Azure Native v2 v2.90.0, Mar 27 25

These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.

Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi

azure-native-v2.network.FirewallPolicyDraft

Explore with Pulumi AI

These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.

Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi

pulumi/pulumi-azure-native

create or update firewall policy draft

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;

return await Deployment.RunAsync(() => 
{
    var firewallPolicyDraft = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraft", new()
    {
        DnsSettings = new AzureNative.Network.Inputs.DnsSettingsArgs
        {
            EnableProxy = true,
            RequireProxyForNetworkRules = false,
            Servers = new[]
            {
                "30.3.4.5",
            },
        },
        ExplicitProxy = new AzureNative.Network.Inputs.ExplicitProxyArgs
        {
            EnableExplicitProxy = true,
            EnablePacFile = true,
            HttpPort = 8087,
            HttpsPort = 8087,
            PacFile = "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
            PacFilePort = 8087,
        },
        FirewallPolicyName = "firewallPolicy",
        Insights = new AzureNative.Network.Inputs.FirewallPolicyInsightsArgs
        {
            IsEnabled = true,
            LogAnalyticsResources = new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesArgs
            {
                DefaultWorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
                },
                Workspaces = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                    {
                        Region = "westus",
                        WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                        {
                            Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                        },
                    },
                    new AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceArgs
                    {
                        Region = "eastus",
                        WorkspaceId = new AzureNative.Network.Inputs.SubResourceArgs
                        {
                            Id = "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                        },
                    },
                },
            },
            RetentionDays = 100,
        },
        IntrusionDetection = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionArgs
        {
            Configuration = new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationArgs
            {
                BypassTrafficSettings = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs
                    {
                        Description = "Rule 1",
                        DestinationAddresses = new[]
                        {
                            "5.6.7.8",
                        },
                        DestinationPorts = new[]
                        {
                            "*",
                        },
                        Name = "bypassRule1",
                        Protocol = AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                        SourceAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                    },
                },
                SignatureOverrides = new[]
                {
                    new AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs
                    {
                        Id = "2525004",
                        Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Deny,
                    },
                },
            },
            Mode = AzureNative.Network.FirewallPolicyIntrusionDetectionStateType.Alert,
            Profile = "Balanced",
        },
        ResourceGroupName = "rg1",
        Snat = new AzureNative.Network.Inputs.FirewallPolicySNATArgs
        {
            PrivateRanges = new[]
            {
                "IANAPrivateRanges",
            },
        },
        Sql = new AzureNative.Network.Inputs.FirewallPolicySQLArgs
        {
            AllowSqlRedirect = true,
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        ThreatIntelWhitelist = new AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelistArgs
        {
            Fqdns = new[]
            {
                "*.microsoft.com",
            },
            IpAddresses = new[]
            {
                "20.3.4.5",
            },
        },
    });

});

package main

import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraft", &network.FirewallPolicyDraftArgs{
			DnsSettings: &network.DnsSettingsArgs{
				EnableProxy:                 pulumi.Bool(true),
				RequireProxyForNetworkRules: pulumi.Bool(false),
				Servers: pulumi.StringArray{
					pulumi.String("30.3.4.5"),
				},
			},
			ExplicitProxy: &network.ExplicitProxyArgs{
				EnableExplicitProxy: pulumi.Bool(true),
				EnablePacFile:       pulumi.Bool(true),
				HttpPort:            pulumi.Int(8087),
				HttpsPort:           pulumi.Int(8087),
				PacFile:             pulumi.String("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D"),
				PacFilePort:         pulumi.Int(8087),
			},
			FirewallPolicyName: pulumi.String("firewallPolicy"),
			Insights: &network.FirewallPolicyInsightsArgs{
				IsEnabled: pulumi.Bool(true),
				LogAnalyticsResources: &network.FirewallPolicyLogAnalyticsResourcesArgs{
					DefaultWorkspaceId: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"),
					},
					Workspaces: network.FirewallPolicyLogAnalyticsWorkspaceArray{
						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
							Region: pulumi.String("westus"),
							WorkspaceId: &network.SubResourceArgs{
								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"),
							},
						},
						&network.FirewallPolicyLogAnalyticsWorkspaceArgs{
							Region: pulumi.String("eastus"),
							WorkspaceId: &network.SubResourceArgs{
								Id: pulumi.String("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"),
							},
						},
					},
				},
				RetentionDays: pulumi.Int(100),
			},
			IntrusionDetection: &network.FirewallPolicyIntrusionDetectionArgs{
				Configuration: &network.FirewallPolicyIntrusionDetectionConfigurationArgs{
					BypassTrafficSettings: network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArray{
						&network.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs{
							Description: pulumi.String("Rule 1"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("5.6.7.8"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("*"),
							},
							Name:     pulumi.String("bypassRule1"),
							Protocol: pulumi.String(network.FirewallPolicyIntrusionDetectionProtocolTCP),
							SourceAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
						},
					},
					SignatureOverrides: network.FirewallPolicyIntrusionDetectionSignatureSpecificationArray{
						&network.FirewallPolicyIntrusionDetectionSignatureSpecificationArgs{
							Id:   pulumi.String("2525004"),
							Mode: pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeDeny),
						},
					},
				},
				Mode:    pulumi.String(network.FirewallPolicyIntrusionDetectionStateTypeAlert),
				Profile: pulumi.String("Balanced"),
			},
			ResourceGroupName: pulumi.String("rg1"),
			Snat: &network.FirewallPolicySNATArgs{
				PrivateRanges: pulumi.StringArray{
					pulumi.String("IANAPrivateRanges"),
				},
			},
			Sql: &network.FirewallPolicySQLArgs{
				AllowSqlRedirect: pulumi.Bool(true),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			ThreatIntelWhitelist: &network.FirewallPolicyThreatIntelWhitelistArgs{
				Fqdns: pulumi.StringArray{
					pulumi.String("*.microsoft.com"),
				},
				IpAddresses: pulumi.StringArray{
					pulumi.String("20.3.4.5"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.FirewallPolicyDraft;
import com.pulumi.azurenative.network.FirewallPolicyDraftArgs;
import com.pulumi.azurenative.network.inputs.DnsSettingsArgs;
import com.pulumi.azurenative.network.inputs.ExplicitProxyArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyInsightsArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyLogAnalyticsResourcesArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyIntrusionDetectionConfigurationArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySNATArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicySQLArgs;
import com.pulumi.azurenative.network.inputs.FirewallPolicyThreatIntelWhitelistArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var firewallPolicyDraft = new FirewallPolicyDraft("firewallPolicyDraft", FirewallPolicyDraftArgs.builder()
            .dnsSettings(DnsSettingsArgs.builder()
                .enableProxy(true)
                .requireProxyForNetworkRules(false)
                .servers("30.3.4.5")
                .build())
            .explicitProxy(ExplicitProxyArgs.builder()
                .enableExplicitProxy(true)
                .enablePacFile(true)
                .httpPort(8087)
                .httpsPort(8087)
                .pacFile("https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D")
                .pacFilePort(8087)
                .build())
            .firewallPolicyName("firewallPolicy")
            .insights(FirewallPolicyInsightsArgs.builder()
                .isEnabled(true)
                .logAnalyticsResources(FirewallPolicyLogAnalyticsResourcesArgs.builder()
                    .defaultWorkspaceId(SubResourceArgs.builder()
                        .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace")
                        .build())
                    .workspaces(                    
                        FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
                            .region("westus")
                            .workspaceId(SubResourceArgs.builder()
                                .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1")
                                .build())
                            .build(),
                        FirewallPolicyLogAnalyticsWorkspaceArgs.builder()
                            .region("eastus")
                            .workspaceId(SubResourceArgs.builder()
                                .id("/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2")
                                .build())
                            .build())
                    .build())
                .retentionDays(100)
                .build())
            .intrusionDetection(FirewallPolicyIntrusionDetectionArgs.builder()
                .configuration(FirewallPolicyIntrusionDetectionConfigurationArgs.builder()
                    .bypassTrafficSettings(FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs.builder()
                        .description("Rule 1")
                        .destinationAddresses("5.6.7.8")
                        .destinationPorts("*")
                        .name("bypassRule1")
                        .protocol("TCP")
                        .sourceAddresses("1.2.3.4")
                        .build())
                    .signatureOverrides(FirewallPolicyIntrusionDetectionSignatureSpecificationArgs.builder()
                        .id("2525004")
                        .mode("Deny")
                        .build())
                    .build())
                .mode("Alert")
                .profile("Balanced")
                .build())
            .resourceGroupName("rg1")
            .snat(FirewallPolicySNATArgs.builder()
                .privateRanges("IANAPrivateRanges")
                .build())
            .sql(FirewallPolicySQLArgs.builder()
                .allowSqlRedirect(true)
                .build())
            .threatIntelMode("Alert")
            .threatIntelWhitelist(FirewallPolicyThreatIntelWhitelistArgs.builder()
                .fqdns("*.microsoft.com")
                .ipAddresses("20.3.4.5")
                .build())
            .build());

