Azure Firewalls - List All
Gets all the Azure Firewalls in a subscription.
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Network/azureFirewalls?api-version=2023-09-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client API version. |
Responses
Name | Type | Description |
---|---|---|
200 OK |
Success. The operation returns a list of AzureFirewall resources. |
|
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
List all Azure Firewalls for a given subscription
Sample Request
GET https://management.azure.com/subscriptions/subid/providers/Microsoft.Network/azureFirewalls?api-version=2023-09-01
Sample Response
{
"value": [
{
"name": "azurefirewall",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
"type": "Microsoft.Network/azureFirewalls",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"location": "West US",
"zones": [],
"tags": {
"key1": "value1"
},
"properties": {
"provisioningState": "Succeeded",
"threatIntelMode": "Alert",
"ipConfigurations": [
{
"name": "azureFirewallIpConfiguration",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.0",
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
},
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
}
}
}
],
"managementIpConfiguration": {
"name": "azureFirewallMgmtIpConfiguration",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallMgmtIpConfiguration",
"etag": "w/\\00000000-0000-0000-0000-000000000000\\",
"properties": {
"provisioningState": "Succeeded",
"subnet": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"
},
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"
}
}
},
"applicationRuleCollections": [
{
"name": "apprulecoll",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
"properties": {
"priority": 110,
"action": {
"type": "Deny"
},
"rules": [
{
"name": "rule1",
"description": "Deny inbound rule",
"protocols": [
{
"protocolType": "Https",
"port": 443
}
],
"targetFqdns": [
"www.test.com"
],
"sourceAddresses": [
"216.58.216.164",
"10.0.0.0/24"
]
}
]
}
}
],
"natRuleCollections": [
{
"name": "natrulecoll",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
"properties": {
"priority": 112,
"action": {
"type": "Dnat"
},
"rules": [
{
"name": "DNAT-HTTPS-traffic",
"description": "D-NAT all outbound web traffic for inspection",
"sourceAddresses": [
"*"
],
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"443"
],
"protocols": [
"TCP"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
},
{
"name": "DNAT-HTTP-traffic-With-FQDN",
"description": "D-NAT all inbound web traffic for inspection",
"sourceAddresses": [
"*"
],
"destinationAddresses": [
"1.2.3.4"
],
"destinationPorts": [
"80"
],
"protocols": [
"TCP"
],
"translatedFqdn": "internalhttpserver",
"translatedPort": "880"
}
]
}
}
],
"networkRuleCollections": [
{
"name": "netrulecoll",
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
"properties": {
"priority": 112,
"action": {
"type": "Deny"
},
"rules": [
{
"name": "L4-traffic",
"description": "Block traffic based on source IPs and ports",
"sourceAddresses": [
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
],
"destinationPorts": [
"443-444",
"8443"
],
"destinationAddresses": [
"*"
],
"protocols": [
"TCP"
]
},
{
"name": "L4-traffic-with-FQDN",
"description": "Block traffic based on source IPs and ports to amazon",
"sourceAddresses": [
"10.2.4.12-10.2.4.255"
],
"destinationPorts": [
"443-444",
"8443"
],
"destinationFqdns": [
"www.amazon.com"
],
"protocols": [
"TCP"
]
}
]
}
}
],
"ipGroups": [],
"additionalProperties": {
"key1": "value1",
"key2": "value2"
}
}
}
]
}
Definitions
Name | Description |
---|---|
Azure |
Azure Firewall resource. |
Azure |
Properties of an application rule. |
Azure |
Application rule collection resource. |
Azure |
Properties of the application rule protocol. |
Azure |
The protocol type of a Application Rule resource. |
Azure |
IP configuration of an Azure Firewall. |
Azure |
IpGroups associated with azure firewall. |
Azure |
Response for ListAzureFirewalls API service call. |
Azure |
AzureFirewall NAT Rule Collection Action. |
Azure |
The action type of a NAT rule collection. |
Azure |
Properties of a NAT rule. |
Azure |
NAT rule collection resource. |
Azure |
Properties of the network rule. |
Azure |
Network rule collection resource. |
Azure |
The protocol of a Network Rule resource. |
Azure |
Public IP Address associated with azure firewall. |
Azure |
Properties of the AzureFirewallRCAction. |
Azure |
The action type of a rule collection. |
Azure |
SKU of an Azure Firewall. |
Azure |
Name of an Azure Firewall SKU. |
Azure |
Tier of an Azure Firewall. |
Azure |
The operation mode for Threat Intel. |
