azure-native.network.AzureFirewall
Explore with Pulumi AI
Azure Firewall resource.
Uses Azure REST API version 2024-05-01. In version 2.x of the Azure Native provider, it used API version 2023-02-01.
Other available API versions: 2018-06-01, 2018-07-01, 2018-08-01, 2018-10-01, 2018-11-01, 2018-12-01, 2019-02-01, 2019-04-01, 2019-06-01, 2019-07-01, 2019-08-01, 2019-09-01, 2019-11-01, 2019-12-01, 2020-03-01, 2020-04-01, 2020-05-01, 2020-06-01, 2020-07-01, 2020-08-01, 2020-11-01, 2021-02-01, 2021-03-01, 2021-05-01, 2021-08-01, 2022-01-01, 2022-05-01, 2022-07-01, 2022-09-01, 2022-11-01, 2023-02-01, 2023-04-01, 2023-05-01, 2023-06-01, 2023-09-01, 2023-11-01, 2024-01-01, 2024-03-01. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native network [ApiVersion]. See the version guide for details.
Example Usage
Create Azure Firewall
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        Zones = new[] {},
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
				&network.AzureFirewallApplicationRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						&network.AzureFirewallApplicationRuleArgs{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								&network.AzureFirewallApplicationRuleProtocolArgs{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: network.AzureFirewallIPConfigurationArray{
				&network.AzureFirewallIPConfigurationArgs{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
				&network.AzureFirewallNatRuleCollectionArgs{
					Action: &network.AzureFirewallNatRCActionArgs{
						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
				&network.AzureFirewallNetworkRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                .name("apprulecoll")
                .priority(110)
                .rules(AzureFirewallApplicationRuleArgs.builder()
                    .description("Deny inbound rule")
                    .name("rule1")
                    .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                        .port(443)
                        .protocolType("Https")
                        .build())
                    .sourceAddresses(                    
                        "216.58.216.164",
                        "10.0.0.0/24")
                    .targetFqdns("www.test.com")
                    .build())
                .build())
            .azureFirewallName("azurefirewall")
            .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                    .build())
                .build())
            .location("West US")
            .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                .action(AzureFirewallNatRCActionArgs.builder()
                    .type("Dnat")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                .name("natrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all outbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("443")
                        .name("DNAT-HTTPS-traffic")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedAddress("1.2.3.5")
                        .translatedPort("8443")
                        .build(),
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all inbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("80")
                        .name("DNAT-HTTP-traffic-With-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedFqdn("internalhttpserver")
                        .translatedPort("880")
                        .build())
                .build())
            .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                .name("netrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports")
                        .destinationAddresses("*")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic")
                        .protocols("TCP")
                        .sourceAddresses(                        
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                        .build(),
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports to amazon")
                        .destinationFqdns("www.amazon.com")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic-with-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("10.2.4.12-10.2.4.255")
                        .build())
                .build())
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_VNet")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    zones: [],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [{
                "port": 443,
                "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
            }],
            "source_addresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "target_fqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location="West US",
    nat_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "D-NAT all outbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["443"],
                "name": "DNAT-HTTPS-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_address": "1.2.3.5",
                "translated_port": "8443",
            },
            {
                "description": "D-NAT all inbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["80"],
                "name": "DNAT-HTTP-traffic-With-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_fqdn": "internalhttpserver",
                "translated_port": "880",
            },
        ],
    }],
    network_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "Block traffic based on source IPs and ports",
                "destination_addresses": ["*"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                "description": "Block traffic based on source IPs and ports to amazon",
                "destination_fqdns": ["www.amazon.com"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic-with-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    zones=[])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []
Create Azure Firewall With Additional Properties
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        AdditionalProperties = 
        {
            { "key1", "value1" },
            { "key2", "value2" },
        },
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        Zones = new[] {},
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			AdditionalProperties: pulumi.StringMap{
				"key1": pulumi.String("value1"),
				"key2": pulumi.String("value2"),
			},
			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
				&network.AzureFirewallApplicationRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						&network.AzureFirewallApplicationRuleArgs{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								&network.AzureFirewallApplicationRuleProtocolArgs{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: network.AzureFirewallIPConfigurationArray{
				&network.AzureFirewallIPConfigurationArgs{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
				&network.AzureFirewallNatRuleCollectionArgs{
					Action: &network.AzureFirewallNatRCActionArgs{