    }
}

import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";

const firewallPolicyDraft = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraft", {
    dnsSettings: {
        enableProxy: true,
        requireProxyForNetworkRules: false,
        servers: ["30.3.4.5"],
    },
    explicitProxy: {
        enableExplicitProxy: true,
        enablePacFile: true,
        httpPort: 8087,
        httpsPort: 8087,
        pacFile: "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
        pacFilePort: 8087,
    },
    firewallPolicyName: "firewallPolicy",
    insights: {
        isEnabled: true,
        logAnalyticsResources: {
            defaultWorkspaceId: {
                id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
            },
            workspaces: [
                {
                    region: "westus",
                    workspaceId: {
                        id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                    },
                },
                {
                    region: "eastus",
                    workspaceId: {
                        id: "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                    },
                },
            ],
        },
        retentionDays: 100,
    },
    intrusionDetection: {
        configuration: {
            bypassTrafficSettings: [{
                description: "Rule 1",
                destinationAddresses: ["5.6.7.8"],
                destinationPorts: ["*"],
                name: "bypassRule1",
                protocol: azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                sourceAddresses: ["1.2.3.4"],
            }],
            signatureOverrides: [{
                id: "2525004",
                mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Deny,
            }],
        },
        mode: azure_native.network.FirewallPolicyIntrusionDetectionStateType.Alert,
        profile: "Balanced",
    },
    resourceGroupName: "rg1",
    snat: {
        privateRanges: ["IANAPrivateRanges"],
    },
    sql: {
        allowSqlRedirect: true,
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    threatIntelWhitelist: {
        fqdns: ["*.microsoft.com"],
        ipAddresses: ["20.3.4.5"],
    },
});

import pulumi
import pulumi_azure_native as azure_native

firewall_policy_draft = azure_native.network.FirewallPolicyDraft("firewallPolicyDraft",
    dns_settings={
        "enable_proxy": True,
        "require_proxy_for_network_rules": False,
        "servers": ["30.3.4.5"],
    },
    explicit_proxy={
        "enable_explicit_proxy": True,
        "enable_pac_file": True,
        "http_port": 8087,
        "https_port": 8087,
        "pac_file": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
        "pac_file_port": 8087,
    },
    firewall_policy_name="firewallPolicy",
    insights={
        "is_enabled": True,
        "log_analytics_resources": {
            "default_workspace_id": {
                "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace",
            },
            "workspaces": [
                {
                    "region": "westus",
                    "workspace_id": {
                        "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1",
                    },
                },
                {
                    "region": "eastus",
                    "workspace_id": {
                        "id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2",
                    },
                },
            ],
        },
        "retention_days": 100,
    },
    intrusion_detection={
        "configuration": {
            "bypass_traffic_settings": [{
                "description": "Rule 1",
                "destination_addresses": ["5.6.7.8"],
                "destination_ports": ["*"],
                "name": "bypassRule1",
                "protocol": azure_native.network.FirewallPolicyIntrusionDetectionProtocol.TCP,
                "source_addresses": ["1.2.3.4"],
            }],
            "signature_overrides": [{
                "id": "2525004",
                "mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.DENY,
            }],
        },
        "mode": azure_native.network.FirewallPolicyIntrusionDetectionStateType.ALERT,
        "profile": "Balanced",
    },
    resource_group_name="rg1",
    snat={
        "private_ranges": ["IANAPrivateRanges"],
    },
    sql={
        "allow_sql_redirect": True,
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    threat_intel_whitelist={
        "fqdns": ["*.microsoft.com"],
        "ip_addresses": ["20.3.4.5"],
    })

resources:
  firewallPolicyDraft:
    type: azure-native:network:FirewallPolicyDraft
    properties:
      dnsSettings:
        enableProxy: true
        requireProxyForNetworkRules: false
        servers:
          - 30.3.4.5
      explicitProxy:
        enableExplicitProxy: true
        enablePacFile: true
        httpPort: 8087
        httpsPort: 8087
        pacFile: https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D
        pacFilePort: 8087
      firewallPolicyName: firewallPolicy
      insights:
        isEnabled: true
        logAnalyticsResources:
          defaultWorkspaceId:
            id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace
          workspaces:
            - region: westus
              workspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1
            - region: eastus
              workspaceId:
                id: /subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2
        retentionDays: 100
      intrusionDetection:
        configuration:
          bypassTrafficSettings:
            - description: Rule 1
              destinationAddresses:
                - 5.6.7.8
              destinationPorts:
                - '*'
              name: bypassRule1
              protocol: TCP
              sourceAddresses:
                - 1.2.3.4
          signatureOverrides:
            - id: '2525004'
              mode: Deny
        mode: Alert
        profile: Balanced
      resourceGroupName: rg1
      snat:
        privateRanges:
          - IANAPrivateRanges
      sql:
        allowSqlRedirect: true
      threatIntelMode: Alert
      threatIntelWhitelist:
        fqdns:
          - '*.microsoft.com'
        ipAddresses:
          - 20.3.4.5

Create FirewallPolicyDraft Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

TypeScript
Python
Go
C#
Java
YAML

new FirewallPolicyDraft(name: string, args: FirewallPolicyDraftArgs, opts?: CustomResourceOptions);

@overload
def FirewallPolicyDraft(resource_name: str,
                        args: FirewallPolicyDraftArgs,
                        opts: Optional[ResourceOptions] = None)

@overload
def FirewallPolicyDraft(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        firewall_policy_name: Optional[str] = None,
                        resource_group_name: Optional[str] = None,
                        intrusion_detection: Optional[FirewallPolicyIntrusionDetectionArgs] = None,
                        explicit_proxy: Optional[ExplicitProxyArgs] = None,
                        id: Optional[str] = None,
                        insights: Optional[FirewallPolicyInsightsArgs] = None,
                        base_policy: Optional[SubResourceArgs] = None,
                        location: Optional[str] = None,
                        dns_settings: Optional[DnsSettingsArgs] = None,
                        snat: Optional[FirewallPolicySNATArgs] = None,
                        sql: Optional[FirewallPolicySQLArgs] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                        threat_intel_whitelist: Optional[FirewallPolicyThreatIntelWhitelistArgs] = None)

func NewFirewallPolicyDraft(ctx *Context, name string, args FirewallPolicyDraftArgs, opts ...ResourceOption) (*FirewallPolicyDraft, error)

public FirewallPolicyDraft(string name, FirewallPolicyDraftArgs args, CustomResourceOptions? opts = null)

public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args)
public FirewallPolicyDraft(String name, FirewallPolicyDraftArgs args, CustomResourceOptions options)

type: azure-native:network:FirewallPolicyDraft
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallPolicyDraftArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallPolicyDraftArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallPolicyDraftArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallPolicyDraftArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallPolicyDraftArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var firewallPolicyDraftResource = new AzureNative.Network.FirewallPolicyDraft("firewallPolicyDraftResource", new()
{
    FirewallPolicyName = "string",
    ResourceGroupName = "string",
    IntrusionDetection = 
    {
        { "configuration", 
        {
            { "bypassTrafficSettings", new[]
            {
                
                {
                    { "description", "string" },
                    { "destinationAddresses", new[]
                    {
                        "string",
                    } },
                    { "destinationIpGroups", new[]
                    {
                        "string",
                    } },
                    { "destinationPorts", new[]
                    {
                        "string",
                    } },
                    { "name", "string" },
                    { "protocol", "string" },
                    { "sourceAddresses", new[]
                    {
                        "string",
                    } },
                    { "sourceIpGroups", new[]
                    {
                        "string",
                    } },
                },
            } },
            { "privateRanges", new[]
            {
                "string",
            } },
            { "signatureOverrides", new[]
            {
                
                {
                    { "id", "string" },
                    { "mode", "string" },
                },
            } },
        } },
        { "mode", "string" },
        { "profile", "string" },
    },
    ExplicitProxy = 
    {
        { "enableExplicitProxy", false },
        { "enablePacFile", false },
        { "httpPort", 0 },
        { "httpsPort", 0 },
        { "pacFile", "string" },
        { "pacFilePort", 0 },
    },
    Id = "string",
    Insights = 
    {
        { "isEnabled", false },
        { "logAnalyticsResources", 
        {
            { "defaultWorkspaceId", 
            {
                { "id", "string" },
            } },
            { "workspaces", new[]
            {
                
