az network firewall
Manage and configure Azure Firewalls.
Commands
az network firewall application-rule |
Manage and configure Azure Firewall application rules. |
az network firewall application-rule collection |
Manage and configure Azure Firewall application rule collections. |
az network firewall application-rule collection delete |
Delete an Azure Firewall application rule collection. |
az network firewall application-rule collection list |
List Azure Firewall application rule collections. |
az network firewall application-rule collection show |
Get the details of an Azure Firewall application rule collection. |
az network firewall application-rule create |
Create an Azure Firewall application rule. |
az network firewall application-rule delete |
Delete an Azure Firewall application rule. |
az network firewall application-rule list |
List Azure Firewall application rules. |
az network firewall application-rule show |
Get the details of an Azure Firewall application rule. |
az network firewall create |
Create an Azure Firewall. |
az network firewall delete |
Delete an Azure Firewall. |
az network firewall ip-config |
Manage and configure Azure Firewall IP configurations. |
az network firewall ip-config create |
Create an Azure Firewall IP configuration. |
az network firewall ip-config delete |
Delete an Azure Firewall IP configuration. |
az network firewall ip-config list |
List Azure Firewall IP configurations. |
az network firewall ip-config show |
Get the details of an Azure Firewall IP configuration. |
az network firewall list |
List Azure Firewalls. |
az network firewall list-fqdn-tags |
Gets all the Azure Firewall FQDN Tags in a subscription. |
az network firewall management-ip-config |
Manage and configure Azure Firewall Management IP configurations. |
az network firewall management-ip-config show |
Get the details of an Azure Firewall Management IP configuration. |
az network firewall management-ip-config update |
Update an Azure Firewall Management IP configuration. |
az network firewall nat-rule |
Manage and configure Azure Firewall NAT rules. |
az network firewall nat-rule collection |
Manage and configure Azure Firewall NAT rules. |
az network firewall nat-rule collection delete |
Delete an Azure Firewall NAT rule collection. |
az network firewall nat-rule collection list |
List Azure Firewall NAT rule collections. |
az network firewall nat-rule collection show |
Get the details of an Azure Firewall NAT rule collection. |
az network firewall nat-rule create |
Create an Azure Firewall NAT rule. |
az network firewall nat-rule delete |
Delete an Azure Firewall NAT rule. |
az network firewall nat-rule list |
List Azure Firewall NAT rules. |
az network firewall nat-rule show |
Get the details of an Azure Firewall NAT rule. |
az network firewall network-rule |
Manage and configure Azure Firewall network rules. |
az network firewall network-rule collection |
Manage and configure Azure Firewall network rule collections. |
az network firewall network-rule collection delete |
Delete an Azure Firewall network rule collection. |
az network firewall network-rule collection list |
List Azure Firewall network rule collections. |
az network firewall network-rule collection show |
Get the details of an Azure Firewall network rule collection. |
az network firewall network-rule create |
Create an Azure Firewall network rule. |
az network firewall network-rule delete |
Delete an Azure Firewall network rule. If you want to delete the last rule in a collection, please delete the collection instead. |
az network firewall network-rule list |
List Azure Firewall network rules. |
az network firewall network-rule show |
Get the details of an Azure Firewall network rule. |
az network firewall policy |
Manage and configure Azure firewall policy. |
az network firewall policy create |
Create an Azure firewall policy. |
az network firewall policy delete |
Delete an Azure firewall policy. |
az network firewall policy list |
List all Azure firewall policies. |
az network firewall policy rule-collection-group |
Manage and configure Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group collection |
Manage and configure Azure firewall policy rule collections in the rule collection group. |
az network firewall policy rule-collection-group collection add-filter-collection |
Add a filter collection into an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group collection add-nat-collection |
Add a NAT collection into an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group collection list |
List all rule collections of an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group collection remove |
Remove a rule collection from an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group collection rule |
Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy. |
az network firewall policy rule-collection-group collection rule add |
Add a rule into an Azure firewall policy rule collection. |
az network firewall policy rule-collection-group collection rule remove |
Remove a rule from an Azure firewall policy rule collection. |
az network firewall policy rule-collection-group create |
Create an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group delete |
Delete an Azure Firewall policy rule collection group. |
az network firewall policy rule-collection-group list |
List all Azure firewall policy rule collection groups. |
az network firewall policy rule-collection-group show |
Show an Azure firewall policy rule collection group. |
az network firewall policy rule-collection-group update |
Update an Azure firewall policy rule collection group. |
az network firewall policy show |
Show an Azure firewall policy. |
az network firewall policy update |
Update an Azure firewall policy. |
az network firewall show |
Get the details of an Azure Firewall. |
az network firewall threat-intel-allowlist |
Manage and configure Azure Firewall Threat Intelligence Allow List. |
az network firewall threat-intel-allowlist create |
Create an Azure Firewall Threat Intelligence Allow List. |
az network firewall threat-intel-allowlist delete |
Delete an Azure Firewall Threat Intelligence Allow List. |
az network firewall threat-intel-allowlist show |
Get the details of an Azure Firewall Threat Intelligence Allow List. |
az network firewall threat-intel-allowlist update |
Update Azure Firewall Threat Intelligence Allow List. |
az network firewall update |
Update an Azure Firewall. |
az network firewall create
Create an Azure Firewall.