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
Hub |
IP addresses associated with azure firewall. |
Hub |
Public IP addresses associated with azure firewall. |
Provisioning |
The current provisioning state. |
Sub |
Reference to another subresource. |
AzureFirewall
Azure Firewall resource.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
location |
string |
Resource location. |
name |
string |
Resource name. |
properties.additionalProperties |
object |
The additional properties used to further config this azure firewall. |
properties.applicationRuleCollections |
Collection of application rule collections used by Azure Firewall. |
|
properties.firewallPolicy |
The firewallPolicy associated with this azure firewall. |
|
properties.hubIPAddresses |
IP addresses associated with AzureFirewall. |
|
properties.ipConfigurations |
IP configuration of the Azure Firewall resource. |
|
properties.ipGroups |
IpGroups associated with AzureFirewall. |
|
properties.managementIpConfiguration |
IP configuration of the Azure Firewall used for management traffic. |
|
properties.natRuleCollections |
Collection of NAT rule collections used by Azure Firewall. |
|
properties.networkRuleCollections |
Collection of network rule collections used by Azure Firewall. |
|
properties.provisioningState |
The provisioning state of the Azure firewall resource. |
|
properties.sku |
The Azure Firewall Resource SKU. |
|
properties.threatIntelMode |
The operation mode for Threat Intelligence. |
|
properties.virtualHub |
The virtualHub to which the firewall belongs. |
|
tags |
object |
Resource tags. |
type |
string |
Resource type. |
zones |
string[] |
A list of availability zones denoting where the resource needs to come from. |
AzureFirewallApplicationRule
Properties of an application rule.
Name | Type | Description |
---|---|---|
description |
string |
Description of the rule. |
fqdnTags |
string[] |
List of FQDN Tags for this rule. |
name |
string |
Name of the application rule. |
protocols |
Array of ApplicationRuleProtocols. |
|
sourceAddresses |
string[] |
List of source IP addresses for this rule. |
sourceIpGroups |
string[] |
List of source IpGroups for this rule. |
targetFqdns |
string[] |
List of FQDNs for this rule. |
AzureFirewallApplicationRuleCollection
Application rule collection resource.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
name |
string |
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource. |
properties.action |
The action type of a rule collection. |
|
properties.priority |
integer |
Priority of the application rule collection resource. |
properties.provisioningState |
The provisioning state of the application rule collection resource. |
|
properties.rules |
Collection of rules used by a application rule collection. |
AzureFirewallApplicationRuleProtocol
Properties of the application rule protocol.
Name | Type | Description |
---|---|---|
port |
integer |
Port number for the protocol, cannot be greater than 64000. This field is optional. |
protocolType |
Protocol type. |
AzureFirewallApplicationRuleProtocolType
The protocol type of a Application Rule resource.
Name | Type | Description |
---|---|---|
Http |
string |
|
Https |
string |
|
Mssql |
string |
AzureFirewallIPConfiguration
IP configuration of an Azure Firewall.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
name |
string |
Name of the resource that is unique within a resource group. This name can be used to access the resource. |
properties.privateIPAddress |
string |
The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes. |
properties.provisioningState |
The provisioning state of the Azure firewall IP configuration resource. |
|
properties.publicIPAddress |
Reference to the PublicIP resource. This field is a mandatory input if subnet is not null. |
|
properties.subnet |
Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'. |
|
type |
string |
Type of the resource. |
AzureFirewallIpGroups
IpGroups associated with azure firewall.
Name | Type | Description |
---|---|---|
changeNumber |
string |
The iteration number. |
id |
string |
Resource ID. |
AzureFirewallListResult
Response for ListAzureFirewalls API service call.
Name | Type | Description |
---|---|---|
nextLink |
string |
URL to get the next set of results. |
value |
List of Azure Firewalls in a resource group. |
AzureFirewallNatRCAction
AzureFirewall NAT Rule Collection Action.
Name | Type | Description |
---|---|---|
type |
The type of action. |
AzureFirewallNatRCActionType
The action type of a NAT rule collection.
Name | Type | Description |
---|---|---|
Dnat |
string |
|
Snat |
string |
AzureFirewallNatRule
Properties of a NAT rule.
