New-AzFirewallPolicyIntrusionDetection
建立新的 Azure 防火牆 原則入侵偵測,以與防火牆原則產生關聯
Syntax
New-AzFirewallPolicyIntrusionDetection
-Mode <String>
[-Profile <String>]
[-SignatureOverride <PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]>]
[-BypassTraffic <PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]>]
[-PrivateRange <String[]>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
New-AzFirewallPolicyIntrusionDetection Cmdlet 會建立 Azure 防火牆 原則入侵檢測物件。
範例
範例 1:使用模式建立入侵檢測
New-AzFirewallPolicyIntrusionDetection -Mode "Alert"
此範例會使用警示 (偵測) 模式建立入侵檢測
範例 2:使用簽章覆寫建立入侵檢測
$signatureOverride = New-AzFirewallPolicyIntrusionDetectionSignatureOverride -Id "123456798" -Mode "Deny"
New-AzFirewallPolicyIntrusionDetection -Mode "Alert" -SignatureOverride $signatureOverride
此範例會建立具有特定簽章覆寫的入侵偵測
範例 3:使用略過流量設定設定的入侵偵測建立防火牆原則
$bypass = New-AzFirewallPolicyIntrusionDetectionBypassTraffic -Name "bypass-setting" -Protocol "TCP" -DestinationPort "80" -SourceAddress "10.0.0.0" -DestinationAddress "10.0.0.0"
$intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny" -BypassTraffic $bypass
New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroupName TestRg -SkuTier "Premium" -IntrusionDetection $intrusionDetection
此範例會使用略過流量設定來建立入侵檢測
範例 4:使用私人範圍設定設定的入侵偵測建立防火牆原則
$intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny" -PrivateRange @("167.220.204.0/24", "167.221.205.101/32")
New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroupName TestRg -SkuTier "Premium" -IntrusionDetection $intrusionDetection
此範例會使用略過流量設定來建立入侵檢測
範例 5:建立具有入侵檢測配置檔設定的防火牆原則
$intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny" -Profile �Advanced�
New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroupName TestRg -SkuTier "Premium" -IntrusionDetection $intrusionDetection
此範例會建立具有警示和拒絕模式和進階簽章配置檔的入侵偵測。
參數
-BypassTraffic
要略過流量的規則清單。
Type: | PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
執行 Cmdlet 之前先提示您確認。
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
用於與 Azure 通訊的認證、帳戶、租用戶和訂用帳戶。
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Mode
入侵檢測一般狀態。
Type: | String |
Accepted values: | Off, Alert, Deny |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PrivateRange
IDPS 私人IP範圍清單。
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Profile
設定 IDPS 簽章設定檔。
Type: | String |
Accepted values: | Basic, Standard, Advanced |
Position: | Named |
Default value: | For newly created policy the default IDPS profile is �Standard� and for existing policy without IDPS profile setting, the default is �Advanced� |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SignatureOverride
特定簽章狀態的清單。
Type: | PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
顯示執行 Cmdlet 後會發生的情況。 未執行 Cmdlet。
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
輸入
None
輸出
意見反應
https://aka.ms/ContentUserFeedback。
即將登場:在 2024 年,我們將逐步淘汰 GitHub 問題作為內容的意見反應機制,並將它取代為新的意見反應系統。 如需詳細資訊,請參閱:提交並檢視相關的意見反應