                {
                    { "region", "string" },
                    { "workspaceId", 
                    {
                        { "id", "string" },
                    } },
                },
            } },
        } },
        { "retentionDays", 0 },
    },
    BasePolicy = 
    {
        { "id", "string" },
    },
    Location = "string",
    DnsSettings = 
    {
        { "enableProxy", false },
        { "requireProxyForNetworkRules", false },
        { "servers", new[]
        {
            "string",
        } },
    },
    Snat = 
    {
        { "autoLearnPrivateRanges", "string" },
        { "privateRanges", new[]
        {
            "string",
        } },
    },
    Sql = 
    {
        { "allowSqlRedirect", false },
    },
    Tags = 
    {
        { "string", "string" },
    },
    ThreatIntelMode = "string",
    ThreatIntelWhitelist = 
    {
        { "fqdns", new[]
        {
            "string",
        } },
        { "ipAddresses", new[]
        {
            "string",
        } },
    },
});

example, err := network.NewFirewallPolicyDraft(ctx, "firewallPolicyDraftResource", &network.FirewallPolicyDraftArgs{
	FirewallPolicyName: "string",
	ResourceGroupName:  "string",
	IntrusionDetection: map[string]interface{}{
		"configuration": map[string]interface{}{
			"bypassTrafficSettings": []map[string]interface{}{
				map[string]interface{}{
					"description": "string",
					"destinationAddresses": []string{
						"string",
					},
					"destinationIpGroups": []string{
						"string",
					},
					"destinationPorts": []string{
						"string",
					},
					"name":     "string",
					"protocol": "string",
					"sourceAddresses": []string{
						"string",
					},
					"sourceIpGroups": []string{
						"string",
					},
				},
			},
			"privateRanges": []string{
				"string",
			},
			"signatureOverrides": []map[string]interface{}{
				map[string]interface{}{
					"id":   "string",
					"mode": "string",
				},
			},
		},
		"mode":    "string",
		"profile": "string",
	},
	ExplicitProxy: map[string]interface{}{
		"enableExplicitProxy": false,
		"enablePacFile":       false,
		"httpPort":            0,
		"httpsPort":           0,
		"pacFile":             "string",
		"pacFilePort":         0,
	},
	Id: "string",
	Insights: map[string]interface{}{
		"isEnabled": false,
		"logAnalyticsResources": map[string]interface{}{
			"defaultWorkspaceId": map[string]interface{}{
				"id": "string",
			},
			"workspaces": []map[string]interface{}{
				map[string]interface{}{
					"region": "string",
					"workspaceId": map[string]interface{}{
						"id": "string",
					},
				},
			},
		},
		"retentionDays": 0,
	},
	BasePolicy: map[string]interface{}{
		"id": "string",
	},
	Location: "string",
	DnsSettings: map[string]interface{}{
		"enableProxy":                 false,
		"requireProxyForNetworkRules": false,
		"servers": []string{
			"string",
		},
	},
	Snat: map[string]interface{}{
		"autoLearnPrivateRanges": "string",
		"privateRanges": []string{
			"string",
		},
	},
	Sql: map[string]interface{}{
		"allowSqlRedirect": false,
	},
	Tags: map[string]interface{}{
		"string": "string",
	},
	ThreatIntelMode: "string",
	ThreatIntelWhitelist: map[string]interface{}{
		"fqdns": []string{
			"string",
		},
		"ipAddresses": []string{
			"string",
		},
	},
})

var firewallPolicyDraftResource = new FirewallPolicyDraft("firewallPolicyDraftResource", FirewallPolicyDraftArgs.builder()
    .firewallPolicyName("string")
    .resourceGroupName("string")
    .intrusionDetection(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .explicitProxy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .id("string")
    .insights(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .basePolicy(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .location("string")
    .dnsSettings(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .snat(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .sql(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .tags(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .threatIntelMode("string")
    .threatIntelWhitelist(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
    .build());

firewall_policy_draft_resource = azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource",
    firewall_policy_name=string,
    resource_group_name=string,
    intrusion_detection={
        configuration: {
            bypassTrafficSettings: [{
                description: string,
                destinationAddresses: [string],
                destinationIpGroups: [string],
                destinationPorts: [string],
                name: string,
                protocol: string,
                sourceAddresses: [string],
                sourceIpGroups: [string],
            }],
            privateRanges: [string],
            signatureOverrides: [{
                id: string,
                mode: string,
            }],
        },
        mode: string,
        profile: string,
    },
    explicit_proxy={
        enableExplicitProxy: False,
        enablePacFile: False,
        httpPort: 0,
        httpsPort: 0,
        pacFile: string,
        pacFilePort: 0,
    },
    id=string,
    insights={
        isEnabled: False,
        logAnalyticsResources: {
            defaultWorkspaceId: {
                id: string,
            },
            workspaces: [{
                region: string,
                workspaceId: {
                    id: string,
                },
            }],
        },
        retentionDays: 0,
    },
    base_policy={
        id: string,
    },
    location=string,
    dns_settings={
        enableProxy: False,
        requireProxyForNetworkRules: False,
        servers: [string],
    },
    snat={
        autoLearnPrivateRanges: string,
        privateRanges: [string],
    },
    sql={
        allowSqlRedirect: False,
    },
    tags={
        string: string,
    },
    threat_intel_mode=string,
    threat_intel_whitelist={
        fqdns: [string],
        ipAddresses: [string],
    })

const firewallPolicyDraftResource = new azure_native.network.FirewallPolicyDraft("firewallPolicyDraftResource", {
    firewallPolicyName: "string",
    resourceGroupName: "string",
    intrusionDetection: {
        configuration: {
            bypassTrafficSettings: [{
                description: "string",
                destinationAddresses: ["string"],
                destinationIpGroups: ["string"],
                destinationPorts: ["string"],
                name: "string",
                protocol: "string",
                sourceAddresses: ["string"],
                sourceIpGroups: ["string"],
            }],
            privateRanges: ["string"],
            signatureOverrides: [{
                id: "string",
                mode: "string",
            }],
        },
        mode: "string",
        profile: "string",
    },
    explicitProxy: {
        enableExplicitProxy: false,
        enablePacFile: false,
        httpPort: 0,
        httpsPort: 0,
        pacFile: "string",
        pacFilePort: 0,
    },
    id: "string",
    insights: {
        isEnabled: false,
        logAnalyticsResources: {
            defaultWorkspaceId: {
                id: "string",
            },
            workspaces: [{
                region: "string",
                workspaceId: {
                    id: "string",
                },
            }],
        },
        retentionDays: 0,
    },
    basePolicy: {
        id: "string",
    },
    location: "string",
    dnsSettings: {
        enableProxy: false,
        requireProxyForNetworkRules: false,
        servers: ["string"],
    },
    snat: {
        autoLearnPrivateRanges: "string",
        privateRanges: ["string"],
    },
    sql: {
        allowSqlRedirect: false,
    },
    tags: {
        string: "string",
    },
    threatIntelMode: "string",
    threatIntelWhitelist: {
        fqdns: ["string"],
        ipAddresses: ["string"],
    },
});

type: azure-native:network:FirewallPolicyDraft
properties:
    basePolicy:
        id: string
    dnsSettings:
        enableProxy: false
        requireProxyForNetworkRules: false
        servers:
            - string
    explicitProxy:
        enableExplicitProxy: false
        enablePacFile: false
        httpPort: 0
        httpsPort: 0
        pacFile: string
        pacFilePort: 0
    firewallPolicyName: string
    id: string
    insights:
        isEnabled: false
        logAnalyticsResources:
            defaultWorkspaceId:
                id: string
            workspaces:
                - region: string
                  workspaceId:
                    id: string
        retentionDays: 0
    intrusionDetection:
        configuration:
            bypassTrafficSettings:
                - description: string
                  destinationAddresses:
                    - string
                  destinationIpGroups:
                    - string
                  destinationPorts:
                    - string
                  name: string
                  protocol: string
                  sourceAddresses:
                    - string
                  sourceIpGroups:
                    - string
            privateRanges:
                - string
            signatureOverrides:
                - id: string
                  mode: string
        mode: string
        profile: string
    location: string
    resourceGroupName: string
    snat:
        autoLearnPrivateRanges: string
        privateRanges:
            - string
    sql:
        allowSqlRedirect: false
    tags:
        string: string
    threatIntelMode: string
    threatIntelWhitelist:
        fqdns:
            - string
        ipAddresses:
            - string

FirewallPolicyDraft Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallPolicyDraft resource accepts the following input properties:

FirewallPolicyName string: The name of the Firewall Policy.
ResourceGroupName string: The name of the resource group.
BasePolicy Pulumi.AzureNative.Network.Inputs.SubResource: The parent firewall policy from which rules are inherited.
DnsSettings Pulumi.AzureNative.Network.Inputs.DnsSettings: DNS Proxy Settings definition.
ExplicitProxy Pulumi.AzureNative.Network.Inputs.ExplicitProxy: Explicit Proxy Settings definition.
Id string: Resource ID.
Insights Pulumi.AzureNative.Network.Inputs.FirewallPolicyInsights: Insights on Firewall Policy.
IntrusionDetection Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetection: The configuration for Intrusion detection.
Location string: Resource location.
Snat Pulumi.AzureNative.Network.Inputs.FirewallPolicySNAT: The private IP addresses/IP ranges to which traffic will not be SNAT.
Sql Pulumi.AzureNative.Network.Inputs.FirewallPolicySQL: SQL Settings definition.
Tags Dictionary<string, string>: Resource tags.
ThreatIntelMode string | Pulumi.AzureNative.Network.AzureFirewallThreatIntelMode: The operation mode for Threat Intelligence.
ThreatIntelWhitelist Pulumi.AzureNative.Network.Inputs.FirewallPolicyThreatIntelWhitelist: ThreatIntel Whitelist for Firewall Policy.

