Azure Firewalls - List All

Service:

Firewall

API Version:

2023-09-01

Gets all the Azure Firewalls in a subscription.

GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Network/azureFirewalls?api-version=2023-09-01

URI Parameters

Name	In	Required	Type	Description
subscriptionId	path	True	string	The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.
api-version	query	True	string	Client API version.

Responses

Name	Type	Description
200 OK	AzureFirewallListResult	Success. The operation returns a list of AzureFirewall resources.
Other Status Codes	CloudError	Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

List all Azure Firewalls for a given subscription

Sample Request

HTTP

GET https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/azureFirewalls?api-version=2023-09-01

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-network
# USAGE
    python azure_firewall_list_by_subscription.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = NetworkManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.azure_firewalls.list_all()
    for item in response:
        print(item)


# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/AzureFirewallListBySubscription.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armnetwork_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/d4205894880b989ede35d62d97c8e901ed14fb5a/specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/AzureFirewallListBySubscription.json
func ExampleAzureFirewallsClient_NewListAllPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armnetwork.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewAzureFirewallsClient().NewListAllPager(nil)
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.AzureFirewallListResult = armnetwork.AzureFirewallListResult{
		// 	Value: []*armnetwork.AzureFirewall{
		// 		{
		// 			Name: to.Ptr("azurefirewall"),
		// 			Type: to.Ptr("Microsoft.Network/azureFirewalls"),
		// 			ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall"),
		// 			Location: to.Ptr("West US"),
		// 			Tags: map[string]*string{
		// 				"key1": to.Ptr("value1"),
		// 			},
		// 			Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
		// 			Properties: &armnetwork.AzureFirewallPropertiesFormat{
		// 				AdditionalProperties: map[string]*string{
		// 					"key1": to.Ptr("value1"),
		// 					"key2": to.Ptr("value2"),
		// 				},
		// 				ApplicationRuleCollections: []*armnetwork.AzureFirewallApplicationRuleCollection{
		// 					{
		// 						Name: to.Ptr("apprulecoll"),
		// 						Properties: &armnetwork.AzureFirewallApplicationRuleCollectionPropertiesFormat{
		// 							Action: &armnetwork.AzureFirewallRCAction{
		// 								Type: to.Ptr(armnetwork.AzureFirewallRCActionTypeDeny),
		// 							},
		// 							Priority: to.Ptr[int32](110),
		// 							Rules: []*armnetwork.AzureFirewallApplicationRule{
		// 								{
		// 									Name: to.Ptr("rule1"),
		// 									Description: to.Ptr("Deny inbound rule"),
		// 									Protocols: []*armnetwork.AzureFirewallApplicationRuleProtocol{
		// 										{
		// 											Port: to.Ptr[int32](443),
		// 											ProtocolType: to.Ptr(armnetwork.AzureFirewallApplicationRuleProtocolTypeHTTPS),
		// 									}},
		// 									SourceAddresses: []*string{
		// 										to.Ptr("216.58.216.164"),
		// 										to.Ptr("10.0.0.0/24")},
		// 										TargetFqdns: []*string{
		// 											to.Ptr("www.test.com")},
		// 									}},
		// 								},
		// 						}},
		// 						IPConfigurations: []*armnetwork.AzureFirewallIPConfiguration{
		// 							{
		// 								ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration"),
		// 								Name: to.Ptr("azureFirewallIpConfiguration"),
		// 								Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
		// 								Properties: &armnetwork.AzureFirewallIPConfigurationPropertiesFormat{
		// 									PrivateIPAddress: to.Ptr("10.0.0.0"),
		// 									ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
		// 									PublicIPAddress: &armnetwork.SubResource{
		// 										ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
		// 									},
		// 									Subnet: &armnetwork.SubResource{
		// 										ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
		// 									},
		// 								},
		// 						}},
		// 						IPGroups: []*armnetwork.AzureFirewallIPGroups{
		// 						},
		// 						ManagementIPConfiguration: &armnetwork.AzureFirewallIPConfiguration{
		// 							ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallMgmtIpConfiguration"),
		// 							Name: to.Ptr("azureFirewallMgmtIpConfiguration"),
		// 							Etag: to.Ptr("w/\\00000000-0000-0000-0000-000000000000\\"),
		// 							Properties: &armnetwork.AzureFirewallIPConfigurationPropertiesFormat{
		// 								ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
		// 								PublicIPAddress: &armnetwork.SubResource{
		// 									ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
		// 								},
		// 								Subnet: &armnetwork.SubResource{
		// 									ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
		// 								},
		// 							},
		// 						},
