Microsoft.Network virtualNetworkTaps template reference
01/23/2020
16 minutes to read
In this article
To create a Microsoft.Network/virtualNetworkTaps resource, add the following JSON to the resources section of your template.
{
"name": "string",
"type": "Microsoft.Network/virtualNetworkTaps",
"apiVersion": "2018-10-01",
"location": "string",
"tags": {},
"properties": {
"destinationNetworkInterfaceIPConfiguration": {
"id": "string",
"properties": {
"virtualNetworkTaps": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": "VirtualNetworkTapPropertiesFormat"
}
],
"applicationGatewayBackendAddressPools": [
{
"id": "string",
"properties": {
"backendIPConfigurations": [
"NetworkInterfaceIPConfiguration"
],
"backendAddresses": [
{
"fqdn": "string",
"ipAddress": "string"
}
]
},
"name": "string",
"type": "string"
}
],
"loadBalancerBackendAddressPools": [
{
"id": "string",
"properties": {
},
"name": "string"
}
],
"loadBalancerInboundNatRules": [
{
"id": "string",
"properties": {
"frontendIPConfiguration": {
"id": "string"
},
"protocol": "string",
"frontendPort": "integer",
"backendPort": "integer",
"idleTimeoutInMinutes": "integer",
"enableFloatingIP": "boolean",
"enableTcpReset": "boolean"
},
"name": "string"
}
],
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"privateIPAddressVersion": "string",
"subnet": {
"id": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [
"string"
],
"networkSecurityGroup": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"securityRules": [
{
"id": "string",
"properties": {
"description": "string",
"protocol": "string",
"sourcePortRange": "string",
"destinationPortRange": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [
"string"
],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [
"string"
],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"sourcePortRanges": [
"string"
],
"destinationPortRanges": [
"string"
],
"access": "string",
"priority": "integer",
"direction": "string"
},
"name": "string"
}
],
"defaultSecurityRules": [
{
"id": "string",
"properties": {
"description": "string",
"protocol": "string",
"sourcePortRange": "string",
"destinationPortRange": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [
"string"
],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [
"string"
],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"sourcePortRanges": [
"string"
],
"destinationPortRanges": [
"string"
],
"access": "string",
"priority": "integer",
"direction": "string"
},
"name": "string"
}
],
"resourceGuid": "string"
}
},
"routeTable": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"routes": [
{
"id": "string",
"properties": {
"addressPrefix": "string",
"nextHopType": "string",
"nextHopIpAddress": "string"
},
"name": "string"
}
],
"disableBgpRoutePropagation": "boolean"
}
},
"serviceEndpoints": [
{
"service": "string",
"locations": [
"string"
]
}
],
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [
"string"
]
},
"name": "string"
}
]
}
}
],
"resourceNavigationLinks": [
{
"id": "string",
"properties": {
"linkedResourceType": "string",
"link": "string"
},
"name": "string"
}
],
"serviceAssociationLinks": [
{
"id": "string",
"properties": {
"linkedResourceType": "string",
"link": "string"
},
"name": "string"
}
],
"delegations": [
{
"id": "string",
"properties": {
"serviceName": "string",
"actions": [
"string"
]
},
"name": "string"
}
]
},
"name": "string"
},
"primary": "boolean",
"publicIPAddress": {
"id": "string",
"location": "string",
"tags": {},
"sku": {
"name": "string"
},
"properties": {
"publicIPAllocationMethod": "string",
"publicIPAddressVersion": "string",
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"ipAddress": "string",
"publicIPPrefix": {
"id": "string"
},
"idleTimeoutInMinutes": "integer",
"resourceGuid": "string"
},
"zones": [
"string"
]
},
"applicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
]
},
"name": "string"
},
"destinationLoadBalancerFrontEndIPConfiguration": {
"id": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"subnet": {
"id": "string",
"properties": {
"addressPrefix": "string",
"addressPrefixes": [
"string"
],
"networkSecurityGroup": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"securityRules": [
{
"id": "string",
"properties": {
"description": "string",
"protocol": "string",
"sourcePortRange": "string",
"destinationPortRange": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [
"string"
],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [
"string"
],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"sourcePortRanges": [