FirewallPolicyName string: The name of the Firewall Policy.
ResourceGroupName string: The name of the resource group.
BasePolicy SubResourceArgs: The parent firewall policy from which rules are inherited.
DnsSettings DnsSettingsArgs: DNS Proxy Settings definition.
ExplicitProxy ExplicitProxyArgs: Explicit Proxy Settings definition.
Id string: Resource ID.
Insights FirewallPolicyInsightsArgs: Insights on Firewall Policy.
IntrusionDetection FirewallPolicyIntrusionDetectionArgs: The configuration for Intrusion detection.
Location string: Resource location.
Snat FirewallPolicySNATArgs: The private IP addresses/IP ranges to which traffic will not be SNAT.
Sql FirewallPolicySQLArgs: SQL Settings definition.
Tags map[string]string: Resource tags.
ThreatIntelMode string | AzureFirewallThreatIntelMode: The operation mode for Threat Intelligence.
ThreatIntelWhitelist FirewallPolicyThreatIntelWhitelistArgs: ThreatIntel Whitelist for Firewall Policy.

firewallPolicyName String: The name of the Firewall Policy.
resourceGroupName String: The name of the resource group.
basePolicy SubResource: The parent firewall policy from which rules are inherited.
dnsSettings DnsSettings: DNS Proxy Settings definition.
explicitProxy ExplicitProxy: Explicit Proxy Settings definition.
id String: Resource ID.
insights FirewallPolicyInsights: Insights on Firewall Policy.
intrusionDetection FirewallPolicyIntrusionDetection: The configuration for Intrusion detection.
location String: Resource location.
snat FirewallPolicySNAT: The private IP addresses/IP ranges to which traffic will not be SNAT.
sql FirewallPolicySQL: SQL Settings definition.
tags Map<String,String>: Resource tags.
threatIntelMode String | AzureFirewallThreatIntelMode: The operation mode for Threat Intelligence.
threatIntelWhitelist FirewallPolicyThreatIntelWhitelist: ThreatIntel Whitelist for Firewall Policy.

firewallPolicyName string: The name of the Firewall Policy.
resourceGroupName string: The name of the resource group.
basePolicy SubResource: The parent firewall policy from which rules are inherited.
dnsSettings DnsSettings: DNS Proxy Settings definition.
explicitProxy ExplicitProxy: Explicit Proxy Settings definition.
id string: Resource ID.
insights FirewallPolicyInsights: Insights on Firewall Policy.
intrusionDetection FirewallPolicyIntrusionDetection: The configuration for Intrusion detection.
location string: Resource location.
snat FirewallPolicySNAT: The private IP addresses/IP ranges to which traffic will not be SNAT.
sql FirewallPolicySQL: SQL Settings definition.
tags {[key: string]: string}: Resource tags.
threatIntelMode string | AzureFirewallThreatIntelMode: The operation mode for Threat Intelligence.
threatIntelWhitelist FirewallPolicyThreatIntelWhitelist: ThreatIntel Whitelist for Firewall Policy.

firewall_policy_name str: The name of the Firewall Policy.
resource_group_name str: The name of the resource group.
base_policy SubResourceArgs: The parent firewall policy from which rules are inherited.
dns_settings DnsSettingsArgs: DNS Proxy Settings definition.
explicit_proxy ExplicitProxyArgs: Explicit Proxy Settings definition.
id str: Resource ID.
insights FirewallPolicyInsightsArgs: Insights on Firewall Policy.
intrusion_detection FirewallPolicyIntrusionDetectionArgs: The configuration for Intrusion detection.
location str: Resource location.
snat FirewallPolicySNATArgs: The private IP addresses/IP ranges to which traffic will not be SNAT.
sql FirewallPolicySQLArgs: SQL Settings definition.
tags Mapping[str, str]: Resource tags.
threat_intel_mode str | AzureFirewallThreatIntelMode: The operation mode for Threat Intelligence.
threat_intel_whitelist FirewallPolicyThreatIntelWhitelistArgs: ThreatIntel Whitelist for Firewall Policy.

firewallPolicyName String: The name of the Firewall Policy.
resourceGroupName String: The name of the resource group.
basePolicy Property Map: The parent firewall policy from which rules are inherited.
dnsSettings Property Map: DNS Proxy Settings definition.
explicitProxy Property Map: Explicit Proxy Settings definition.
id String: Resource ID.
insights Property Map: Insights on Firewall Policy.
intrusionDetection Property Map: The configuration for Intrusion detection.
location String: Resource location.
snat Property Map: The private IP addresses/IP ranges to which traffic will not be SNAT.
sql Property Map: SQL Settings definition.
tags Map<String>: Resource tags.
threatIntelMode String | "Alert" | "Deny" | "Off": The operation mode for Threat Intelligence.
threatIntelWhitelist Property Map: ThreatIntel Whitelist for Firewall Policy.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallPolicyDraft resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name.
Type string: Resource type.

Id string: The provider-assigned unique ID for this managed resource.
Name string: Resource name.
Type string: Resource type.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name.
type String: Resource type.

id string: The provider-assigned unique ID for this managed resource.
name string: Resource name.
type string: Resource type.

id str: The provider-assigned unique ID for this managed resource.
name str: Resource name.
type str: Resource type.

id String: The provider-assigned unique ID for this managed resource.
name String: Resource name.
type String: Resource type.

Supporting Types

AutoLearnPrivateRangesMode
, AutoLearnPrivateRangesModeArgs

Enabled: Enabled
Disabled: Disabled

AutoLearnPrivateRangesModeEnabled: Enabled
AutoLearnPrivateRangesModeDisabled: Disabled

Enabled: Enabled
Disabled: Disabled

Enabled: Enabled
Disabled: Disabled

ENABLED: Enabled
DISABLED: Disabled

"Enabled": Enabled
"Disabled": Disabled

AzureFirewallThreatIntelMode
, AzureFirewallThreatIntelModeArgs

Alert: Alert
Deny: Deny
Off: Off

AzureFirewallThreatIntelModeAlert: Alert
AzureFirewallThreatIntelModeDeny: Deny
AzureFirewallThreatIntelModeOff: Off

Alert: Alert
Deny: Deny
Off: Off

Alert: Alert
Deny: Deny
Off: Off

ALERT: Alert
DENY: Deny
OFF: Off

"Alert": Alert
"Deny": Deny
"Off": Off

DnsSettings
, DnsSettingsArgs

EnableProxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
RequireProxyForNetworkRules bool: FQDNs in Network Rules are supported when set to true.
Servers List<string>: List of Custom DNS Servers.

EnableProxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
RequireProxyForNetworkRules bool: FQDNs in Network Rules are supported when set to true.
Servers []string: List of Custom DNS Servers.

enableProxy Boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules Boolean: FQDNs in Network Rules are supported when set to true.
servers List<String>: List of Custom DNS Servers.

enableProxy boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules boolean: FQDNs in Network Rules are supported when set to true.
servers string[]: List of Custom DNS Servers.

enable_proxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
require_proxy_for_network_rules bool: FQDNs in Network Rules are supported when set to true.
servers Sequence[str]: List of Custom DNS Servers.

enableProxy Boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules Boolean: FQDNs in Network Rules are supported when set to true.
servers List<String>: List of Custom DNS Servers.

DnsSettingsResponse
, DnsSettingsResponseArgs

EnableProxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
RequireProxyForNetworkRules bool: FQDNs in Network Rules are supported when set to true.
Servers List<string>: List of Custom DNS Servers.

EnableProxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
RequireProxyForNetworkRules bool: FQDNs in Network Rules are supported when set to true.
Servers []string: List of Custom DNS Servers.

enableProxy Boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules Boolean: FQDNs in Network Rules are supported when set to true.
servers List<String>: List of Custom DNS Servers.

enableProxy boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules boolean: FQDNs in Network Rules are supported when set to true.
servers string[]: List of Custom DNS Servers.

enable_proxy bool: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
require_proxy_for_network_rules bool: FQDNs in Network Rules are supported when set to true.
servers Sequence[str]: List of Custom DNS Servers.

enableProxy Boolean: Enable DNS Proxy on Firewalls attached to the Firewall Policy.
requireProxyForNetworkRules Boolean: FQDNs in Network Rules are supported when set to true.
servers List<String>: List of Custom DNS Servers.

ExplicitProxy
, ExplicitProxyArgs

EnableExplicitProxy bool: When set to true, explicit proxy mode is enabled.
EnablePacFile bool: When set to true, pac file port and url needs to be provided.
HttpPort int: Port number for explicit proxy http protocol, cannot be greater than 64000.
HttpsPort int: Port number for explicit proxy https protocol, cannot be greater than 64000.
PacFile string: SAS URL for PAC file.
PacFilePort int: Port number for firewall to serve PAC file.