		// 						NatRuleCollections: []*armnetwork.AzureFirewallNatRuleCollection{
		// 							{
		// 								Name: to.Ptr("natrulecoll"),
		// 								Properties: &armnetwork.AzureFirewallNatRuleCollectionProperties{
		// 									Action: &armnetwork.AzureFirewallNatRCAction{
		// 										Type: to.Ptr(armnetwork.AzureFirewallNatRCActionTypeDnat),
		// 									},
		// 									Priority: to.Ptr[int32](112),
		// 									Rules: []*armnetwork.AzureFirewallNatRule{
		// 										{
		// 											Name: to.Ptr("DNAT-HTTPS-traffic"),
		// 											Description: to.Ptr("D-NAT all outbound web traffic for inspection"),
		// 											DestinationAddresses: []*string{
		// 												to.Ptr("1.2.3.4")},
		// 												DestinationPorts: []*string{
		// 													to.Ptr("443")},
		// 													Protocols: []*armnetwork.AzureFirewallNetworkRuleProtocol{
		// 														to.Ptr(armnetwork.AzureFirewallNetworkRuleProtocolTCP)},
		// 														SourceAddresses: []*string{
		// 															to.Ptr("*")},
		// 															TranslatedAddress: to.Ptr("1.2.3.5"),
		// 															TranslatedPort: to.Ptr("8443"),
		// 														},
		// 														{
		// 															Name: to.Ptr("DNAT-HTTP-traffic-With-FQDN"),
		// 															Description: to.Ptr("D-NAT all inbound web traffic for inspection"),
		// 															DestinationAddresses: []*string{
		// 																to.Ptr("1.2.3.4")},
		// 																DestinationPorts: []*string{
		// 																	to.Ptr("80")},
		// 																	Protocols: []*armnetwork.AzureFirewallNetworkRuleProtocol{
		// 																		to.Ptr(armnetwork.AzureFirewallNetworkRuleProtocolTCP)},
		// 																		SourceAddresses: []*string{
		// 																			to.Ptr("*")},
		// 																			TranslatedFqdn: to.Ptr("internalhttpserver"),
		// 																			TranslatedPort: to.Ptr("880"),
		// 																	}},
		// 																},
		// 														}},
		// 														NetworkRuleCollections: []*armnetwork.AzureFirewallNetworkRuleCollection{
		// 															{
		// 																Name: to.Ptr("netrulecoll"),
		// 																Properties: &armnetwork.AzureFirewallNetworkRuleCollectionPropertiesFormat{
		// 																	Action: &armnetwork.AzureFirewallRCAction{
		// 																		Type: to.Ptr(armnetwork.AzureFirewallRCActionTypeDeny),
		// 																	},
		// 																	Priority: to.Ptr[int32](112),
		// 																	Rules: []*armnetwork.AzureFirewallNetworkRule{
		// 																		{
		// 																			Name: to.Ptr("L4-traffic"),
		// 																			Description: to.Ptr("Block traffic based on source IPs and ports"),
		// 																			DestinationAddresses: []*string{
		// 																				to.Ptr("*")},
		// 																				DestinationPorts: []*string{
		// 																					to.Ptr("443-444"),
		// 																					to.Ptr("8443")},
		// 																					Protocols: []*armnetwork.AzureFirewallNetworkRuleProtocol{
		// 																						to.Ptr(armnetwork.AzureFirewallNetworkRuleProtocolTCP)},
		// 																						SourceAddresses: []*string{
		// 																							to.Ptr("192.168.1.1-192.168.1.12"),
		// 																							to.Ptr("10.1.4.12-10.1.4.255")},
		// 																						},
		// 																						{
		// 																							Name: to.Ptr("L4-traffic-with-FQDN"),
		// 																							Description: to.Ptr("Block traffic based on source IPs and ports to amazon"),
		// 																							DestinationFqdns: []*string{
		// 																								to.Ptr("www.amazon.com")},
		// 																								DestinationPorts: []*string{
		// 																									to.Ptr("443-444"),
		// 																									to.Ptr("8443")},
		// 																									Protocols: []*armnetwork.AzureFirewallNetworkRuleProtocol{
		// 																										to.Ptr(armnetwork.AzureFirewallNetworkRuleProtocolTCP)},
		// 																										SourceAddresses: []*string{
		// 																											to.Ptr("10.2.4.12-10.2.4.255")},
		// 																									}},
		// 																								},
		// 																						}},
		// 																						ProvisioningState: to.Ptr(armnetwork.ProvisioningStateSucceeded),
		// 																						ThreatIntelMode: to.Ptr(armnetwork.AzureFirewallThreatIntelModeAlert),
		// 																					},
		// 																					Zones: []*string{
		// 																					},
		// 																			}},
		// 																		}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets all the Azure Firewalls in a subscription.
 *
 * @summary Gets all the Azure Firewalls in a subscription.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/AzureFirewallListBySubscription.json
 */
async function listAllAzureFirewallsForAGivenSubscription() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subid";
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.azureFirewalls.listAll()) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.Network;
using Azure.ResourceManager.Network.Models;
using Azure.ResourceManager.Resources;

