New-AzFirewallApplicationRule

Creates a Firewall Application Rule.

Syntax

New-AzFirewallApplicationRule
   -Name <String>
   [-Description <String>]
   [-SourceAddress <String[]>]
   [-SourceIpGroup <String[]>]
   -TargetFqdn <String[]>
   -Protocol <String[]>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
New-AzFirewallApplicationRule
   -Name <String>
   [-Description <String>]
   [-SourceAddress <String[]>]
   [-SourceIpGroup <String[]>]
   -FqdnTag <String[]>
   [-DefaultProfile <IAzureContextContainer>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The New-AzFirewallApplicationRule cmdlet creates an application rule for Azure Firewall.

Examples

Example 1: Create a rule to allow all HTTPS traffic from 10.0.0.0

New-AzFirewallApplicationRule -Name "https-rule" -Protocol "https:443" -TargetFqdn "*" -SourceAddress "10.0.0.0"

This example creates a rule which will allow all HTTPS traffic on port 443 from 10.0.0.0.

Example 2: Create a rule to allow WindowsUpdate for 10.0.0.0/24 subnet

New-AzFirewallApplicationRule -Name "windows-update-rule" -FqdnTag WindowsUpdate -SourceAddress "10.0.0.0/24"

This example creates a rule which will allow traffic for Windows Updates for 10.0.0.0/24 domain.

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Specifies an optional description of this rule.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-FqdnTag

Specifies a list of FQDN Tags for this rule. The available tags can be retrieved using Get-AzFirewallFqdnTag cmdlet.

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of this application rule. The name must be unique inside a rule collection.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Protocol

Specifies the type of traffic to be filtered by this rule. The format is <protocol type>:<port>. For example, "http:80" or "https:443". Protocol is mandatory when TargetFqdn is used, but it cannot be used with FqdnTag. The supported protocols are HTTP and HTTPS.

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SourceAddress

The source addresses of the rule

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourceIpGroup

The source ipgroup of the rule

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-TargetFqdn

Specifies a list of domain names filtered by this rule. The asterisk character, '*', is accepted only as the first character of an FQDN in the list. When used, the asterisk matches any number of characters. (e.g. '*msn.com' will match msn.com and all its subdomains)

Type:String[]
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

PSAzureFirewallApplicationRule