EnableExplicitProxy bool: When set to true, explicit proxy mode is enabled.
EnablePacFile bool: When set to true, pac file port and url needs to be provided.
HttpPort int: Port number for explicit proxy http protocol, cannot be greater than 64000.
HttpsPort int: Port number for explicit proxy https protocol, cannot be greater than 64000.
PacFile string: SAS URL for PAC file.
PacFilePort int: Port number for firewall to serve PAC file.

enableExplicitProxy Boolean: When set to true, explicit proxy mode is enabled.
enablePacFile Boolean: When set to true, pac file port and url needs to be provided.
httpPort Integer: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort Integer: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile String: SAS URL for PAC file.
pacFilePort Integer: Port number for firewall to serve PAC file.

enableExplicitProxy boolean: When set to true, explicit proxy mode is enabled.
enablePacFile boolean: When set to true, pac file port and url needs to be provided.
httpPort number: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort number: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile string: SAS URL for PAC file.
pacFilePort number: Port number for firewall to serve PAC file.

enable_explicit_proxy bool: When set to true, explicit proxy mode is enabled.
enable_pac_file bool: When set to true, pac file port and url needs to be provided.
http_port int: Port number for explicit proxy http protocol, cannot be greater than 64000.
https_port int: Port number for explicit proxy https protocol, cannot be greater than 64000.
pac_file str: SAS URL for PAC file.
pac_file_port int: Port number for firewall to serve PAC file.

enableExplicitProxy Boolean: When set to true, explicit proxy mode is enabled.
enablePacFile Boolean: When set to true, pac file port and url needs to be provided.
httpPort Number: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort Number: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile String: SAS URL for PAC file.
pacFilePort Number: Port number for firewall to serve PAC file.

ExplicitProxyResponse
, ExplicitProxyResponseArgs

EnableExplicitProxy bool: When set to true, explicit proxy mode is enabled.
EnablePacFile bool: When set to true, pac file port and url needs to be provided.
HttpPort int: Port number for explicit proxy http protocol, cannot be greater than 64000.
HttpsPort int: Port number for explicit proxy https protocol, cannot be greater than 64000.
PacFile string: SAS URL for PAC file.
PacFilePort int: Port number for firewall to serve PAC file.

EnableExplicitProxy bool: When set to true, explicit proxy mode is enabled.
EnablePacFile bool: When set to true, pac file port and url needs to be provided.
HttpPort int: Port number for explicit proxy http protocol, cannot be greater than 64000.
HttpsPort int: Port number for explicit proxy https protocol, cannot be greater than 64000.
PacFile string: SAS URL for PAC file.
PacFilePort int: Port number for firewall to serve PAC file.

enableExplicitProxy Boolean: When set to true, explicit proxy mode is enabled.
enablePacFile Boolean: When set to true, pac file port and url needs to be provided.
httpPort Integer: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort Integer: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile String: SAS URL for PAC file.
pacFilePort Integer: Port number for firewall to serve PAC file.

enableExplicitProxy boolean: When set to true, explicit proxy mode is enabled.
enablePacFile boolean: When set to true, pac file port and url needs to be provided.
httpPort number: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort number: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile string: SAS URL for PAC file.
pacFilePort number: Port number for firewall to serve PAC file.

enable_explicit_proxy bool: When set to true, explicit proxy mode is enabled.
enable_pac_file bool: When set to true, pac file port and url needs to be provided.
http_port int: Port number for explicit proxy http protocol, cannot be greater than 64000.
https_port int: Port number for explicit proxy https protocol, cannot be greater than 64000.
pac_file str: SAS URL for PAC file.
pac_file_port int: Port number for firewall to serve PAC file.

enableExplicitProxy Boolean: When set to true, explicit proxy mode is enabled.
enablePacFile Boolean: When set to true, pac file port and url needs to be provided.
httpPort Number: Port number for explicit proxy http protocol, cannot be greater than 64000.
httpsPort Number: Port number for explicit proxy https protocol, cannot be greater than 64000.
pacFile String: SAS URL for PAC file.
pacFilePort Number: Port number for firewall to serve PAC file.

FirewallPolicyInsights
, FirewallPolicyInsightsArgs

IsEnabled bool: A flag to indicate if the insights are enabled on the policy.
LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResources: Workspaces needed to configure the Firewall Policy Insights.
RetentionDays int: Number of days the insights should be enabled on the policy.

IsEnabled bool: A flag to indicate if the insights are enabled on the policy.
LogAnalyticsResources FirewallPolicyLogAnalyticsResources: Workspaces needed to configure the Firewall Policy Insights.
RetentionDays int: Number of days the insights should be enabled on the policy.

isEnabled Boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources FirewallPolicyLogAnalyticsResources: Workspaces needed to configure the Firewall Policy Insights.
retentionDays Integer: Number of days the insights should be enabled on the policy.

isEnabled boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources FirewallPolicyLogAnalyticsResources: Workspaces needed to configure the Firewall Policy Insights.
retentionDays number: Number of days the insights should be enabled on the policy.

is_enabled bool: A flag to indicate if the insights are enabled on the policy.
log_analytics_resources FirewallPolicyLogAnalyticsResources: Workspaces needed to configure the Firewall Policy Insights.
retention_days int: Number of days the insights should be enabled on the policy.

isEnabled Boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources Property Map: Workspaces needed to configure the Firewall Policy Insights.
retentionDays Number: Number of days the insights should be enabled on the policy.

FirewallPolicyInsightsResponse
, FirewallPolicyInsightsResponseArgs

IsEnabled bool: A flag to indicate if the insights are enabled on the policy.
LogAnalyticsResources Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsResourcesResponse: Workspaces needed to configure the Firewall Policy Insights.
RetentionDays int: Number of days the insights should be enabled on the policy.

IsEnabled bool: A flag to indicate if the insights are enabled on the policy.
LogAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse: Workspaces needed to configure the Firewall Policy Insights.
RetentionDays int: Number of days the insights should be enabled on the policy.

isEnabled Boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse: Workspaces needed to configure the Firewall Policy Insights.
retentionDays Integer: Number of days the insights should be enabled on the policy.

isEnabled boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources FirewallPolicyLogAnalyticsResourcesResponse: Workspaces needed to configure the Firewall Policy Insights.
retentionDays number: Number of days the insights should be enabled on the policy.

is_enabled bool: A flag to indicate if the insights are enabled on the policy.
log_analytics_resources FirewallPolicyLogAnalyticsResourcesResponse: Workspaces needed to configure the Firewall Policy Insights.
retention_days int: Number of days the insights should be enabled on the policy.

isEnabled Boolean: A flag to indicate if the insights are enabled on the policy.
logAnalyticsResources Property Map: Workspaces needed to configure the Firewall Policy Insights.
retentionDays Number: Number of days the insights should be enabled on the policy.

FirewallPolicyIntrusionDetection
, FirewallPolicyIntrusionDetectionArgs

Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfiguration: Intrusion detection configuration properties.
Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
Profile string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProfileType: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

Configuration FirewallPolicyIntrusionDetectionConfiguration: Intrusion detection configuration properties.
Mode string | FirewallPolicyIntrusionDetectionStateType: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
Profile string | FirewallPolicyIntrusionDetectionProfileType: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfiguration: Intrusion detection configuration properties.
mode String | FirewallPolicyIntrusionDetectionStateType: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile String | FirewallPolicyIntrusionDetectionProfileType: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfiguration: Intrusion detection configuration properties.
mode string | FirewallPolicyIntrusionDetectionStateType: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile string | FirewallPolicyIntrusionDetectionProfileType: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfiguration: Intrusion detection configuration properties.
mode str | FirewallPolicyIntrusionDetectionStateType: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile str | FirewallPolicyIntrusionDetectionProfileType: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration Property Map: Intrusion detection configuration properties.
mode String | "Off" | "Alert" | "Deny": Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile String | "Basic" | "Standard" | "Advanced" | "Extended": IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications
, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs

Description string: Description of the bypass traffic rule.
DestinationAddresses List<string>: List of destination IP addresses or ranges for this rule.
DestinationIpGroups List<string>: List of destination IpGroups for this rule.
DestinationPorts List<string>: List of destination ports or ranges.
Name string: Name of the bypass traffic rule.
Protocol string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionProtocol: The rule bypass protocol.
SourceAddresses List<string>: List of source IP addresses or ranges for this rule.
SourceIpGroups List<string>: List of source IpGroups for this rule.