// Generated from example definition: specification/network/resource-manager/Microsoft.Network/stable/2023-09-01/examples/AzureFirewallListBySubscription.json
// this example is just showing the usage of "AzureFirewalls_ListAll" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this SubscriptionResource created on azure
// for more information of creating SubscriptionResource, please refer to the document of SubscriptionResource
string subscriptionId = "subid";
ResourceIdentifier subscriptionResourceId = SubscriptionResource.CreateResourceIdentifier(subscriptionId);
SubscriptionResource subscriptionResource = client.GetSubscriptionResource(subscriptionResourceId);

// invoke the operation and iterate over the result
await foreach (AzureFirewallResource item in subscriptionResource.GetAzureFirewallsAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    AzureFirewallData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "name": "azurefirewall",
      "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
      "type": "Microsoft.Network/azureFirewalls",
      "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
      "location": "West US",
      "zones": [],
      "tags": {
        "key1": "value1"
      },
      "properties": {
        "provisioningState": "Succeeded",
        "threatIntelMode": "Alert",
        "ipConfigurations": [
          {
            "name": "azureFirewallIpConfiguration",
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
            "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
            "properties": {
              "provisioningState": "Succeeded",
              "privateIPAddress": "10.0.0.0",
              "subnet": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
              },
              "publicIPAddress": {
                "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
              }
            }
          }
        ],
        "managementIpConfiguration": {
          "name": "azureFirewallMgmtIpConfiguration",
          "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallMgmtIpConfiguration",
          "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
          "properties": {
            "provisioningState": "Succeeded",
            "subnet": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"
            },
            "publicIPAddress": {
              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"
            }
          }
        },
        "applicationRuleCollections": [
          {
            "name": "apprulecoll",
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
            "properties": {
              "priority": 110,
              "action": {
                "type": "Deny"
              },
              "rules": [
                {
                  "name": "rule1",
                  "description": "Deny inbound rule",
                  "protocols": [
                    {
                      "protocolType": "Https",
                      "port": 443
                    }
                  ],
                  "targetFqdns": [
                    "www.test.com"
                  ],
                  "sourceAddresses": [
                    "216.58.216.164",
                    "10.0.0.0/24"
                  ]
                }
              ]
            }
          }
        ],
        "natRuleCollections": [
          {
            "name": "natrulecoll",
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
            "properties": {
              "priority": 112,
              "action": {
                "type": "Dnat"
              },
              "rules": [
                {
                  "name": "DNAT-HTTPS-traffic",
                  "description": "D-NAT all outbound web traffic for inspection",
                  "sourceAddresses": [
                    "*"
                  ],
                  "destinationAddresses": [
                    "1.2.3.4"
                  ],
                  "destinationPorts": [
                    "443"
                  ],
                  "protocols": [
                    "TCP"
                  ],
