az network firewall

Manage and configure Azure Firewalls.

Commands

az network firewall application-rule

Manage and configure Azure Firewall application rules.

az network firewall application-rule collection

Manage and configure Azure Firewall application rule collections.

az network firewall application-rule collection delete

Delete an Azure Firewall application rule collection.

az network firewall application-rule collection list

List Azure Firewall application rule collections.

az network firewall application-rule collection show

Get the details of an Azure Firewall application rule collection.

az network firewall application-rule create

Create an Azure Firewall application rule.

az network firewall application-rule delete

Delete an Azure Firewall application rule.

az network firewall application-rule list

List Azure Firewall application rules.

az network firewall application-rule show

Get the details of an Azure Firewall application rule.

az network firewall create

Create an Azure Firewall.

az network firewall delete

Delete an Azure Firewall.

az network firewall ip-config

Manage and configure Azure Firewall IP configurations.

az network firewall ip-config create

Create an Azure Firewall IP configuration.

az network firewall ip-config delete

Delete an Azure Firewall IP configuration.

az network firewall ip-config list

List Azure Firewall IP configurations.

az network firewall ip-config show

Get the details of an Azure Firewall IP configuration.

az network firewall list

List Azure Firewalls.

az network firewall list-fqdn-tags

Gets all the Azure Firewall FQDN Tags in a subscription.

az network firewall management-ip-config

Manage and configure Azure Firewall Management IP configurations.

az network firewall management-ip-config show

Get the details of an Azure Firewall Management IP configuration.

az network firewall management-ip-config update

Update an Azure Firewall Management IP configuration.

az network firewall nat-rule

Manage and configure Azure Firewall NAT rules.

az network firewall nat-rule collection

Manage and configure Azure Firewall NAT rules.

az network firewall nat-rule collection delete

Delete an Azure Firewall NAT rule collection.

az network firewall nat-rule collection list

List Azure Firewall NAT rule collections.

az network firewall nat-rule collection show

Get the details of an Azure Firewall NAT rule collection.

az network firewall nat-rule create

Create an Azure Firewall NAT rule.

az network firewall nat-rule delete

Delete an Azure Firewall NAT rule.

az network firewall nat-rule list

List Azure Firewall NAT rules.

az network firewall nat-rule show

Get the details of an Azure Firewall NAT rule.

az network firewall network-rule

Manage and configure Azure Firewall network rules.

az network firewall network-rule collection

Manage and configure Azure Firewall network rule collections.

az network firewall network-rule collection delete

Delete an Azure Firewall network rule collection.

az network firewall network-rule collection list

List Azure Firewall network rule collections.

az network firewall network-rule collection show

Get the details of an Azure Firewall network rule collection.

az network firewall network-rule create

Create an Azure Firewall network rule.

az network firewall network-rule delete

Delete an Azure Firewall network rule. If you want to delete the last rule in a collection, please delete the collection instead.

az network firewall network-rule list

List Azure Firewall network rules.

az network firewall network-rule show

Get the details of an Azure Firewall network rule.

az network firewall policy

Manage and configure Azure firewall policy.

az network firewall policy create

Create an Azure firewall policy.

az network firewall policy delete

Delete an Azure firewall policy.

az network firewall policy list

List all Azure firewall policies.

az network firewall policy rule-collection-group

Manage and configure Azure firewall policy rule collection group.

az network firewall policy rule-collection-group collection

Manage and configure Azure firewall policy rule collections in the rule collection group.

az network firewall policy rule-collection-group collection add-filter-collection

Add a filter collection into an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group collection add-nat-collection

Add a NAT collection into an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group collection list

List all rule collections of an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group collection remove

Remove a rule collection from an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group collection rule

Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy.

az network firewall policy rule-collection-group collection rule add

Add a rule into an Azure firewall policy rule collection.

az network firewall policy rule-collection-group collection rule remove

Remove a rule from an Azure firewall policy rule collection.

az network firewall policy rule-collection-group create

Create an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group delete

Delete an Azure Firewall policy rule collection group.

az network firewall policy rule-collection-group list

List all Azure firewall policy rule collection groups.

az network firewall policy rule-collection-group show

Show an Azure firewall policy rule collection group.

az network firewall policy rule-collection-group update

Update an Azure firewall policy rule collection group.

az network firewall policy show

Show an Azure firewall policy.

az network firewall policy update

Update an Azure firewall policy.

az network firewall show

Get the details of an Azure Firewall.

az network firewall threat-intel-allowlist

Manage and configure Azure Firewall Threat Intelligence Allow List.

az network firewall threat-intel-allowlist create

Create an Azure Firewall Threat Intelligence Allow List.