Description string: Description of the bypass traffic rule.
DestinationAddresses []string: List of destination IP addresses or ranges for this rule.
DestinationIpGroups []string: List of destination IpGroups for this rule.
DestinationPorts []string: List of destination ports or ranges.
Name string: Name of the bypass traffic rule.
Protocol string | FirewallPolicyIntrusionDetectionProtocol: The rule bypass protocol.
SourceAddresses []string: List of source IP addresses or ranges for this rule.
SourceIpGroups []string: List of source IpGroups for this rule.

description String: Description of the bypass traffic rule.
destinationAddresses List<String>: List of destination IP addresses or ranges for this rule.
destinationIpGroups List<String>: List of destination IpGroups for this rule.
destinationPorts List<String>: List of destination ports or ranges.
name String: Name of the bypass traffic rule.
protocol String | FirewallPolicyIntrusionDetectionProtocol: The rule bypass protocol.
sourceAddresses List<String>: List of source IP addresses or ranges for this rule.
sourceIpGroups List<String>: List of source IpGroups for this rule.

description string: Description of the bypass traffic rule.
destinationAddresses string[]: List of destination IP addresses or ranges for this rule.
destinationIpGroups string[]: List of destination IpGroups for this rule.
destinationPorts string[]: List of destination ports or ranges.
name string: Name of the bypass traffic rule.
protocol string | FirewallPolicyIntrusionDetectionProtocol: The rule bypass protocol.
sourceAddresses string[]: List of source IP addresses or ranges for this rule.
sourceIpGroups string[]: List of source IpGroups for this rule.

description str: Description of the bypass traffic rule.
destination_addresses Sequence[str]: List of destination IP addresses or ranges for this rule.
destination_ip_groups Sequence[str]: List of destination IpGroups for this rule.
destination_ports Sequence[str]: List of destination ports or ranges.
name str: Name of the bypass traffic rule.
protocol str | FirewallPolicyIntrusionDetectionProtocol: The rule bypass protocol.
source_addresses Sequence[str]: List of source IP addresses or ranges for this rule.
source_ip_groups Sequence[str]: List of source IpGroups for this rule.

description String: Description of the bypass traffic rule.
destinationAddresses List<String>: List of destination IP addresses or ranges for this rule.
destinationIpGroups List<String>: List of destination IpGroups for this rule.
destinationPorts List<String>: List of destination ports or ranges.
name String: Name of the bypass traffic rule.
protocol String | "TCP" | "UDP" | "ICMP" | "ANY": The rule bypass protocol.
sourceAddresses List<String>: List of source IP addresses or ranges for this rule.
sourceIpGroups List<String>: List of source IpGroups for this rule.

FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse
, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs

Description string: Description of the bypass traffic rule.
DestinationAddresses List<string>: List of destination IP addresses or ranges for this rule.
DestinationIpGroups List<string>: List of destination IpGroups for this rule.
DestinationPorts List<string>: List of destination ports or ranges.
Name string: Name of the bypass traffic rule.
Protocol string: The rule bypass protocol.
SourceAddresses List<string>: List of source IP addresses or ranges for this rule.
SourceIpGroups List<string>: List of source IpGroups for this rule.

Description string: Description of the bypass traffic rule.
DestinationAddresses []string: List of destination IP addresses or ranges for this rule.
DestinationIpGroups []string: List of destination IpGroups for this rule.
DestinationPorts []string: List of destination ports or ranges.
Name string: Name of the bypass traffic rule.
Protocol string: The rule bypass protocol.
SourceAddresses []string: List of source IP addresses or ranges for this rule.
SourceIpGroups []string: List of source IpGroups for this rule.

description String: Description of the bypass traffic rule.
destinationAddresses List<String>: List of destination IP addresses or ranges for this rule.
destinationIpGroups List<String>: List of destination IpGroups for this rule.
destinationPorts List<String>: List of destination ports or ranges.
name String: Name of the bypass traffic rule.
protocol String: The rule bypass protocol.
sourceAddresses List<String>: List of source IP addresses or ranges for this rule.
sourceIpGroups List<String>: List of source IpGroups for this rule.

description string: Description of the bypass traffic rule.
destinationAddresses string[]: List of destination IP addresses or ranges for this rule.
destinationIpGroups string[]: List of destination IpGroups for this rule.
destinationPorts string[]: List of destination ports or ranges.
name string: Name of the bypass traffic rule.
protocol string: The rule bypass protocol.
sourceAddresses string[]: List of source IP addresses or ranges for this rule.
sourceIpGroups string[]: List of source IpGroups for this rule.

description str: Description of the bypass traffic rule.
destination_addresses Sequence[str]: List of destination IP addresses or ranges for this rule.
destination_ip_groups Sequence[str]: List of destination IpGroups for this rule.
destination_ports Sequence[str]: List of destination ports or ranges.
name str: Name of the bypass traffic rule.
protocol str: The rule bypass protocol.
source_addresses Sequence[str]: List of source IP addresses or ranges for this rule.
source_ip_groups Sequence[str]: List of source IpGroups for this rule.

description String: Description of the bypass traffic rule.
destinationAddresses List<String>: List of destination IP addresses or ranges for this rule.
destinationIpGroups List<String>: List of destination IpGroups for this rule.
destinationPorts List<String>: List of destination ports or ranges.
name String: Name of the bypass traffic rule.
protocol String: The rule bypass protocol.
sourceAddresses List<String>: List of source IP addresses or ranges for this rule.
sourceIpGroups List<String>: List of source IpGroups for this rule.

FirewallPolicyIntrusionDetectionConfiguration
, FirewallPolicyIntrusionDetectionConfigurationArgs

BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>: List of rules for traffic to bypass.
PrivateRanges List<string>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecification>: List of specific signatures states.

BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecifications: List of rules for traffic to bypass.
PrivateRanges []string: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecification: List of specific signatures states.

bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecifications>: List of rules for traffic to bypass.
privateRanges List<String>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecification>: List of specific signatures states.

bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]: List of rules for traffic to bypass.
privateRanges string[]: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecification[]: List of specific signatures states.

bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecifications]: List of rules for traffic to bypass.
private_ranges Sequence[str]: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecification]: List of specific signatures states.

bypassTrafficSettings List<Property Map>: List of rules for traffic to bypass.
privateRanges List<String>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides List<Property Map>: List of specific signatures states.

FirewallPolicyIntrusionDetectionConfigurationResponse
, FirewallPolicyIntrusionDetectionConfigurationResponseArgs

BypassTrafficSettings List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>: List of rules for traffic to bypass.
PrivateRanges List<string>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
SignatureOverrides List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>: List of specific signatures states.

BypassTrafficSettings []FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse: List of rules for traffic to bypass.
PrivateRanges []string: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
SignatureOverrides []FirewallPolicyIntrusionDetectionSignatureSpecificationResponse: List of specific signatures states.

bypassTrafficSettings List<FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse>: List of rules for traffic to bypass.
privateRanges List<String>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides List<FirewallPolicyIntrusionDetectionSignatureSpecificationResponse>: List of specific signatures states.

bypassTrafficSettings FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse[]: List of rules for traffic to bypass.
privateRanges string[]: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides FirewallPolicyIntrusionDetectionSignatureSpecificationResponse[]: List of specific signatures states.

bypass_traffic_settings Sequence[FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse]: List of rules for traffic to bypass.
private_ranges Sequence[str]: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signature_overrides Sequence[FirewallPolicyIntrusionDetectionSignatureSpecificationResponse]: List of specific signatures states.

bypassTrafficSettings List<Property Map>: List of rules for traffic to bypass.
privateRanges List<String>: IDPS Private IP address ranges are used to identify traffic direction (i.e. inbound, outbound, etc.). By default, only ranges defined by IANA RFC 1918 are considered private IP addresses. To modify default ranges, specify your Private IP address ranges with this property
signatureOverrides List<Property Map>: List of specific signatures states.

FirewallPolicyIntrusionDetectionProfileType
, FirewallPolicyIntrusionDetectionProfileTypeArgs

Basic: Basic
Standard: Standard
Advanced: Advanced
Extended: Extended

FirewallPolicyIntrusionDetectionProfileTypeBasic: Basic
FirewallPolicyIntrusionDetectionProfileTypeStandard: Standard
FirewallPolicyIntrusionDetectionProfileTypeAdvanced: Advanced
FirewallPolicyIntrusionDetectionProfileTypeExtended: Extended

Basic: Basic
Standard: Standard
Advanced: Advanced
Extended: Extended

Basic: Basic
Standard: Standard
Advanced: Advanced
Extended: Extended

BASIC: Basic
STANDARD: Standard
ADVANCED: Advanced
EXTENDED: Extended

"Basic": Basic
"Standard": Standard
"Advanced": Advanced
"Extended": Extended

FirewallPolicyIntrusionDetectionProtocol
, FirewallPolicyIntrusionDetectionProtocolArgs

TCP: TCP
UDP: UDP
ICMP: ICMP
ANY: ANY

FirewallPolicyIntrusionDetectionProtocolTCP: TCP
FirewallPolicyIntrusionDetectionProtocolUDP: UDP
FirewallPolicyIntrusionDetectionProtocolICMP: ICMP
FirewallPolicyIntrusionDetectionProtocolANY: ANY

TCP: TCP
UDP: UDP
ICMP: ICMP
ANY: ANY

TCP: TCP
UDP: UDP
ICMP: ICMP
ANY: ANY

TCP: TCP
UDP: UDP
ICMP: ICMP
ANY: ANY

"TCP": TCP
"UDP": UDP
"ICMP": ICMP
"ANY": ANY

FirewallPolicyIntrusionDetectionResponse
, FirewallPolicyIntrusionDetectionResponseArgs

Configuration Pulumi.AzureNative.Network.Inputs.FirewallPolicyIntrusionDetectionConfigurationResponse: Intrusion detection configuration properties.
Mode string: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
Profile string: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

Configuration FirewallPolicyIntrusionDetectionConfigurationResponse: Intrusion detection configuration properties.
Mode string: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
Profile string: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse: Intrusion detection configuration properties.
mode String: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile String: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse: Intrusion detection configuration properties.
mode string: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile string: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration FirewallPolicyIntrusionDetectionConfigurationResponse: Intrusion detection configuration properties.
mode str: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile str: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

configuration Property Map: Intrusion detection configuration properties.
mode String: Intrusion detection general state. When attached to a parent policy, the firewall's effective IDPS mode is the stricter mode of the two.
profile String: IDPS profile name. When attached to a parent policy, the firewall's effective profile is the profile name of the parent policy.