                  "translatedAddress": "1.2.3.5",
                  "translatedPort": "8443"
                },
                {
                  "name": "DNAT-HTTP-traffic-With-FQDN",
                  "description": "D-NAT all inbound web traffic for inspection",
                  "sourceAddresses": [
                    "*"
                  ],
                  "destinationAddresses": [
                    "1.2.3.4"
                  ],
                  "destinationPorts": [
                    "80"
                  ],
                  "protocols": [
                    "TCP"
                  ],
                  "translatedFqdn": "internalhttpserver",
                  "translatedPort": "880"
                }
              ]
            }
          }
        ],
        "networkRuleCollections": [
          {
            "name": "netrulecoll",
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
            "properties": {
              "priority": 112,
              "action": {
                "type": "Deny"
              },
              "rules": [
                {
                  "name": "L4-traffic",
                  "description": "Block traffic based on source IPs and ports",
                  "sourceAddresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255"
                  ],
                  "destinationPorts": [
                    "443-444",
                    "8443"
                  ],
                  "destinationAddresses": [
                    "*"
                  ],
                  "protocols": [
                    "TCP"
                  ]
                },
                {
                  "name": "L4-traffic-with-FQDN",
                  "description": "Block traffic based on source IPs and ports to amazon",
                  "sourceAddresses": [
                    "10.2.4.12-10.2.4.255"
                  ],
                  "destinationPorts": [
                    "443-444",
                    "8443"
                  ],
                  "destinationFqdns": [
                    "www.amazon.com"
                  ],
                  "protocols": [
                    "TCP"
                  ]
                }
              ]
            }
          }
        ],
        "ipGroups": [],
        "additionalProperties": {
          "key1": "value1",
          "key2": "value2"
        }
      }
    }
  ]
}

Definitions

Name	Description
AzureFirewall	Azure Firewall resource.
AzureFirewallApplicationRule	Properties of an application rule.
AzureFirewallApplicationRuleCollection	Application rule collection resource.
AzureFirewallApplicationRuleProtocol	Properties of the application rule protocol.
AzureFirewallApplicationRuleProtocolType	The protocol type of a Application Rule resource.
AzureFirewallIPConfiguration	IP configuration of an Azure Firewall.
AzureFirewallIpGroups	IpGroups associated with azure firewall.
AzureFirewallListResult	Response for ListAzureFirewalls API service call.
AzureFirewallNatRCAction	AzureFirewall NAT Rule Collection Action.
AzureFirewallNatRCActionType	The action type of a NAT rule collection.
AzureFirewallNatRule	Properties of a NAT rule.
AzureFirewallNatRuleCollection	NAT rule collection resource.
AzureFirewallNetworkRule	Properties of the network rule.
AzureFirewallNetworkRuleCollection	Network rule collection resource.
AzureFirewallNetworkRuleProtocol	The protocol of a Network Rule resource.
AzureFirewallPublicIPAddress	Public IP Address associated with azure firewall.
AzureFirewallRCAction	Properties of the AzureFirewallRCAction.
AzureFirewallRCActionType	The action type of a rule collection.
AzureFirewallSku	SKU of an Azure Firewall.
AzureFirewallSkuName	Name of an Azure Firewall SKU.
AzureFirewallSkuTier	Tier of an Azure Firewall.
AzureFirewallThreatIntelMode	The operation mode for Threat Intel.
CloudError	An error response from the service.
CloudErrorBody	An error response from the service.
HubIPAddresses	IP addresses associated with azure firewall.
HubPublicIPAddresses	Public IP addresses associated with azure firewall.
ProvisioningState	The current provisioning state.
SubResource	Reference to another subresource.