Name | Type | Description |
---|---|---|
description |
string |
Description of the rule. |
destinationAddresses |
string[] |
List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags. |
destinationPorts |
string[] |
List of destination ports. |
name |
string |
Name of the NAT rule. |
protocols |
Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule. |
|
sourceAddresses |
string[] |
List of source IP addresses for this rule. |
sourceIpGroups |
string[] |
List of source IpGroups for this rule. |
translatedAddress |
string |
The translated address for this NAT rule. |
translatedFqdn |
string |
The translated FQDN for this NAT rule. |
translatedPort |
string |
The translated port for this NAT rule. |
AzureFirewallNatRuleCollection
NAT rule collection resource.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
name |
string |
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource. |
properties.action |
The action type of a NAT rule collection. |
|
properties.priority |
integer |
Priority of the NAT rule collection resource. |
properties.provisioningState |
The provisioning state of the NAT rule collection resource. |
|
properties.rules |
Collection of rules used by a NAT rule collection. |
AzureFirewallNetworkRule
Properties of the network rule.
Name | Type | Description |
---|---|---|
description |
string |
Description of the rule. |
destinationAddresses |
string[] |
List of destination IP addresses. |
destinationFqdns |
string[] |
List of destination FQDNs. |
destinationIpGroups |
string[] |
List of destination IpGroups for this rule. |
destinationPorts |
string[] |
List of destination ports. |
name |
string |
Name of the network rule. |
protocols |
Array of AzureFirewallNetworkRuleProtocols. |
|
sourceAddresses |
string[] |
List of source IP addresses for this rule. |
sourceIpGroups |
string[] |
List of source IpGroups for this rule. |
AzureFirewallNetworkRuleCollection
Network rule collection resource.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
name |
string |
The name of the resource that is unique within the Azure firewall. This name can be used to access the resource. |
properties.action |
The action type of a rule collection. |
|
properties.priority |
integer |
Priority of the network rule collection resource. |
properties.provisioningState |
The provisioning state of the network rule collection resource. |
|
properties.rules |
Collection of rules used by a network rule collection. |
AzureFirewallNetworkRuleProtocol
The protocol of a Network Rule resource.
Name | Type | Description |
---|---|---|
Any |
string |
|
ICMP |
string |
|
TCP |
string |
|
UDP |
string |
AzureFirewallPublicIPAddress
Public IP Address associated with azure firewall.
Name | Type | Description |
---|---|---|
address |
string |
Public IP Address value. |
AzureFirewallRCAction
Properties of the AzureFirewallRCAction.
Name | Type | Description |
---|---|---|
type |
The type of action. |
AzureFirewallRCActionType
The action type of a rule collection.
Name | Type | Description |
---|---|---|
Allow |
string |
|
Deny |
string |
AzureFirewallSku
SKU of an Azure Firewall.
Name | Type | Description |
---|---|---|
name |
Name of an Azure Firewall SKU. |
|
tier |
Tier of an Azure Firewall. |
AzureFirewallSkuName
Name of an Azure Firewall SKU.
Name | Type | Description |
---|---|---|
AZFW_Hub |
string |
|
AZFW_VNet |
string |
AzureFirewallSkuTier
Tier of an Azure Firewall.
Name | Type | Description |
---|---|---|
Basic |
string |
|
Premium |
string |
|
Standard |
string |
AzureFirewallThreatIntelMode
The operation mode for Threat Intel.
Name | Type | Description |
---|---|---|
Alert |
string |
|
Deny |
string |
|
Off |
string |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
Cloud error body. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
details |
A list of additional details about the error. |
|
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
target |
string |
The target of the particular error. For example, the name of the property in error. |
HubIPAddresses
IP addresses associated with azure firewall.
Name | Type | Description |
---|---|---|
privateIPAddress |
string |
Private IP Address associated with azure firewall. |
publicIPs |
Public IP addresses associated with azure firewall. |
HubPublicIPAddresses
Public IP addresses associated with azure firewall.
Name | Type | Description |
---|---|---|
addresses |
The list of Public IP addresses associated with azure firewall or IP addresses to be retained. |
|
count |
integer |
The number of Public IP addresses associated with azure firewall. |
ProvisioningState
The current provisioning state.
Name | Type | Description |
---|---|---|
Deleting |
string |
|
Failed |
string |
|
Succeeded |
string |
|
Updating |
string |
SubResource
Reference to another subresource.
Name | Type | Description |
---|---|---|
id |
string |
Resource ID. |