"string"
],
"destinationPortRanges": [
"string"
],
"access": "string",
"priority": "integer",
"direction": "string"
},
"name": "string"
}
],
"defaultSecurityRules": [
{
"id": "string",
"properties": {
"description": "string",
"protocol": "string",
"sourcePortRange": "string",
"destinationPortRange": "string",
"sourceAddressPrefix": "string",
"sourceAddressPrefixes": [
"string"
],
"sourceApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"destinationAddressPrefix": "string",
"destinationAddressPrefixes": [
"string"
],
"destinationApplicationSecurityGroups": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {}
}
],
"sourcePortRanges": [
"string"
],
"destinationPortRanges": [
"string"
],
"access": "string",
"priority": "integer",
"direction": "string"
},
"name": "string"
}
],
"resourceGuid": "string"
}
},
"routeTable": {
"id": "string",
"location": "string",
"tags": {},
"properties": {
"routes": [
{
"id": "string",
"properties": {
"addressPrefix": "string",
"nextHopType": "string",
"nextHopIpAddress": "string"
},
"name": "string"
}
],
"disableBgpRoutePropagation": "boolean"
}
},
"serviceEndpoints": [
{
"service": "string",
"locations": [
"string"
]
}
],
"serviceEndpointPolicies": [
{
"id": "string",
"location": "string",
"tags": {},
"properties": {
"serviceEndpointPolicyDefinitions": [
{
"id": "string",
"properties": {
"description": "string",
"service": "string",
"serviceResources": [
"string"
]
},
"name": "string"
}
]
}
}
],
"resourceNavigationLinks": [
{
"id": "string",
"properties": {
"linkedResourceType": "string",
"link": "string"
},
"name": "string"
}
],
"serviceAssociationLinks": [
{
"id": "string",
"properties": {
"linkedResourceType": "string",
"link": "string"
},
"name": "string"
}
],
"delegations": [
{
"id": "string",
"properties": {
"serviceName": "string",
"actions": [
"string"
]
},
"name": "string"
}
]
},
"name": "string"
},
"publicIPAddress": {
"id": "string",
"location": "string",
"tags": {},
"sku": {
"name": "string"
},
"properties": {
"publicIPAllocationMethod": "string",
"publicIPAddressVersion": "string",
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"ipTags": [
{
"ipTagType": "string",
"tag": "string"
}
],
"ipAddress": "string",
"publicIPPrefix": {
"id": "string"
},
"idleTimeoutInMinutes": "integer",
"resourceGuid": "string"
},
"zones": [
"string"
]
},
"publicIPPrefix": {
"id": "string"
}
},
"name": "string",
"zones": [
"string"
]
},
"destinationPort": "integer"
}
}
Property values
The following tables describe the values you need to set in the schema.
Microsoft.Network/virtualNetworkTaps object
Name
Type
Required
Value
name
string
Yes
The name of the virtual network tap.
type
enum
Yes
Microsoft.Network/virtualNetworkTaps
apiVersion
enum
Yes
2018-10-01
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
Yes
Virtual Network Tap Properties. - VirtualNetworkTapPropertiesFormat object
Name
Type
Required
Value
destinationNetworkInterfaceIPConfiguration
object
No
The reference to the private IP Address of the collector nic that will receive the tap - NetworkInterfaceIPConfiguration object
destinationLoadBalancerFrontEndIPConfiguration
object
No
The reference to the private IP address on the internal Load Balancer that will receive the tap - FrontendIPConfiguration object
destinationPort
integer
No
The VXLAN destination port that will receive the tapped traffic.
NetworkInterfaceIPConfiguration object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Network interface IP configuration properties. - NetworkInterfaceIPConfigurationPropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
FrontendIPConfiguration object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the load balancer probe. - FrontendIPConfigurationPropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
zones
array
No
A list of availability zones denoting the IP allocated for the resource needs to come from. - string
Name
Type
Required
Value
virtualNetworkTaps
array
No
The reference to Virtual Network Taps. - VirtualNetworkTapModel object
applicationGatewayBackendAddressPools
array
No
The reference of ApplicationGatewayBackendAddressPool resource. - ApplicationGatewayBackendAddressPool object
loadBalancerBackendAddressPools
array
No
The reference of LoadBalancerBackendAddressPool resource. - BackendAddressPool object
loadBalancerInboundNatRules
array
No
A list of references of LoadBalancerInboundNatRules. - InboundNatRule object
privateIPAddress
string
No
Private IP address of the IP configuration.