AzureFirewall

Azure Firewall resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
location	string	Resource location.
name	string	Resource name.
properties.additionalProperties	object	The additional properties used to further config this azure firewall.
properties.applicationRuleCollections	AzureFirewallApplicationRuleCollection[]	Collection of application rule collections used by Azure Firewall.
properties.firewallPolicy	SubResource	The firewallPolicy associated with this azure firewall.
properties.hubIPAddresses	HubIPAddresses	IP addresses associated with AzureFirewall.
properties.ipConfigurations	AzureFirewallIPConfiguration[]	IP configuration of the Azure Firewall resource.
properties.ipGroups	AzureFirewallIpGroups[]	IpGroups associated with AzureFirewall.
properties.managementIpConfiguration	AzureFirewallIPConfiguration	IP configuration of the Azure Firewall used for management traffic.
properties.natRuleCollections	AzureFirewallNatRuleCollection[]	Collection of NAT rule collections used by Azure Firewall.
properties.networkRuleCollections	AzureFirewallNetworkRuleCollection[]	Collection of network rule collections used by Azure Firewall.
properties.provisioningState	ProvisioningState	The provisioning state of the Azure firewall resource.
properties.sku	AzureFirewallSku	The Azure Firewall Resource SKU.
properties.threatIntelMode	AzureFirewallThreatIntelMode	The operation mode for Threat Intelligence.
properties.virtualHub	SubResource	The virtualHub to which the firewall belongs.
tags	object	Resource tags.
type	string	Resource type.
zones	string[]	A list of availability zones denoting where the resource needs to come from.

AzureFirewallApplicationRule

Properties of an application rule.

Name	Type	Description
description	string	Description of the rule.
fqdnTags	string[]	List of FQDN Tags for this rule.
name	string	Name of the application rule.
protocols	AzureFirewallApplicationRuleProtocol[]	Array of ApplicationRuleProtocols.
sourceAddresses	string[]	List of source IP addresses for this rule.
sourceIpGroups	string[]	List of source IpGroups for this rule.
targetFqdns	string[]	List of FQDNs for this rule.

AzureFirewallApplicationRuleCollection

Application rule collection resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
properties.action	AzureFirewallRCAction	The action type of a rule collection.
properties.priority	integer	Priority of the application rule collection resource.
properties.provisioningState	ProvisioningState	The provisioning state of the application rule collection resource.
properties.rules	AzureFirewallApplicationRule[]	Collection of rules used by a application rule collection.

AzureFirewallApplicationRuleProtocol

Properties of the application rule protocol.

Name	Type	Description
port	integer	Port number for the protocol, cannot be greater than 64000. This field is optional.
protocolType	AzureFirewallApplicationRuleProtocolType	Protocol type.

AzureFirewallApplicationRuleProtocolType

The protocol type of a Application Rule resource.

Name	Type	Description
Http	string
Https	string
Mssql	string

AzureFirewallIPConfiguration

IP configuration of an Azure Firewall.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	Name of the resource that is unique within a resource group. This name can be used to access the resource.
properties.privateIPAddress	string	The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
properties.provisioningState	ProvisioningState	The provisioning state of the Azure firewall IP configuration resource.
properties.publicIPAddress	SubResource	Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
properties.subnet	SubResource	Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
type	string	Type of the resource.

AzureFirewallIpGroups

IpGroups associated with azure firewall.

Name	Type	Description
changeNumber	string	The iteration number.
id	string	Resource ID.

AzureFirewallListResult

Response for ListAzureFirewalls API service call.

Name	Type	Description
nextLink	string	URL to get the next set of results.
value	AzureFirewall[]	List of Azure Firewalls in a resource group.

AzureFirewallNatRCAction

AzureFirewall NAT Rule Collection Action.

Name	Type	Description
type	AzureFirewallNatRCActionType	The type of action.

AzureFirewallNatRCActionType

The action type of a NAT rule collection.

Name	Type	Description
Dnat	string
Snat	string

AzureFirewallNatRule

Properties of a NAT rule.