FirewallPolicyIntrusionDetectionSignatureSpecification
, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs

Id string: Signature id.
Mode string | Pulumi.AzureNative.Network.FirewallPolicyIntrusionDetectionStateType: The signature state.

Id string: Signature id.
Mode string | FirewallPolicyIntrusionDetectionStateType: The signature state.

id String: Signature id.
mode String | FirewallPolicyIntrusionDetectionStateType: The signature state.

id string: Signature id.
mode string | FirewallPolicyIntrusionDetectionStateType: The signature state.

id str: Signature id.
mode str | FirewallPolicyIntrusionDetectionStateType: The signature state.

id String: Signature id.
mode String | "Off" | "Alert" | "Deny": The signature state.

FirewallPolicyIntrusionDetectionSignatureSpecificationResponse
, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs

Id string: Signature id.
Mode string: The signature state.

Id string: Signature id.
Mode string: The signature state.

id String: Signature id.
mode String: The signature state.

id string: Signature id.
mode string: The signature state.

id str: Signature id.
mode str: The signature state.

id String: Signature id.
mode String: The signature state.

FirewallPolicyIntrusionDetectionStateType
, FirewallPolicyIntrusionDetectionStateTypeArgs

Off: Off
Alert: Alert
Deny: Deny

FirewallPolicyIntrusionDetectionStateTypeOff: Off
FirewallPolicyIntrusionDetectionStateTypeAlert: Alert
FirewallPolicyIntrusionDetectionStateTypeDeny: Deny

Off: Off
Alert: Alert
Deny: Deny

Off: Off
Alert: Alert
Deny: Deny

OFF: Off
ALERT: Alert
DENY: Deny

"Off": Off
"Alert": Alert
"Deny": Deny

FirewallPolicyLogAnalyticsResources
, FirewallPolicyLogAnalyticsResourcesArgs

DefaultWorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource: The default workspace Id for Firewall Policy Insights.
Workspaces List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspace>: List of workspaces for Firewall Policy Insights.

DefaultWorkspaceId SubResource: The default workspace Id for Firewall Policy Insights.
Workspaces []FirewallPolicyLogAnalyticsWorkspace: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResource: The default workspace Id for Firewall Policy Insights.
workspaces List<FirewallPolicyLogAnalyticsWorkspace>: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResource: The default workspace Id for Firewall Policy Insights.
workspaces FirewallPolicyLogAnalyticsWorkspace[]: List of workspaces for Firewall Policy Insights.

default_workspace_id SubResource: The default workspace Id for Firewall Policy Insights.
workspaces Sequence[FirewallPolicyLogAnalyticsWorkspace]: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId Property Map: The default workspace Id for Firewall Policy Insights.
workspaces List<Property Map>: List of workspaces for Firewall Policy Insights.

FirewallPolicyLogAnalyticsResourcesResponse
, FirewallPolicyLogAnalyticsResourcesResponseArgs

DefaultWorkspaceId Pulumi.AzureNative.Network.Inputs.SubResourceResponse: The default workspace Id for Firewall Policy Insights.
Workspaces List<Pulumi.AzureNative.Network.Inputs.FirewallPolicyLogAnalyticsWorkspaceResponse>: List of workspaces for Firewall Policy Insights.

DefaultWorkspaceId SubResourceResponse: The default workspace Id for Firewall Policy Insights.
Workspaces []FirewallPolicyLogAnalyticsWorkspaceResponse: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResourceResponse: The default workspace Id for Firewall Policy Insights.
workspaces List<FirewallPolicyLogAnalyticsWorkspaceResponse>: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId SubResourceResponse: The default workspace Id for Firewall Policy Insights.
workspaces FirewallPolicyLogAnalyticsWorkspaceResponse[]: List of workspaces for Firewall Policy Insights.

default_workspace_id SubResourceResponse: The default workspace Id for Firewall Policy Insights.
workspaces Sequence[FirewallPolicyLogAnalyticsWorkspaceResponse]: List of workspaces for Firewall Policy Insights.

defaultWorkspaceId Property Map: The default workspace Id for Firewall Policy Insights.
workspaces List<Property Map>: List of workspaces for Firewall Policy Insights.

FirewallPolicyLogAnalyticsWorkspace
, FirewallPolicyLogAnalyticsWorkspaceArgs

Region string: Region to configure the Workspace.
WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResource: The workspace Id for Firewall Policy Insights.

Region string: Region to configure the Workspace.
WorkspaceId SubResource: The workspace Id for Firewall Policy Insights.

region String: Region to configure the Workspace.
workspaceId SubResource: The workspace Id for Firewall Policy Insights.

region string: Region to configure the Workspace.
workspaceId SubResource: The workspace Id for Firewall Policy Insights.

region str: Region to configure the Workspace.
workspace_id SubResource: The workspace Id for Firewall Policy Insights.

region String: Region to configure the Workspace.
workspaceId Property Map: The workspace Id for Firewall Policy Insights.

FirewallPolicyLogAnalyticsWorkspaceResponse
, FirewallPolicyLogAnalyticsWorkspaceResponseArgs

Region string: Region to configure the Workspace.
WorkspaceId Pulumi.AzureNative.Network.Inputs.SubResourceResponse: The workspace Id for Firewall Policy Insights.

Region string: Region to configure the Workspace.
WorkspaceId SubResourceResponse: The workspace Id for Firewall Policy Insights.

region String: Region to configure the Workspace.
workspaceId SubResourceResponse: The workspace Id for Firewall Policy Insights.

region string: Region to configure the Workspace.
workspaceId SubResourceResponse: The workspace Id for Firewall Policy Insights.

region str: Region to configure the Workspace.
workspace_id SubResourceResponse: The workspace Id for Firewall Policy Insights.

region String: Region to configure the Workspace.
workspaceId Property Map: The workspace Id for Firewall Policy Insights.

FirewallPolicySNAT
, FirewallPolicySNATArgs

AutoLearnPrivateRanges string | Pulumi.AzureNative.Network.AutoLearnPrivateRangesMode: The operation mode for automatically learning private ranges to not be SNAT
PrivateRanges List<string>: List of private IP addresses/IP address ranges to not be SNAT.

AutoLearnPrivateRanges string | AutoLearnPrivateRangesMode: The operation mode for automatically learning private ranges to not be SNAT
PrivateRanges []string: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges String | AutoLearnPrivateRangesMode: The operation mode for automatically learning private ranges to not be SNAT
privateRanges List<String>: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges string | AutoLearnPrivateRangesMode: The operation mode for automatically learning private ranges to not be SNAT
privateRanges string[]: List of private IP addresses/IP address ranges to not be SNAT.

auto_learn_private_ranges str | AutoLearnPrivateRangesMode: The operation mode for automatically learning private ranges to not be SNAT
private_ranges Sequence[str]: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges String | "Enabled" | "Disabled": The operation mode for automatically learning private ranges to not be SNAT
privateRanges List<String>: List of private IP addresses/IP address ranges to not be SNAT.

FirewallPolicySNATResponse
, FirewallPolicySNATResponseArgs

AutoLearnPrivateRanges string: The operation mode for automatically learning private ranges to not be SNAT
PrivateRanges List<string>: List of private IP addresses/IP address ranges to not be SNAT.

AutoLearnPrivateRanges string: The operation mode for automatically learning private ranges to not be SNAT
PrivateRanges []string: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges String: The operation mode for automatically learning private ranges to not be SNAT
privateRanges List<String>: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges string: The operation mode for automatically learning private ranges to not be SNAT
privateRanges string[]: List of private IP addresses/IP address ranges to not be SNAT.

auto_learn_private_ranges str: The operation mode for automatically learning private ranges to not be SNAT
private_ranges Sequence[str]: List of private IP addresses/IP address ranges to not be SNAT.

autoLearnPrivateRanges String: The operation mode for automatically learning private ranges to not be SNAT
privateRanges List<String>: List of private IP addresses/IP address ranges to not be SNAT.