az network firewall create --name
--resource-group
[--allow-active-ftp {false, true}]
[--count]
[--dns-servers]
[--enable-dns-proxy {false, true}]
[--firewall-policy]
[--location]
[--private-ranges]
[--require-dns-proxy-for-network-rules {false, true}]
[--sku {AZFW_Hub, AZFW_VNet}]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]
[--vhub]
[--zones {1, 2, 3}]
Examples
Create a Azure firewall with private ranges
az network firewall create -g MyResourceGroup -n MyFirewall --private-ranges 10.0.0.0 10.0.0.0/16 IANAPrivateRanges
Required Parameters
Azure Firewall name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.
Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.
Space-separated list of DNS server IP addresses.
Enable DNS Proxy.
Name or ID of the firewallPolicy associated with this azure firewall.
Location. Values from: az account list-locations
. You can configure the default location using az configure --defaults location=<location>
.
Space-separated list of SNAT private range. Validate values are single Ip, Ip prefixes or a single special value "IANAPrivateRanges".
Requires DNS Proxy functionality for FQDNs within Network Rules.
SKU of Azure firewall. This field cannot be updated after the creation. The default sku in server end is AZFW_VNet. If you want to attach azure firewall to vhub, you should set sku to AZFW_Hub.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The operation mode for Threat Intelligence.
Name or ID of the virtualHub to which the firewall belongs.
Space-separated list of availability zones into which to provision the resource.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall delete
Delete an Azure Firewall.
az network firewall delete --name
--resource-group
Required Parameters
Azure Firewall name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall list
List Azure Firewalls.
az network firewall list [--resource-group]
Optional Parameters
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall list-fqdn-tags
Gets all the Azure Firewall FQDN Tags in a subscription.
az network firewall list-fqdn-tags
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall show
Get the details of an Azure Firewall.
az network firewall show --name
--resource-group
Required Parameters
Azure Firewall name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.
az network firewall update
Update an Azure Firewall.
az network firewall update --name
--resource-group
[--add]
[--allow-active-ftp {false, true}]
[--count]
[--dns-servers]
[--enable-dns-proxy {false, true}]
[--firewall-policy]
[--force-string]
[--private-ranges]
[--public-ips]
[--remove]
[--require-dns-proxy-for-network-rules {false, true}]
[--set]
[--tags]
[--threat-intel-mode {Alert, Deny, Off}]
[--vhub]
[--zones {1, 2, 3}]
Required Parameters
Azure Firewall name.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.
Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.
Space-separated list of DNS server IP addresses.
Enable DNS Proxy.
Name or ID of the firewallPolicy associated with this azure firewall.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
Space-separated list of SNAT private range. Validate values are single Ip, Ip prefixes or a single special value "IANAPrivateRanges".
Space-separated list of Public IP addresses associated with azure firewall. It's used to delete public ip addresses from this firewall.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Requires DNS Proxy functionality for FQDNs within Network Rules.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
The operation mode for Threat Intelligence.
Name or ID of the virtualHub to which the firewall belongs.
Space-separated list of availability zones into which to provision the resource.
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Increase logging verbosity. Use --debug for full debug logs.