// to.Ptr(armnetwork.FirewallPolicyRuleNetworkProtocolTCP)},
// SourceIPGroups: []*string{
// to.Ptr("/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
*/
async function createFirewallPolicyRuleCollectionGroupWithIPGroups() {
const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "network-1",
destinationIpGroups: [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2",
],
destinationPorts: ["*"],
ipProtocols: ["TCP"],
ruleType: "NetworkRule",
sourceIpGroups: [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1",
],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithIpGroupsPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new NetworkRule()
{
IPProtocols =
{
FirewallPolicyRuleNetworkProtocol.Tcp
},
DestinationPorts =
{
"*"
},
SourceIPGroups =
{
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
},
DestinationIPGroups =
{
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
},
Name = "network-1",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "NetworkRule",
"name": "network-1",
"ipProtocols": [
"TCP"
],
"destinationPorts": [
"*"
],
"sourceIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups1"
],
"destinationIpGroups": [
"/subscriptions/subid/providers/Microsoft.Network/resourceGroup/rg1/ipGroups/ipGroups2"
]
}
]
}
]
}
}
Create Firewall Policy Rule Collection Group With Web Categories
Sample Request
PUT https://management.azure.com/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1?api-version=2023-09-01
{
"properties": {
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_rule_collection_group_with_web_categories_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="e747cc13-97d4-4a79-b463-42d7f4e558f2",
)
response = client.firewall_policy_rule_collection_groups.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
rule_collection_group_name="ruleCollectionGroup1",
parameters={
"properties": {
"priority": 110,
"ruleCollections": [
{
"action": {"type": "Deny"},
"name": "Example-Filter-Rule-Collection",
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"rules": [
{
"description": "Deny inbound rule",
"name": "rule1",
"protocols": [{"port": 443, "protocolType": "Https"}],
"ruleType": "ApplicationRule",
"sourceAddresses": ["216.58.216.164", "10.0.0.0/24"],
"webCategories": ["Hacking"],
}
],
}
],
}
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
if __name__ == "__main__":
main()
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armnetwork_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
func ExampleFirewallPolicyRuleCollectionGroupsClient_BeginCreateOrUpdate_createFirewallPolicyRuleCollectionGroupWithWebCategories() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
poller, err := clientFactory.NewFirewallPolicyRuleCollectionGroupsClient().BeginCreateOrUpdate(ctx, "rg1", "firewallPolicy", "ruleCollectionGroup1", armnetwork.FirewallPolicyRuleCollectionGroup{
Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
Priority: to.Ptr[int32](110),
RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
&armnetwork.FirewallPolicyFilterRuleCollection{
Name: to.Ptr("Example-Filter-Rule-Collection"),
RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
},
Rules: []armnetwork.FirewallPolicyRuleClassification{
&armnetwork.ApplicationRule{
Name: to.Ptr("rule1"),
Description: to.Ptr("Deny inbound rule"),
RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
{
Port: to.Ptr[int32](443),
ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
}},
SourceAddresses: []*string{
to.Ptr("216.58.216.164"),
to.Ptr("10.0.0.0/24")},
WebCategories: []*string{
to.Ptr("Hacking")},
}},
}},
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
res, err := poller.PollUntilDone(ctx, nil)
if err != nil {
log.Fatalf("failed to pull the result: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.FirewallPolicyRuleCollectionGroup = armnetwork.FirewallPolicyRuleCollectionGroup{
// ID: to.Ptr("/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1"),
// Name: to.Ptr("ruleCollectionGroup1"),
// Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
// Properties: &armnetwork.FirewallPolicyRuleCollectionGroupProperties{
// Priority: to.Ptr[int32](110),
// ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
// RuleCollections: []armnetwork.FirewallPolicyRuleCollectionClassification{
// &armnetwork.FirewallPolicyFilterRuleCollection{
// Name: to.Ptr("Example-Filter-Rule-Collection"),
// RuleCollectionType: to.Ptr(armnetwork.FirewallPolicyRuleCollectionTypeFirewallPolicyFilterRuleCollection),
// Action: &armnetwork.FirewallPolicyFilterRuleCollectionAction{
// Type: to.Ptr(armnetwork.FirewallPolicyFilterRuleCollectionActionTypeDeny),
// },
// Rules: []armnetwork.FirewallPolicyRuleClassification{
// &armnetwork.ApplicationRule{
// Name: to.Ptr("rule1"),
// Description: to.Ptr("Deny inbound rule"),
// RuleType: to.Ptr(armnetwork.FirewallPolicyRuleTypeApplicationRule),
// Protocols: []*armnetwork.FirewallPolicyRuleApplicationProtocol{
// {
// Port: to.Ptr[int32](443),
// ProtocolType: to.Ptr(armnetwork.FirewallPolicyRuleApplicationProtocolTypeHTTPS),
// }},
// SourceAddresses: []*string{
// to.Ptr("216.58.216.164"),
// to.Ptr("10.0.0.0/24")},
// WebCategories: []*string{
// to.Ptr("Hacking")},
// }},
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Creates or updates the specified FirewallPolicyRuleCollectionGroup.