FirewallPolicySQL
, FirewallPolicySQLArgs

AllowSqlRedirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

AllowSqlRedirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect Boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allow_sql_redirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect Boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

FirewallPolicySQLResponse
, FirewallPolicySQLResponseArgs

AllowSqlRedirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

AllowSqlRedirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect Boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allow_sql_redirect bool: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

allowSqlRedirect Boolean: A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999.

FirewallPolicyThreatIntelWhitelist
, FirewallPolicyThreatIntelWhitelistArgs

Fqdns List<string>: List of FQDNs for the ThreatIntel Whitelist.
IpAddresses List<string>: List of IP addresses for the ThreatIntel Whitelist.

Fqdns []string: List of FQDNs for the ThreatIntel Whitelist.
IpAddresses []string: List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses List<String>: List of IP addresses for the ThreatIntel Whitelist.

fqdns string[]: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses string[]: List of IP addresses for the ThreatIntel Whitelist.

fqdns Sequence[str]: List of FQDNs for the ThreatIntel Whitelist.
ip_addresses Sequence[str]: List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses List<String>: List of IP addresses for the ThreatIntel Whitelist.

FirewallPolicyThreatIntelWhitelistResponse
, FirewallPolicyThreatIntelWhitelistResponseArgs

Fqdns List<string>: List of FQDNs for the ThreatIntel Whitelist.
IpAddresses List<string>: List of IP addresses for the ThreatIntel Whitelist.

Fqdns []string: List of FQDNs for the ThreatIntel Whitelist.
IpAddresses []string: List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses List<String>: List of IP addresses for the ThreatIntel Whitelist.

fqdns string[]: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses string[]: List of IP addresses for the ThreatIntel Whitelist.

fqdns Sequence[str]: List of FQDNs for the ThreatIntel Whitelist.
ip_addresses Sequence[str]: List of IP addresses for the ThreatIntel Whitelist.

fqdns List<String>: List of FQDNs for the ThreatIntel Whitelist.
ipAddresses List<String>: List of IP addresses for the ThreatIntel Whitelist.

SubResource
, SubResourceArgs

Id string: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

Id string: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

id String: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

id string: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

id str: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

id String: Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.

SubResourceResponse
, SubResourceResponseArgs

Id string: Resource ID.

Id string: Resource ID.

id String: Resource ID.

id string: Resource ID.

id str: Resource ID.

id String: Resource ID.

Import

An existing resource can be imported using its type token, name, and identifier, e.g.

$ pulumi import azure-native:network:FirewallPolicyDraft firewallPolicy /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/firewallPolicyDrafts/default

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: azure-native-v2 pulumi/pulumi-azure-native
License: Apache-2.0

These are the docs for Azure Native v2. We recommenend using the latest version, Azure Native v3.

Azure Native v2 v2.90.0 published on Thursday, Mar 27, 2025 by Pulumi

pulumi/pulumi-azure-native

azure-native-v2.network.FirewallPolicyDraft

On this page

On this page

Example Usage

create or update firewall policy draft

Create FirewallPolicyDraft Resource

Constructor syntax

Parameters

Constructor example

FirewallPolicyDraft Resource Properties

Inputs

Outputs

Supporting Types

AutoLearnPrivateRangesMode, AutoLearnPrivateRangesModeArgs

AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs

DnsSettings, DnsSettingsArgs

DnsSettingsResponse, DnsSettingsResponseArgs

ExplicitProxy, ExplicitProxyArgs

ExplicitProxyResponse, ExplicitProxyResponseArgs

FirewallPolicyInsights, FirewallPolicyInsightsArgs

FirewallPolicyInsightsResponse, FirewallPolicyInsightsResponseArgs

FirewallPolicyIntrusionDetection, FirewallPolicyIntrusionDetectionArgs

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs

FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs

FirewallPolicyIntrusionDetectionConfiguration, FirewallPolicyIntrusionDetectionConfigurationArgs

FirewallPolicyIntrusionDetectionConfigurationResponse, FirewallPolicyIntrusionDetectionConfigurationResponseArgs

FirewallPolicyIntrusionDetectionProfileType, FirewallPolicyIntrusionDetectionProfileTypeArgs

FirewallPolicyIntrusionDetectionProtocol, FirewallPolicyIntrusionDetectionProtocolArgs

FirewallPolicyIntrusionDetectionResponse, FirewallPolicyIntrusionDetectionResponseArgs

FirewallPolicyIntrusionDetectionSignatureSpecification, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs

FirewallPolicyIntrusionDetectionSignatureSpecificationResponse, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs

FirewallPolicyIntrusionDetectionStateType, FirewallPolicyIntrusionDetectionStateTypeArgs

FirewallPolicyLogAnalyticsResources, FirewallPolicyLogAnalyticsResourcesArgs

FirewallPolicyLogAnalyticsResourcesResponse, FirewallPolicyLogAnalyticsResourcesResponseArgs

FirewallPolicyLogAnalyticsWorkspace, FirewallPolicyLogAnalyticsWorkspaceArgs

FirewallPolicyLogAnalyticsWorkspaceResponse, FirewallPolicyLogAnalyticsWorkspaceResponseArgs

FirewallPolicySNAT, FirewallPolicySNATArgs

FirewallPolicySNATResponse, FirewallPolicySNATResponseArgs

FirewallPolicySQL, FirewallPolicySQLArgs

FirewallPolicySQLResponse, FirewallPolicySQLResponseArgs

FirewallPolicyThreatIntelWhitelist, FirewallPolicyThreatIntelWhitelistArgs

FirewallPolicyThreatIntelWhitelistResponse, FirewallPolicyThreatIntelWhitelistResponseArgs

SubResource, SubResourceArgs

SubResourceResponse, SubResourceResponseArgs

Import

Package Details

On this page

On this page

AutoLearnPrivateRangesMode
, AutoLearnPrivateRangesModeArgs

AzureFirewallThreatIntelMode
, AzureFirewallThreatIntelModeArgs

DnsSettings
, DnsSettingsArgs

DnsSettingsResponse
, DnsSettingsResponseArgs

ExplicitProxy
, ExplicitProxyArgs

ExplicitProxyResponse
, ExplicitProxyResponseArgs

FirewallPolicyInsights
, FirewallPolicyInsightsArgs

FirewallPolicyInsightsResponse
, FirewallPolicyInsightsResponseArgs

FirewallPolicyIntrusionDetection
, FirewallPolicyIntrusionDetectionArgs

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications
, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsArgs

FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponse
, FirewallPolicyIntrusionDetectionBypassTrafficSpecificationsResponseArgs

FirewallPolicyIntrusionDetectionConfiguration
, FirewallPolicyIntrusionDetectionConfigurationArgs

FirewallPolicyIntrusionDetectionConfigurationResponse
, FirewallPolicyIntrusionDetectionConfigurationResponseArgs

FirewallPolicyIntrusionDetectionProfileType
, FirewallPolicyIntrusionDetectionProfileTypeArgs

FirewallPolicyIntrusionDetectionProtocol
, FirewallPolicyIntrusionDetectionProtocolArgs

FirewallPolicyIntrusionDetectionResponse
, FirewallPolicyIntrusionDetectionResponseArgs

FirewallPolicyIntrusionDetectionSignatureSpecification
, FirewallPolicyIntrusionDetectionSignatureSpecificationArgs

FirewallPolicyIntrusionDetectionSignatureSpecificationResponse
, FirewallPolicyIntrusionDetectionSignatureSpecificationResponseArgs

FirewallPolicyIntrusionDetectionStateType
, FirewallPolicyIntrusionDetectionStateTypeArgs

FirewallPolicyLogAnalyticsResources
, FirewallPolicyLogAnalyticsResourcesArgs

FirewallPolicyLogAnalyticsResourcesResponse
, FirewallPolicyLogAnalyticsResourcesResponseArgs

FirewallPolicyLogAnalyticsWorkspace
, FirewallPolicyLogAnalyticsWorkspaceArgs

FirewallPolicyLogAnalyticsWorkspaceResponse
, FirewallPolicyLogAnalyticsWorkspaceResponseArgs

FirewallPolicySNAT
, FirewallPolicySNATArgs

FirewallPolicySNATResponse
, FirewallPolicySNATResponseArgs

FirewallPolicySQL
, FirewallPolicySQLArgs

FirewallPolicySQLResponse
, FirewallPolicySQLResponseArgs

FirewallPolicyThreatIntelWhitelist
, FirewallPolicyThreatIntelWhitelistArgs

FirewallPolicyThreatIntelWhitelistResponse
, FirewallPolicyThreatIntelWhitelistResponseArgs

SubResource
, SubResourceArgs

SubResourceResponse
, SubResourceResponseArgs