						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
				&network.AzureFirewallNetworkRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .additionalProperties(Map.ofEntries(
                Map.entry("key1", "value1"),
                Map.entry("key2", "value2")
            ))
            .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                .name("apprulecoll")
                .priority(110)
                .rules(AzureFirewallApplicationRuleArgs.builder()
                    .description("Deny inbound rule")
                    .name("rule1")
                    .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                        .port(443)
                        .protocolType("Https")
                        .build())
                    .sourceAddresses(                    
                        "216.58.216.164",
                        "10.0.0.0/24")
                    .targetFqdns("www.test.com")
                    .build())
                .build())
            .azureFirewallName("azurefirewall")
            .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                    .build())
                .build())
            .location("West US")
            .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                .action(AzureFirewallNatRCActionArgs.builder()
                    .type("Dnat")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                .name("natrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all outbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("443")
                        .name("DNAT-HTTPS-traffic")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedAddress("1.2.3.5")
                        .translatedPort("8443")
                        .build(),
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all inbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("80")
                        .name("DNAT-HTTP-traffic-With-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedFqdn("internalhttpserver")
                        .translatedPort("880")
                        .build())
                .build())
            .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                .name("netrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports")
                        .destinationAddresses("*")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic")
                        .protocols("TCP")
                        .sourceAddresses(                        
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                        .build(),
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports to amazon")
                        .destinationFqdns("www.amazon.com")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic-with-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("10.2.4.12-10.2.4.255")
                        .build())
                .build())
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_VNet")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    additionalProperties: {
        key1: "value1",
        key2: "value2",
    },
    applicationRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    zones: [],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    additional_properties={
        "key1": "value1",
        "key2": "value2",
    },
    application_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [{
                "port": 443,
                "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
            }],
            "source_addresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "target_fqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location="West US",
    nat_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "D-NAT all outbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["443"],
                "name": "DNAT-HTTPS-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_address": "1.2.3.5",
                "translated_port": "8443",
            },
            {
                "description": "D-NAT all inbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["80"],
                "name": "DNAT-HTTP-traffic-With-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_fqdn": "internalhttpserver",
                "translated_port": "880",
            },
        ],
    }],
    network_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "Block traffic based on source IPs and ports",
                "destination_addresses": ["*"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                "description": "Block traffic based on source IPs and ports to amazon",
                "destination_fqdns": ["www.amazon.com"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic-with-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    zones=[])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      additionalProperties:
        key1: value1
        key2: value2
      applicationRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []
Create Azure Firewall With IpGroups
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        Zones = new[] {},
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
				&network.AzureFirewallApplicationRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						&network.AzureFirewallApplicationRuleArgs{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								&network.AzureFirewallApplicationRuleProtocolArgs{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: network.AzureFirewallIPConfigurationArray{
				&network.AzureFirewallIPConfigurationArgs{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
				&network.AzureFirewallNatRuleCollectionArgs{
					Action: &network.AzureFirewallNatRCActionArgs{
						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
				&network.AzureFirewallNetworkRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                .name("apprulecoll")
                .priority(110)
                .rules(AzureFirewallApplicationRuleArgs.builder()
                    .description("Deny inbound rule")
                    .name("rule1")
                    .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                        .port(443)
                        .protocolType("Https")
                        .build())
                    .sourceAddresses(                    
                        "216.58.216.164",
                        "10.0.0.0/24")
                    .targetFqdns("www.test.com")
                    .build())
                .build())
            .azureFirewallName("azurefirewall")
            .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                    .build())
                .build())
            .location("West US")
            .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                .action(AzureFirewallNatRCActionArgs.builder()
                    .type("Dnat")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                .name("natrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all outbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("443")
