The firewallPolicies/ruleCollectionGroups resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
To create a Microsoft.Network/firewallPolicies/ruleCollectionGroups resource, add the following JSON to your template.
{
"type": "Microsoft.Network/firewallPolicies/ruleCollectionGroups",
"apiVersion": "2023-04-01",
"name": "string",
"properties": {
"priority": "int",
"ruleCollections": [
{
"name": "string",
"priority": "int",
"ruleCollectionType": "string"
// For remaining properties, see FirewallPolicyRuleCollection objects
}
]
}
}
Set the ruleCollectionType property to specify the type of object.
For FirewallPolicyFilterRuleCollection, use:
"ruleCollectionType": "FirewallPolicyFilterRuleCollection",
"action": {
"type": "string"
},
"rules": [
{
"description": "string",
"name": "string",
"ruleType": "string"
// For remaining properties, see FirewallPolicyRule objects
}
]
For FirewallPolicyNatRuleCollection, use:
"ruleCollectionType": "FirewallPolicyNatRuleCollection",
"action": {
"type": "DNAT"
},
"rules": [
{
"description": "string",
"name": "string",
"ruleType": "string"
// For remaining properties, see FirewallPolicyRule objects
}
]
Set the ruleType property to specify the type of object.
For ApplicationRule, use:
"ruleType": "ApplicationRule",
"destinationAddresses": [ "string" ],
"fqdnTags": [ "string" ],
"httpHeadersToInsert": [
{
"headerName": "string",
"headerValue": "string"
}
],
"protocols": [
{
"port": "int",
"protocolType": "string"
}
],
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ],
"targetFqdns": [ "string" ],
"targetUrls": [ "string" ],
"terminateTLS": "bool",
"webCategories": [ "string" ]
For NatRule, use:
"ruleType": "NatRule",
"destinationAddresses": [ "string" ],
"destinationPorts": [ "string" ],
"ipProtocols": [ "string" ],
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ],
"translatedAddress": "string",
"translatedFqdn": "string",
"translatedPort": "string"
For NetworkRule, use:
"ruleType": "NetworkRule",
"destinationAddresses": [ "string" ],
"destinationFqdns": [ "string" ],
"destinationIpGroups": [ "string" ],
"destinationPorts": [ "string" ],
"ipProtocols": [ "string" ],
"sourceAddresses": [ "string" ],
"sourceIpGroups": [ "string" ]
Name | Description | Value |
---|---|---|
type | The resource type | 'Microsoft.Network/firewallPolicies/ruleCollectionGroups' |
apiVersion | The resource api version | '2023-04-01' |
name | The resource name See how to set names and types for child resources in JSON ARM templates. |
string (required) |
properties | The properties of the firewall policy rule collection group. | FirewallPolicyRuleCollectionGroupProperties |
Name | Description | Value |
---|---|---|
priority | Priority of the Firewall Policy Rule Collection Group resource. | int |
ruleCollections | Group of Firewall Policy rule collections. | FirewallPolicyRuleCollection[] |
Name | Description | Value |
---|---|---|
name | The name of the rule collection. | string |
priority | Priority of the Firewall Policy Rule Collection resource. | int |
ruleCollectionType | Set the object type | FirewallPolicyFilterRuleCollection FirewallPolicyNatRuleCollection (required) |
Name | Description | Value |
---|---|---|
ruleCollectionType | The type of the rule collection. | 'FirewallPolicyFilterRuleCollection' (required) |
action | The action type of a Filter rule collection. | FirewallPolicyFilterRuleCollectionAction |
rules | List of rules included in a rule collection. | FirewallPolicyRule[] |
Name | Description | Value |
---|---|---|
type | The type of action. | 'Allow' 'Deny' |
Name | Description | Value |
---|---|---|
description | Description of the rule. | string |
name | Name of the rule. | string |
ruleType | Set the object type | ApplicationRule NatRule NetworkRule (required) |
Name | Description | Value |
---|---|---|
ruleType | Rule Type. | 'ApplicationRule' (required) |
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
fqdnTags | List of FQDN Tags for this rule. | string[] |
httpHeadersToInsert | List of HTTP/S headers to insert. | FirewallPolicyHttpHeaderToInsert[] |
protocols | Array of Application Protocols. | FirewallPolicyRuleApplicationProtocol[] |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
targetFqdns | List of FQDNs for this rule. | string[] |
targetUrls | List of Urls for this rule condition. | string[] |
terminateTLS | Terminate TLS connections for this rule. | bool |
webCategories | List of destination azure web categories. | string[] |
Name | Description | Value |
---|---|---|
headerName | Contains the name of the header | string |
headerValue | Contains the value of the header | string |
Name | Description | Value |
---|---|---|
port | Port number for the protocol, cannot be greater than 64000. | int |
protocolType | Protocol type. | 'Http' 'Https' |
Name | Description | Value |
---|---|---|
ruleType | Rule Type. | 'NatRule' (required) |
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
translatedAddress | The translated address for this NAT rule. | string |
translatedFqdn | The translated FQDN for this NAT rule. | string |
translatedPort | The translated port for this NAT rule. | string |
Name | Description | Value |
---|---|---|
ruleType | Rule Type. | 'NetworkRule' (required) |
destinationAddresses | List of destination IP addresses or Service Tags. | string[] |
destinationFqdns | List of destination FQDNs. | string[] |
destinationIpGroups | List of destination IpGroups for this rule. | string[] |
destinationPorts | List of destination ports. | string[] |
ipProtocols | Array of FirewallPolicyRuleNetworkProtocols. | String array containing any of: 'Any' 'ICMP' 'TCP' 'UDP' |
sourceAddresses | List of source IP addresses for this rule. | string[] |
sourceIpGroups | List of source IpGroups for this rule. | string[] |
Name | Description | Value |
---|---|---|
ruleCollectionType | The type of the rule collection. | 'FirewallPolicyNatRuleCollection' (required) |
action | The action type of a Nat rule collection. | FirewallPolicyNatRuleCollectionAction |
rules | List of rules included in a rule collection. | FirewallPolicyRule[] |
Name | Description | Value |
---|---|---|
type | The type of action. | 'DNAT' |
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
Create a Firewall and FirewallPolicy with Rules and Ipgroups |
This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules. |
Create a Firewall, FirewallPolicy with Explicit Proxy |
This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
Create a Firewall with FirewallPolicy and IpGroups |
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
Azure Virtual WAN Routing Intent and Policies |
This template provisions an Azure Virtual WAN with two hubs with Routing Intent and Policies feature enabled. |