*
* @summary Creates or updates the specified FirewallPolicyRuleCollectionGroup.
* x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
*/
async function createFirewallPolicyRuleCollectionGroupWithWebCategories() {
const subscriptionId =
process.env["NETWORK_SUBSCRIPTION_ID"] || "e747cc13-97d4-4a79-b463-42d7f4e558f2";
const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
const firewallPolicyName = "firewallPolicy";
const ruleCollectionGroupName = "ruleCollectionGroup1";
const parameters = {
priority: 110,
ruleCollections: [
{
name: "Example-Filter-Rule-Collection",
action: { type: "Deny" },
ruleCollectionType: "FirewallPolicyFilterRuleCollection",
rules: [
{
name: "rule1",
description: "Deny inbound rule",
protocols: [{ port: 443, protocolType: "Https" }],
ruleType: "ApplicationRule",
sourceAddresses: ["216.58.216.164", "10.0.0.0/24"],
webCategories: ["Hacking"],
},
],
},
],
};
const credential = new DefaultAzureCredential();
const client = new NetworkManagementClient(credential, subscriptionId);
const result = await client.firewallPolicyRuleCollectionGroups.beginCreateOrUpdateAndWait(
resourceGroupName,
firewallPolicyName,
ruleCollectionGroupName,
parameters,
);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/FirewallPolicyRuleCollectionGroupWithWebCategoriesPut.json
// this example is just showing the usage of "FirewallPolicyRuleCollectionGroups_CreateOrUpdate" operation, for the dependent resources, they will have to be created separately.
// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);
// this example assumes you already have this FirewallPolicyRuleCollectionGroupResource created on azure
// for more information of creating FirewallPolicyRuleCollectionGroupResource, please refer to the document of FirewallPolicyRuleCollectionGroupResource
string subscriptionId = "e747cc13-97d4-4a79-b463-42d7f4e558f2";
string resourceGroupName = "rg1";
string firewallPolicyName = "firewallPolicy";
string ruleCollectionGroupName = "ruleCollectionGroup1";
ResourceIdentifier firewallPolicyRuleCollectionGroupResourceId = FirewallPolicyRuleCollectionGroupResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, firewallPolicyName, ruleCollectionGroupName);
FirewallPolicyRuleCollectionGroupResource firewallPolicyRuleCollectionGroup = client.GetFirewallPolicyRuleCollectionGroupResource(firewallPolicyRuleCollectionGroupResourceId);
// invoke the operation
FirewallPolicyRuleCollectionGroupData data = new FirewallPolicyRuleCollectionGroupData()
{
Priority = 110,
RuleCollections =
{
new FirewallPolicyFilterRuleCollectionInfo()
{
ActionType = FirewallPolicyFilterRuleCollectionActionType.Deny,
Rules =
{
new ApplicationRule()
{
SourceAddresses =
{
"216.58.216.164","10.0.0.0/24"
},
Protocols =
{
new FirewallPolicyRuleApplicationProtocol()
{
ProtocolType = FirewallPolicyRuleApplicationProtocolType.Https,
Port = 443,
}
},
WebCategories =
{
"Hacking"
},
Name = "rule1",
Description = "Deny inbound rule",
}
},
Name = "Example-Filter-Rule-Collection",
}
},
};
ArmOperation<FirewallPolicyRuleCollectionGroupResource> lro = await firewallPolicyRuleCollectionGroup.UpdateAsync(WaitUntil.Completed, data);
FirewallPolicyRuleCollectionGroupResource result = lro.Value;
// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
FirewallPolicyRuleCollectionGroupData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"name": "ruleCollectionGroup1",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
{
"name": "firewallPolicy",
"id": "/subscriptions/e747cc13-97d4-4a79-b463-42d7f4e558f2/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"priority": 110,
"ruleCollections": [
{
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"name": "Example-Filter-Rule-Collection",
"action": {
"type": "Deny"
},
"rules": [
{
"ruleType": "ApplicationRule",
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
],
"webCategories": [
"Hacking"
]
}
]
}
]
}
}
정의
ApplicationRule
애플리케이션 형식의 규칙입니다.