                        .name("DNAT-HTTPS-traffic")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedAddress("1.2.3.5")
                        .translatedPort("8443")
                        .build(),
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all inbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("80")
                        .name("DNAT-HTTP-traffic-With-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedFqdn("internalhttpserver")
                        .translatedPort("880")
                        .build())
                .build())
            .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                .name("netrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports")
                        .destinationAddresses("*")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic")
                        .protocols("TCP")
                        .sourceAddresses(                        
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                        .build(),
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports to amazon")
                        .destinationFqdns("www.amazon.com")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic-with-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("10.2.4.12-10.2.4.255")
                        .build())
                .build())
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_VNet")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    natRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    zones: [],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [{
                "port": 443,
                "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
            }],
            "source_addresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "target_fqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location="West US",
    nat_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "D-NAT all outbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["443"],
                "name": "DNAT-HTTPS-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_address": "1.2.3.5",
                "translated_port": "8443",
            },
            {
                "description": "D-NAT all inbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["80"],
                "name": "DNAT-HTTP-traffic-With-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_fqdn": "internalhttpserver",
                "translated_port": "880",
            },
        ],
    }],
    network_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "Block traffic based on source IPs and ports",
                "destination_addresses": ["*"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                "description": "Block traffic based on source IPs and ports to amazon",
                "destination_fqdns": ["www.amazon.com"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic-with-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    zones=[])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      natRuleCollections:
        - action:
            type: Dnat
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []
Create Azure Firewall With Zones
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US 2",
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        Zones = new[]
        {
            "1",
            "2",
            "3",
        },
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
				&network.AzureFirewallApplicationRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						&network.AzureFirewallApplicationRuleArgs{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								&network.AzureFirewallApplicationRuleProtocolArgs{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: network.AzureFirewallIPConfigurationArray{
				&network.AzureFirewallIPConfigurationArgs{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US 2"),
			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
				&network.AzureFirewallNatRuleCollectionArgs{
					Action: &network.AzureFirewallNatRCActionArgs{
						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
				&network.AzureFirewallNetworkRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			Zones: pulumi.StringArray{
				pulumi.String("1"),
				pulumi.String("2"),
				pulumi.String("3"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                .name("apprulecoll")
                .priority(110)
                .rules(AzureFirewallApplicationRuleArgs.builder()
                    .description("Deny inbound rule")
                    .name("rule1")
                    .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                        .port(443)
                        .protocolType("Https")
                        .build())
                    .sourceAddresses(                    
                        "216.58.216.164",
                        "10.0.0.0/24")
                    .targetFqdns("www.test.com")
                    .build())
                .build())
            .azureFirewallName("azurefirewall")
            .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                    .build())
                .build())
            .location("West US 2")
            .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                .action(AzureFirewallNatRCActionArgs.builder()
                    .type("Dnat")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                .name("natrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all outbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("443")
                        .name("DNAT-HTTPS-traffic")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedAddress("1.2.3.5")
                        .translatedPort("8443")
                        .build(),
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all inbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("80")
                        .name("DNAT-HTTP-traffic-With-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedFqdn("internalhttpserver")
                        .translatedPort("880")
                        .build())
                .build())
            .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                .name("netrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports")
                        .destinationAddresses("*")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic")
                        .protocols("TCP")
                        .sourceAddresses(                        
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                        .build(),
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports to amazon")
                        .destinationFqdns("www.amazon.com")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic-with-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("10.2.4.12-10.2.4.255")
