Microsoft.Network firewallPolicies 2020-06-01

Template format

To create a Microsoft.Network/firewallPolicies resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/firewallPolicies",
  "apiVersion": "2020-06-01",
  "location": "string",
  "tags": {},
  "properties": {
    "basePolicy": {
      "id": "string"
    },
    "threatIntelMode": "string",
    "threatIntelWhitelist": {
      "ipAddresses": [
        "string"
      ],
      "fqdns": [
        "string"
      ]
    },
    "dnsSettings": {
      "servers": [
        "string"
      ],
      "enableProxy": "boolean",
      "requireProxyForNetworkRules": "boolean"
    }
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/firewallPolicies object

Name Type Required Value
name string Yes The name of the Firewall Policy.
type enum Yes Microsoft.Network/firewallPolicies
apiVersion enum Yes 2020-06-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the firewall policy. - FirewallPolicyPropertiesFormat object
resources array No ruleCollectionGroups

FirewallPolicyPropertiesFormat object

Name Type Required Value
basePolicy object No The parent firewall policy from which rules are inherited. - SubResource object
threatIntelMode enum No The operation mode for Threat Intelligence. - Alert, Deny, Off
threatIntelWhitelist object No ThreatIntel Whitelist for Firewall Policy. - FirewallPolicyThreatIntelWhitelist object
dnsSettings object No DNS Proxy Settings definition. - DnsSettings object

SubResource object

Name Type Required Value
id string No Resource ID.

FirewallPolicyThreatIntelWhitelist object

Name Type Required Value
ipAddresses array No List of IP addresses for the ThreatIntel Whitelist. - string
fqdns array No List of FQDNs for the ThreatIntel Whitelist. - string

DnsSettings object

Name Type Required Value
servers array No List of Custom DNS Servers. - string
enableProxy boolean No Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules boolean No FQDNs in Network Rules are supported when set to true.

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Firewall with FirewallPolicy and IpGroups

Deploy to Azure
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create a sandbox setup with Firewall Policy

Deploy to Azure
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges
Secured virtual hubs

Deploy to Azure
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.