Set-AzFirewall

Saves a modified Firewall.

Syntax

Set-AzFirewall
   -AzureFirewall <PSAzureFirewall>
   [-AsJob]
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-AzFirewall cmdlet updates an Azure Firewall.

Examples

1: Update priority of a Firewall application rule collection

$azFw = Get-AzFirewall -Name "AzureFirewall" -ResourceGroupName "rg"
$ruleCollection = $azFw.GetApplicationRuleCollectionByName("ruleCollectionName")
$ruleCollection.Priority = 101
Set-AzFirewall -AzureFirewall $azFw

This example updates the priority of an existing rule collection of an Azure Firewall. Assuming Azure Firewall "AzureFirewall" in resource group "rg" contains an application rule collection named "ruleCollectionName", the commands above will change the priority of that rule collection and update the Azure Firewall afterwards. Without the Set-AzFirewall command, all operations performed on the local $azFw object are not reflected on the server.

2: Create a Azure Firewall and set an application rule collection later

$azFw = New-AzFirewall -Name "AzureFirewall" -ResourceGroupName "rg" -VirtualNetworkName "vnet-name" -PublicIpName "pip-name"

$rule = New-AzFirewallApplicationRule -Name R1 -Protocol "http:80","https:443" -TargetFqdn "*google.com", "*microsoft.com" -SourceAddress "10.0.0.0"
$RuleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
$azFw.ApplicationRuleCollections = $RuleCollection

$azFw | Set-AzFirewall

In this example, a Firewall is created first without any application rule collections. Afterwards a Application Rule and Application Rule Collection are created, then the Firewall object is modified in memory, without affecting the real configuration in cloud. For changes to be reflected in cloud, Set-AzFirewall must be called.

3: Update Threat Intel operation mode of Azure Firewall

$azFw = Get-AzFirewall -Name "AzureFirewall" -ResourceGroupName "rg"
$azFw.ThreatIntelMode = "Deny"
Set-AzFirewall -Firewall $azFw

This example updates the Threat Intel operation mode of Azure Firewall "AzureFirewall" in resource group "rg". Without the Set-AzFirewall command, all operations performed on the local $azFw object are not reflected on the server.

4: Deallocate and allocate the Firewall

$firewall=Get-AzFirewall -ResourceGroupName rgName -Name azFw
$firewall.Deallocate()
$firewall | Set-AzFirewall

$vnet = Get-AzVirtualNetwork -ResourceGroupName rgName -Name anotherVNetName
$pip = Get-AzPublicIpAddress - ResourceGroupName rgName -Name publicIpName
$firewall.Allocate($vnet, $pip)
$firewall | Set-AzFirewall

This example retrieves a Firewall, deallocates the firewall, and saves it. The Deallocate command removes the running service but preserves the firewall's configuration. For changes to be reflected in cloud, Set-AzFirewall must be called. If user wants to start the service again, the Allocate method should be called on the firewall. The new VNet and Public IP must be in the same resource group as the Firewall. Again, for changes to be reflected in cloud, Set-AzFirewall must be called.

5: Add a Public IP address to an Azure Firewall

$pip = New-AzPublicIpAddress -Name "azFwPublicIp1" -ResourceGroupName "rg" -Sku "Standard" -Location "centralus" -AllocationMethod Static
$azFw = Get-AzFirewall -Name "AzureFirewall" -ResourceGroupName "rg"
$azFw.AddPublicIpAddress($pip)

$azFw | Set-AzFirewall

In this example, the Public IP Address "azFwPublicIp1" as attached to the Firewall.

6: Remove a Public IP address from an Azure Firewall

$pip = Get-AzPublicIpAddress -Name "azFwPublicIp1" -ResourceGroupName "rg"
$azFw = Get-AzFirewall -Name "AzureFirewall" -ResourceGroupName "rg"
$azFw.RemovePublicIpAddress($pip)

$azFw | Set-AzFirewall

In this example, the Public IP Address "azFwPublicIp1" as detached from the Firewall.

Parameters

-AsJob

Run cmdlet in the background

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-AzureFirewall

The AzureFirewall

Type:Microsoft.Azure.Commands.Network.Models.PSAzureFirewall
Position:Named
Default value:None
Accept pipeline input:True (ByValue)
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Microsoft.Azure.Commands.Network.Models.PSAzureFirewall

Outputs

Microsoft.Azure.Commands.Network.Models.PSAzureFirewall