                        .build())
                .build())
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_VNet")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones(            
                "1",
                "2",
                "3")
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US 2",
    natRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    zones: [
        "1",
        "2",
        "3",
    ],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [{
                "port": 443,
                "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
            }],
            "source_addresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "target_fqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location="West US 2",
    nat_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "D-NAT all outbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["443"],
                "name": "DNAT-HTTPS-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_address": "1.2.3.5",
                "translated_port": "8443",
            },
            {
                "description": "D-NAT all inbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["80"],
                "name": "DNAT-HTTP-traffic-With-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_fqdn": "internalhttpserver",
                "translated_port": "880",
            },
        ],
    }],
    network_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "Block traffic based on source IPs and ports",
                "destination_addresses": ["*"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                "description": "Block traffic based on source IPs and ports to amazon",
                "destination_fqdns": ["www.amazon.com"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic-with-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    zones=[
        "1",
        "2",
        "3",
    ])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US 2
      natRuleCollections:
        - action:
            type: Dnat
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones:
        - '1'
        - '2'
        - '3'
Create Azure Firewall With management subnet
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        ApplicationRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
                Name = "apprulecoll",
                Priority = 110,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                    {
                        Description = "Deny inbound rule",
                        Name = "rule1",
                        Protocols = new[]
                        {
                            new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                            {
                                Port = 443,
                                ProtocolType = AzureNative.Network.AzureFirewallApplicationRuleProtocolType.Https,
                            },
                        },
                        SourceAddresses = new[]
                        {
                            "216.58.216.164",
                            "10.0.0.0/24",
                        },
                        TargetFqdns = new[]
                        {
                            "www.test.com",
                        },
                    },
                },
            },
        },
        AzureFirewallName = "azurefirewall",
        IpConfigurations = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
            {
                Name = "azureFirewallIpConfiguration",
                PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
                },
                Subnet = new AzureNative.Network.Inputs.SubResourceArgs
                {
                    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
                },
            },
        },
        Location = "West US",
        ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
        {
            Name = "azureFirewallMgmtIpConfiguration",
            PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
            },
            Subnet = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
            },
        },
        NatRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallNatRCActionType.Dnat,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
                Name = "natrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all outbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "443",
                        },
                        Name = "DNAT-HTTPS-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedAddress = "1.2.3.5",
                        TranslatedPort = "8443",
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                    {
                        Description = "D-NAT all inbound web traffic for inspection",
                        DestinationAddresses = new[]
                        {
                            "1.2.3.4",
                        },
                        DestinationPorts = new[]
                        {
                            "80",
                        },
                        Name = "DNAT-HTTP-traffic-With-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "*",
                        },
                        TranslatedFqdn = "internalhttpserver",
                        TranslatedPort = "880",
                    },
                },
            },
        },
        NetworkRuleCollections = new[]
        {
            new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
            {
                Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
                {
                    Type = AzureNative.Network.AzureFirewallRCActionType.Deny,
                },
                Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
                Name = "netrulecoll",
                Priority = 112,
                Rules = new[]
                {
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports",
                        DestinationAddresses = new[]
                        {
                            "*",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255",
                        },
                    },
                    new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                    {
                        Description = "Block traffic based on source IPs and ports to amazon",
                        DestinationFqdns = new[]
                        {
                            "www.amazon.com",
                        },
                        DestinationPorts = new[]
                        {
                            "443-444",
                            "8443",
                        },
                        Name = "L4-traffic-with-FQDN",
                        Protocols = new[]
                        {
                            AzureNative.Network.AzureFirewallNetworkRuleProtocol.TCP,
                        },