az network firewall threat-intel-allowlist delete

Delete an Azure Firewall Threat Intelligence Allow List.

az network firewall threat-intel-allowlist show

Get the details of an Azure Firewall Threat Intelligence Allow List.

az network firewall threat-intel-allowlist update

Update Azure Firewall Threat Intelligence Allow List.

az network firewall update

Update an Azure Firewall.

az network firewall create

Create an Azure Firewall.

az network firewall create --name
                           --resource-group
                           [--allow-active-ftp {false, true}]
                           [--count]
                           [--dns-servers]
                           [--enable-dns-proxy {false, true}]
                           [--firewall-policy]
                           [--location]
                           [--private-ranges]
                           [--require-dns-proxy-for-network-rules {false, true}]
                           [--sku {AZFW_Hub, AZFW_VNet}]
                           [--tags]
                           [--threat-intel-mode {Alert, Deny, Off}]
                           [--vhub]
                           [--zones {1, 2, 3}]

Examples

Create a Azure firewall with private ranges

az network firewall create -g MyResourceGroup -n MyFirewall --private-ranges 10.0.0.0 10.0.0.0/16 IANAPrivateRanges

Required Parameters

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allow-active-ftp

Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.

accepted values: false, true
--count --public-ip-count

Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.

--dns-servers

Space-separated list of DNS server IP addresses.

--enable-dns-proxy

Enable DNS Proxy.

accepted values: false, true
--firewall-policy --policy

Name or ID of the firewallPolicy associated with this azure firewall.

--location -l

Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.

--private-ranges

Space-separated list of SNAT private range. Validate values are single Ip, Ip prefixes or a single special value "IANAPrivateRanges".

--require-dns-proxy-for-network-rules

Requires DNS Proxy functionality for FQDNs within Network Rules.

accepted values: false, true
--sku

SKU of Azure firewall. This field cannot be updated after the creation. The default sku in server end is AZFW_VNet. If you want to attach azure firewall to vhub, you should set sku to AZFW_Hub.

accepted values: AZFW_Hub, AZFW_VNet
--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--threat-intel-mode

The operation mode for Threat Intelligence.

accepted values: Alert, Deny, Off
--vhub --virtual-hub

Name or ID of the virtualHub to which the firewall belongs.

--zones -z

Space-separated list of availability zones into which to provision the resource.

accepted values: 1, 2, 3

az network firewall delete

Delete an Azure Firewall.

az network firewall delete --name
                           --resource-group

Required Parameters

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network firewall list

List Azure Firewalls.

az network firewall list [--resource-group]

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network firewall list-fqdn-tags

Gets all the Azure Firewall FQDN Tags in a subscription.

az network firewall list-fqdn-tags

az network firewall show

Get the details of an Azure Firewall.

az network firewall show --name
                         --resource-group

Required Parameters

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az network firewall update

Update an Azure Firewall.

az network firewall update --name
                           --resource-group
                           [--add]
                           [--allow-active-ftp {false, true}]
                           [--count]
                           [--dns-servers]
                           [--enable-dns-proxy {false, true}]
                           [--firewall-policy]
                           [--force-string]
                           [--private-ranges]
                           [--public-ips]
                           [--remove]
                           [--require-dns-proxy-for-network-rules {false, true}]
                           [--set]
                           [--tags]
                           [--threat-intel-mode {Alert, Deny, Off}]
                           [--vhub]
                           [--zones {1, 2, 3}]

Required Parameters

--name -n

Azure Firewall name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

--allow-active-ftp

Allow Active FTP. By default it is false. It's only allowed for azure firewall on virtual network.

accepted values: false, true
--count --public-ip-count

Number of Public IP Address associated with azure firewall. It's used to add public ip addresses into this firewall.

--dns-servers

Space-separated list of DNS server IP addresses.

--enable-dns-proxy

Enable DNS Proxy.

accepted values: false, true
--firewall-policy --policy

Name or ID of the firewallPolicy associated with this azure firewall.

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

--private-ranges

Space-separated list of SNAT private range. Validate values are single Ip, Ip prefixes or a single special value "IANAPrivateRanges".

--public-ips

Space-separated list of Public IP addresses associated with azure firewall. It's used to delete public ip addresses from this firewall.

--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--require-dns-proxy-for-network-rules

Requires DNS Proxy functionality for FQDNs within Network Rules.

accepted values: false, true
--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--threat-intel-mode

The operation mode for Threat Intelligence.

accepted values: Alert, Deny, Off
--vhub --virtual-hub

Name or ID of the virtualHub to which the firewall belongs.

--zones -z

Space-separated list of availability zones into which to provision the resource.

accepted values: 1, 2, 3