Name |
형식 |
Description |
description
|
string
|
규칙에 대한 설명
|
destinationAddresses
|
string[]
|
대상 IP 주소 또는 서비스 태그 목록입니다.
|
fqdnTags
|
string[]
|
이 규칙에 대한 FQDN 태그 목록입니다.
|
httpHeadersToInsert
|
FirewallPolicyHttpHeaderToInsert[]
|
삽입할 HTTP/S 헤더 목록입니다.
|
name
|
string
|
규칙의 이름입니다.
|
protocols
|
FirewallPolicyRuleApplicationProtocol[]
|
애플리케이션 프로토콜의 배열입니다.
|
ruleType
|
string:
ApplicationRule
|
규칙 유형입니다.
|
sourceAddresses
|
string[]
|
이 규칙의 원본 IP 주소 목록입니다.
|
sourceIpGroups
|
string[]
|
이 규칙의 원본 IpGroup 목록입니다.
|
targetFqdns
|
string[]
|
이 규칙의 FQDN 목록입니다.
|
targetUrls
|
string[]
|
이 규칙 조건의 URL 목록입니다.
|
terminateTLS
|
boolean
|
이 규칙에 대한 TLS 연결을 종료합니다.
|
webCategories
|
string[]
|
대상 Azure 웹 범주 목록입니다.
|
CloudError
서비스의 오류 응답입니다.
Name |
형식 |
Description |
error
|
CloudErrorBody
|
클라우드 오류 본문.
|
CloudErrorBody
서비스의 오류 응답입니다.
Name |
형식 |
Description |
code
|
string
|
오류의 식별자입니다. 코드는 고정이며 프로그래밍 방식으로 사용하기 위한 것입니다.
|
details
|
CloudErrorBody[]
|
오류에 대한 추가 세부 정보 목록입니다.
|
message
|
string
|
사용자 인터페이스에 표시하기에 적합한 오류를 설명하는 메시지입니다.
|
target
|
string
|
특정 오류의 대상입니다. 예를 들어 오류에 있는 속성의 이름입니다.
|
FirewallPolicyFilterRuleCollection
방화벽 정책 필터 규칙 컬렉션입니다.
Name |
형식 |
Description |
action
|
FirewallPolicyFilterRuleCollectionAction
|
필터 규칙 컬렉션의 작업 유형입니다.
|
name
|
string
|
규칙 컬렉션의 이름입니다.
|
priority
|
integer
|
방화벽 정책 규칙 컬렉션 리소스의 우선 순위입니다.
|
ruleCollectionType
|
string:
FirewallPolicyFilterRuleCollection
|
규칙 컬렉션의 형식입니다.
|
rules
|
FirewallPolicyRule[]:
-
ApplicationRule[]
-
NatRule[]
-
NetworkRule[]
|
규칙 컬렉션에 포함된 규칙 목록입니다.
|
FirewallPolicyFilterRuleCollectionAction
FirewallPolicyFilterRuleCollectionAction의 속성입니다.
Name |
형식 |
Description |
type
|
FirewallPolicyFilterRuleCollectionActionType
|
동작 유형입니다.
|
FirewallPolicyFilterRuleCollectionActionType
규칙의 작업 유형입니다.
Name |
형식 |
Description |
Allow
|
string
|
|
Deny
|
string
|
|
삽입할 HTTP/S 헤더의 이름 및 값
Name |
형식 |
Description |
headerName
|
string
|
헤더의 이름을 포함합니다.
|
headerValue
|
string
|
헤더의 값을 포함합니다.
|
FirewallPolicyNatRuleCollection
방화벽 정책 NAT 규칙 컬렉션입니다.
Name |
형식 |
Description |
action
|
FirewallPolicyNatRuleCollectionAction
|
Nat 규칙 컬렉션의 작업 유형입니다.
|
name
|
string
|
규칙 컬렉션의 이름입니다.
|
priority
|
integer
|
방화벽 정책 규칙 컬렉션 리소스의 우선 순위입니다.
|
ruleCollectionType
|
string:
FirewallPolicyNatRuleCollection
|
규칙 컬렉션의 형식입니다.
|
rules
|
FirewallPolicyRule[]:
-
ApplicationRule[]
-
NatRule[]
-
NetworkRule[]
|
규칙 컬렉션에 포함된 규칙 목록입니다.
|
FirewallPolicyNatRuleCollectionAction
FirewallPolicyNatRuleCollectionAction의 속성입니다.
Name |
형식 |
Description |
type
|
FirewallPolicyNatRuleCollectionActionType
|
동작 유형입니다.
|
FirewallPolicyNatRuleCollectionActionType
규칙의 작업 유형입니다.