Name	Type	Description
description	string	Description of the rule.
destinationAddresses	string[]	List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
destinationPorts	string[]	List of destination ports.
name	string	Name of the NAT rule.
protocols	AzureFirewallNetworkRuleProtocol[]	Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
sourceAddresses	string[]	List of source IP addresses for this rule.
sourceIpGroups	string[]	List of source IpGroups for this rule.
translatedAddress	string	The translated address for this NAT rule.
translatedFqdn	string	The translated FQDN for this NAT rule.
translatedPort	string	The translated port for this NAT rule.

AzureFirewallNatRuleCollection

NAT rule collection resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
properties.action	AzureFirewallNatRCAction	The action type of a NAT rule collection.
properties.priority	integer	Priority of the NAT rule collection resource.
properties.provisioningState	ProvisioningState	The provisioning state of the NAT rule collection resource.
properties.rules	AzureFirewallNatRule[]	Collection of rules used by a NAT rule collection.

AzureFirewallNetworkRule

Properties of the network rule.

Name	Type	Description
description	string	Description of the rule.
destinationAddresses	string[]	List of destination IP addresses.
destinationFqdns	string[]	List of destination FQDNs.
destinationIpGroups	string[]	List of destination IpGroups for this rule.
destinationPorts	string[]	List of destination ports.
name	string	Name of the network rule.
protocols	AzureFirewallNetworkRuleProtocol[]	Array of AzureFirewallNetworkRuleProtocols.
sourceAddresses	string[]	List of source IP addresses for this rule.
sourceIpGroups	string[]	List of source IpGroups for this rule.

AzureFirewallNetworkRuleCollection

Network rule collection resource.

Name	Type	Description
etag	string	A unique read-only string that changes whenever the resource is updated.
id	string	Resource ID.
name	string	The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
properties.action	AzureFirewallRCAction	The action type of a rule collection.
properties.priority	integer	Priority of the network rule collection resource.
properties.provisioningState	ProvisioningState	The provisioning state of the network rule collection resource.
properties.rules	AzureFirewallNetworkRule[]	Collection of rules used by a network rule collection.

AzureFirewallNetworkRuleProtocol

The protocol of a Network Rule resource.

Name	Type	Description
Any	string
ICMP	string
TCP	string
UDP	string

AzureFirewallPublicIPAddress

Public IP Address associated with azure firewall.

Name	Type	Description
address	string	Public IP Address value.

AzureFirewallRCAction

Properties of the AzureFirewallRCAction.

Name	Type	Description
type	AzureFirewallRCActionType	The type of action.

AzureFirewallRCActionType

The action type of a rule collection.

Name	Type	Description
Allow	string
Deny	string

AzureFirewallSku

SKU of an Azure Firewall.

Name	Type	Description
name	AzureFirewallSkuName	Name of an Azure Firewall SKU.
tier	AzureFirewallSkuTier	Tier of an Azure Firewall.

AzureFirewallSkuName

Name of an Azure Firewall SKU.

Name	Type	Description
AZFW_Hub	string
AZFW_VNet	string

AzureFirewallSkuTier

Tier of an Azure Firewall.

Name	Type	Description
Basic	string
Premium	string
Standard	string

AzureFirewallThreatIntelMode

The operation mode for Threat Intel.

Name	Type	Description
Alert	string
Deny	string
Off	string

CloudError

An error response from the service.

Name	Type	Description
error	CloudErrorBody	Cloud error body.

CloudErrorBody

An error response from the service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

HubIPAddresses

IP addresses associated with azure firewall.

Name	Type	Description
privateIPAddress	string	Private IP Address associated with azure firewall.
publicIPs	HubPublicIPAddresses	Public IP addresses associated with azure firewall.

HubPublicIPAddresses

Public IP addresses associated with azure firewall.

Name	Type	Description
addresses	AzureFirewallPublicIPAddress[]	The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
count	integer	The number of Public IP addresses associated with azure firewall.

ProvisioningState

The current provisioning state.

Name	Type	Description
Deleting	string
Failed	string
Succeeded	string
Updating	string

SubResource

Reference to another subresource.

Name	Type	Description
id	string	Resource ID.