privateIPAllocationMethod
enum
No
Defines how a private IP address is assigned. Possible values are: 'Static' and 'Dynamic'. - Static or Dynamic
privateIPAddressVersion
enum
No
Available from Api-Version 2016-03-30 onwards, it represents whether the specific ipconfiguration is IPv4 or IPv6. Default is taken as IPv4. Possible values are: 'IPv4' and 'IPv6'. - IPv4 or IPv6
subnet
object
No
Subnet bound to the IP configuration. - Subnet object
primary
boolean
No
Gets whether this is a primary customer address on the network interface.
publicIPAddress
object
No
Public IP address bound to the IP configuration. - PublicIPAddress object
applicationSecurityGroups
array
No
Application security groups in which the IP configuration is included. - ApplicationSecurityGroup object
Name
Type
Required
Value
privateIPAddress
string
No
The private IP address of the IP configuration.
privateIPAllocationMethod
enum
No
The Private IP allocation method. Possible values are: 'Static' and 'Dynamic'. - Static or Dynamic
subnet
object
No
The reference of the subnet resource. - Subnet object
publicIPAddress
object
No
The reference of the Public IP resource. - PublicIPAddress object
publicIPPrefix
object
No
The reference of the Public IP Prefix resource. - SubResource object
VirtualNetworkTapModel object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
No
Virtual Network Tap Properties. - VirtualNetworkTapPropertiesFormat object
ApplicationGatewayBackendAddressPool object
BackendAddressPool object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of load balancer backend address pool. - BackendAddressPoolPropertiesFormat object
name
string
No
Gets name of the resource that is unique within a resource group. This name can be used to access the resource.
InboundNatRule object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of load balancer inbound nat rule. - InboundNatRulePropertiesFormat object
name
string
No
Gets name of the resource that is unique within a resource group. This name can be used to access the resource.
Subnet object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the subnet. - SubnetPropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
PublicIPAddress object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
sku
object
No
The public IP address SKU. - PublicIPAddressSku object
properties
object
No
Public IP address properties. - PublicIPAddressPropertiesFormat object
zones
array
No
A list of availability zones denoting the IP allocated for the resource needs to come from. - string
ApplicationSecurityGroup object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
No
Properties of the application security group. - ApplicationSecurityGroupPropertiesFormat object
SubResource object
Name
Type
Required
Value
id
string
No
Resource ID.
Name
Type
Required
Value
frontendIPConfiguration
object
No
A reference to frontend IP addresses. - SubResource object
protocol
enum
No
Udp, Tcp, All
frontendPort
integer
No
The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values range from 1 to 65534.
backendPort
integer
No
The port used for the internal endpoint. Acceptable values range from 1 to 65535.
idleTimeoutInMinutes
integer
No
The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP.
enableFloatingIP
boolean
No
Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint.
enableTcpReset
boolean
No
Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP.
PublicIPAddressSku object
Name
Type
Required
Value
name
enum
No
Name of a public IP address SKU. - Basic or Standard
Name
Type
Required
Value
publicIPAllocationMethod
enum
No
The public IP allocation method. Possible values are: 'Static' and 'Dynamic'. - Static or Dynamic
publicIPAddressVersion
enum
No
The public IP address version. Possible values are: 'IPv4' and 'IPv6'. - IPv4 or IPv6
dnsSettings
object
No
The FQDN of the DNS record associated with the public IP address. - PublicIPAddressDnsSettings object
ipTags
array
No
The list of tags associated with the public IP address. - IpTag object
ipAddress
string
No
The IP address associated with the public IP address resource.
publicIPPrefix
object
No
The Public IP Prefix this Public IP Address should be allocated from. - SubResource object
idleTimeoutInMinutes
integer
No
The idle timeout of the public IP address.
resourceGuid
string
No
The resource GUID property of the public IP resource.
ApplicationGatewayBackendAddress object
Name
Type
Required
Value
fqdn
string
No
Fully qualified domain name (FQDN).
ipAddress
string
No
IP address
NetworkSecurityGroup object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
No
Properties of the network security group - NetworkSecurityGroupPropertiesFormat object
RouteTable object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
No
Properties of the route table. - RouteTablePropertiesFormat object
Name
Type
Required
Value
service
string
No
The type of the endpoint service.
locations
array
No
A list of locations. - string
ServiceEndpointPolicy object
Name
Type
Required
Value
id
string
No
Resource ID.
location
string
No
Resource location.
tags
object
No
Resource tags.
properties
object
No
Properties of the service end point policy - ServiceEndpointPolicyPropertiesFormat object
ResourceNavigationLink object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Resource navigation link properties format. - ResourceNavigationLinkFormat object
name
string
No
Name of the resource that is unique within a resource group. This name can be used to access the resource.