Name |
형식 |
Description |
DNAT
|
string
|
|
FirewallPolicyRuleApplicationProtocol
애플리케이션 규칙 프로토콜의 속성입니다.
Name |
형식 |
Description |
port
|
integer
|
프로토콜의 포트 번호는 64000보다 클 수 없습니다.
|
protocolType
|
FirewallPolicyRuleApplicationProtocolType
|
프로토콜 유형입니다.
|
FirewallPolicyRuleApplicationProtocolType
규칙의 애플리케이션 프로토콜 유형입니다.
Name |
형식 |
Description |
Http
|
string
|
|
Https
|
string
|
|
FirewallPolicyRuleCollectionGroup
규칙 컬렉션 그룹 리소스입니다.
Name |
형식 |
Description |
etag
|
string
|
리소스를 업데이트할 때마다 변경되는 고유한 읽기 전용 문자열입니다.
|
id
|
string
|
리소스 ID입니다.
|
name
|
string
|
리소스 그룹 내에서 고유한 리소스의 이름입니다. 이 이름은 리소스에 액세스하는 데 사용할 수 있습니다.
|
properties.priority
|
integer
|
방화벽 정책 규칙 컬렉션 그룹 리소스의 우선 순위입니다.
|
properties.provisioningState
|
ProvisioningState
|
방화벽 정책 규칙 컬렉션 그룹 리소스의 프로비저닝 상태입니다.
|
properties.ruleCollections
|
FirewallPolicyRuleCollection[]:
-
FirewallPolicyFilterRuleCollection[]
-
FirewallPolicyNatRuleCollection[]
|
방화벽 정책 규칙 컬렉션 그룹입니다.
|
properties.size
|
string
|
FirewallPolicyRuleCollectionGroupProperties의 크기를 MB 단위로 나타내는 읽기 전용 문자열입니다. (예: 1.2MB)
|
type
|
string
|
규칙 그룹 유형입니다.
|
FirewallPolicyRuleNetworkProtocol
규칙의 네트워크 프로토콜입니다.
Name |
형식 |
Description |
Any
|
string
|
|
ICMP
|
string
|
|
TCP
|
string
|
|
UDP
|
string
|
|
NatRule
nat 형식의 규칙입니다.
Name |
형식 |
Description |
description
|
string
|
규칙에 대한 설명
|
destinationAddresses
|
string[]
|
대상 IP 주소 또는 서비스 태그 목록입니다.
|
destinationPorts
|
string[]
|
대상 포트 목록입니다.
|
ipProtocols
|
FirewallPolicyRuleNetworkProtocol[]
|
FirewallPolicyRuleNetworkProtocols의 배열입니다.
|
name
|
string
|
규칙의 이름입니다.
|
ruleType
|
string:
NatRule
|
규칙 유형입니다.
|
sourceAddresses
|
string[]
|
이 규칙의 원본 IP 주소 목록입니다.
|
sourceIpGroups
|
string[]
|
이 규칙의 원본 IpGroup 목록입니다.
|
translatedAddress
|
string
|
이 NAT 규칙의 번역된 주소입니다.
|
translatedFqdn
|
string
|
이 NAT 규칙에 대한 변환된 FQDN입니다.
|
translatedPort
|
string
|
이 NAT 규칙의 변환된 포트입니다.
|
NetworkRule
네트워크 유형의 규칙입니다.
Name |
형식 |
Description |
description
|
string
|
규칙에 대한 설명
|
destinationAddresses
|
string[]
|
대상 IP 주소 또는 서비스 태그 목록입니다.
|
destinationFqdns
|
string[]
|
대상 FQDN 목록입니다.
|
destinationIpGroups
|
string[]
|
이 규칙의 대상 IpGroup 목록입니다.
|
destinationPorts
|
string[]
|
대상 포트 목록입니다.
|
ipProtocols
|
FirewallPolicyRuleNetworkProtocol[]
|
FirewallPolicyRuleNetworkProtocols의 배열입니다.
|
name
|
string
|
규칙의 이름입니다.
|
ruleType
|
string:
NetworkRule
|
규칙 유형입니다.
|
sourceAddresses
|
string[]
|
이 규칙의 원본 IP 주소 목록입니다.
|
sourceIpGroups
|
string[]
|
이 규칙의 원본 IpGroup 목록입니다.
|
ProvisioningState
현재 프로비저닝 상태입니다.
Name |
형식 |
Description |
Deleting
|
string
|
|
Failed
|
string
|
|
Succeeded
|
string
|
|
Updating
|
string
|
|