az network firewall policy intrusion-detection
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network firewall policy intrusion-detection command. Learn more about extensions.
Manage intrusion signature rules and bypass rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy intrusion-detection add |
Update an Azure firewall policy. |
Extension | GA |
| az network firewall policy intrusion-detection list |
List all intrusion detection configuration. |
Extension | GA |
| az network firewall policy intrusion-detection remove |
Update an Azure firewall policy. |
Extension | GA |
az network firewall policy intrusion-detection add
Update an Azure firewall policy.
az network firewall policy intrusion-detection add [--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--cert-name]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Advanced, Basic, Standard}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--mode {Alert, Deny, Off}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-description]
[--rule-dest-addresses]
[--rule-dest-ip-groups]
[--rule-dest-ports]
[--rule-name]
[--rule-protocol {Any, ICMP, TCP, UDP}]
[--rule-src-addresses]
[--rule-src-ip-groups]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Name of the CA certificate.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
| Property | Value |
|---|---|
| Parameter group: | Identity Instance Arguments |
| Accepted values: | None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Advanced, Basic, Standard |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
The override signature state.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Description of the bypass traffic rule.
Space-separated list of destination IP addresses or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of destination ports or ranges for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name of the bypass traffic rule.
The bypass traffic rule protocol.
| Property | Value |
|---|---|
| Accepted values: | Any, ICMP, TCP, UDP |
Space-separated list of source IP addresses or ranges for this rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of source IpGroups for bypass traffic rule Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id for override.
SKU of Firewall policy.
| Property | Value |
|---|---|
| Accepted values: | Basic, Premium, Standard |
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy intrusion-detection list
List all intrusion detection configuration.
az network firewall policy intrusion-detection list --policy-name
--resource-groupRequired Parameters
The name of the Firewall Policy.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy intrusion-detection remove
Update an Azure firewall policy.
az network firewall policy intrusion-detection remove [--add]
[--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
[--cert-name]
[--configuration]
[--dns-servers]
[--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
[--explicit-proxy]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdns]
[--identity-type {None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned}]
[--idps-mode {Alert, Deny, Off}]
[--idps-profile {Advanced, Basic, Standard}]
[--ids]
[--ip-addresses]
[--key-vault-secret-id]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--policy-name]
[--private-ranges]
[--remove]
[--resource-group]
[--rule-name]
[--set]
[--signature-id]
[--sku {Basic, Premium, Standard}]
[--sql {0, 1, f, false, n, no, t, true, y, yes}]
[--subscription]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The operation mode for automatically learning private ranges to not be SNAT.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
| Accepted values: | Disabled, Enabled |
Name of the CA certificate.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
Intrusion detection configuration properties. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | IntrusionDetection Arguments |
Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
Enable DNS Proxy.
| Property | Value |
|---|---|
| Parameter group: | DNS Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Explicit Proxy Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.
| Property | Value |
|---|---|
| Parameter group: | Identity Instance Arguments |
| Accepted values: | None, SystemAssigned, SystemAssigned, UserAssigned, UserAssigned |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Alert, Deny, Off |
IDPS mode.
| Property | Value |
|---|---|
| Parameter group: | Intrusion Detection Arguments |
| Accepted values: | Advanced, Basic, Standard |
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Threat Intel Allowlist Arguments |
Secret Id of (base-64 encoded unencrypted pfx) Secret or Certificate object stored in KeyVault.
| Property | Value |
|---|---|
| Parameter group: | TLS Inspection Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
The name of the Firewall Policy.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Snat Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Name of the bypass traffic rule.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Signature id.
SKU of Firewall policy.
| Property | Value |
|---|---|
| Accepted values: | Basic, Premium, Standard |
A flag to indicate if SQL Redirect traffic filtering is enabled.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
| Property | Value |
|---|---|
| Parameter group: | Resource Id Arguments |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The operation mode for Threat Intelligence.
| Property | Value |
|---|---|
| Accepted values: | Alert, Deny, Off |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