ServiceAssociationLink object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Resource navigation link properties format. - ServiceAssociationLinkPropertiesFormat object
name
string
No
Name of the resource that is unique within a resource group. This name can be used to access the resource.
Delegation object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the subnet. - ServiceDelegationPropertiesFormat object
name
string
No
The name of the resource that is unique within a subnet. This name can be used to access the resource.
PublicIPAddressDnsSettings object
Name
Type
Required
Value
domainNameLabel
string
No
Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system.
fqdn
string
No
Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone.
reverseFqdn
string
No
Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN.
IpTag object
Name
Type
Required
Value
ipTagType
string
No
Gets or sets the ipTag type: Example FirstPartyUsage.
tag
string
No
Gets or sets value of the IpTag associated with the public IP. Example SQL, Storage etc
Name
Type
Required
Value
securityRules
array
No
A collection of security rules of the network security group. - SecurityRule object
defaultSecurityRules
array
No
The default security rules of network security group. - SecurityRule object
resourceGuid
string
No
The resource GUID property of the network security group resource.
Name
Type
Required
Value
routes
array
No
Collection of routes contained within a route table. - Route object
disableBgpRoutePropagation
boolean
No
Gets or sets whether to disable the routes learned by BGP on that route table. True means disable.
Name
Type
Required
Value
serviceEndpointPolicyDefinitions
array
No
A collection of service endpoint policy definitions of the service endpoint policy. - ServiceEndpointPolicyDefinition object
Name
Type
Required
Value
linkedResourceType
string
No
Resource type of the linked resource.
link
string
No
Link to the external resource
Name
Type
Required
Value
linkedResourceType
string
No
Resource type of the linked resource.
link
string
No
Link to the external resource.
Name
Type
Required
Value
serviceName
string
No
The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers)
actions
array
No
Describes the actions permitted to the service upon delegation - string
SecurityRule object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the security rule - SecurityRulePropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
Route object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the route. - RoutePropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
ServiceEndpointPolicyDefinition object
Name
Type
Required
Value
id
string
No
Resource ID.
properties
object
No
Properties of the service endpoint policy definition - ServiceEndpointPolicyDefinitionPropertiesFormat object
name
string
No
The name of the resource that is unique within a resource group. This name can be used to access the resource.
Name
Type
Required
Value
description
string
No
A description for this rule. Restricted to 140 chars.
protocol
enum
Yes
Network protocol this rule applies to. Possible values are 'Tcp', 'Udp', and '*'. - Tcp, Udp, *
sourcePortRange
string
No
The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRange
string
No
The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourceAddressPrefix
string
No
The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes
array
No
The CIDR or source IP ranges. - string
sourceApplicationSecurityGroups
array
No
The application security group specified as source. - ApplicationSecurityGroup object
destinationAddressPrefix
string
No
The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes
array
No
The destination address prefixes. CIDR or destination IP ranges. - string
destinationApplicationSecurityGroups
array
No
The application security group specified as destination. - ApplicationSecurityGroup object
sourcePortRanges
array
No
The source port ranges. - string
destinationPortRanges
array
No
The destination port ranges. - string
access
enum
Yes
The network traffic is allowed or denied. Possible values are: 'Allow' and 'Deny'. - Allow or Deny
priority
integer
No
The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
direction
enum
Yes
The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. Possible values are: 'Inbound' and 'Outbound'. - Inbound or Outbound
Name
Type
Required
Value
addressPrefix
string
No
The destination CIDR to which the route applies.
nextHopType
enum
Yes
The type of Azure hop the packet should be sent to. Possible values are: 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance', and 'None'. - VirtualNetworkGateway, VnetLocal, Internet, VirtualAppliance, None
nextHopIpAddress
string
No
The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance.
Name
Type
Required
Value
description
string
No
A description for this rule. Restricted to 140 chars.
service
string
No
service endpoint name.
serviceResources
array
No
A list of service resources. - string