                        SourceAddresses = new[]
                        {
                            "10.2.4.12-10.2.4.255",
                        },
                    },
                },
            },
        },
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_VNet,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        Zones = new[] {},
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
				&network.AzureFirewallApplicationRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll"),
					Name:     pulumi.String("apprulecoll"),
					Priority: pulumi.Int(110),
					Rules: network.AzureFirewallApplicationRuleArray{
						&network.AzureFirewallApplicationRuleArgs{
							Description: pulumi.String("Deny inbound rule"),
							Name:        pulumi.String("rule1"),
							Protocols: network.AzureFirewallApplicationRuleProtocolArray{
								&network.AzureFirewallApplicationRuleProtocolArgs{
									Port:         pulumi.Int(443),
									ProtocolType: pulumi.String(network.AzureFirewallApplicationRuleProtocolTypeHttps),
								},
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("216.58.216.164"),
								pulumi.String("10.0.0.0/24"),
							},
							TargetFqdns: pulumi.StringArray{
								pulumi.String("www.test.com"),
							},
						},
					},
				},
			},
			AzureFirewallName: pulumi.String("azurefirewall"),
			IpConfigurations: network.AzureFirewallIPConfigurationArray{
				&network.AzureFirewallIPConfigurationArgs{
					Name: pulumi.String("azureFirewallIpConfiguration"),
					PublicIPAddress: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"),
					},
					Subnet: &network.SubResourceArgs{
						Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"),
					},
				},
			},
			Location: pulumi.String("West US"),
			ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
				Name: pulumi.String("azureFirewallMgmtIpConfiguration"),
				PublicIPAddress: &network.SubResourceArgs{
					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName"),
				},
				Subnet: &network.SubResourceArgs{
					Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet"),
				},
			},
			NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
				&network.AzureFirewallNatRuleCollectionArgs{
					Action: &network.AzureFirewallNatRCActionArgs{
						Type: pulumi.String(network.AzureFirewallNatRCActionTypeDnat),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll"),
					Name:     pulumi.String("natrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNatRuleArray{
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all outbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443"),
							},
							Name: pulumi.String("DNAT-HTTPS-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedAddress: pulumi.String("1.2.3.5"),
							TranslatedPort:    pulumi.String("8443"),
						},
						&network.AzureFirewallNatRuleArgs{
							Description: pulumi.String("D-NAT all inbound web traffic for inspection"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("1.2.3.4"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("80"),
							},
							Name: pulumi.String("DNAT-HTTP-traffic-With-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							TranslatedFqdn: pulumi.String("internalhttpserver"),
							TranslatedPort: pulumi.String("880"),
						},
					},
				},
			},
			NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
				&network.AzureFirewallNetworkRuleCollectionArgs{
					Action: &network.AzureFirewallRCActionArgs{
						Type: pulumi.String(network.AzureFirewallRCActionTypeDeny),
					},
					Id:       pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll"),
					Name:     pulumi.String("netrulecoll"),
					Priority: pulumi.Int(112),
					Rules: network.AzureFirewallNetworkRuleArray{
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports"),
							DestinationAddresses: pulumi.StringArray{
								pulumi.String("*"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("192.168.1.1-192.168.1.12"),
								pulumi.String("10.1.4.12-10.1.4.255"),
							},
						},
						&network.AzureFirewallNetworkRuleArgs{
							Description: pulumi.String("Block traffic based on source IPs and ports to amazon"),
							DestinationFqdns: pulumi.StringArray{
								pulumi.String("www.amazon.com"),
							},
							DestinationPorts: pulumi.StringArray{
								pulumi.String("443-444"),
								pulumi.String("8443"),
							},
							Name: pulumi.String("L4-traffic-with-FQDN"),
							Protocols: pulumi.StringArray{
								pulumi.String(network.AzureFirewallNetworkRuleProtocolTCP),
							},
							SourceAddresses: pulumi.StringArray{
								pulumi.String("10.2.4.12-10.2.4.255"),
							},
						},
					},
				},
			},
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_VNet),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			Zones:           pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallApplicationRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallIPConfigurationArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNatRCActionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallNetworkRuleCollectionArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll")
                .name("apprulecoll")
                .priority(110)
                .rules(AzureFirewallApplicationRuleArgs.builder()
                    .description("Deny inbound rule")
                    .name("rule1")
                    .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                        .port(443)
                        .protocolType("Https")
                        .build())
                    .sourceAddresses(                    
                        "216.58.216.164",
                        "10.0.0.0/24")
                    .targetFqdns("www.test.com")
                    .build())
                .build())
            .azureFirewallName("azurefirewall")
            .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet")
                    .build())
                .build())
            .location("West US")
            .managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
                .name("azureFirewallMgmtIpConfiguration")
                .publicIPAddress(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName")
                    .build())
                .subnet(SubResourceArgs.builder()
                    .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet")
                    .build())
                .build())
            .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
                .action(AzureFirewallNatRCActionArgs.builder()
                    .type("Dnat")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll")
                .name("natrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all outbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("443")
                        .name("DNAT-HTTPS-traffic")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedAddress("1.2.3.5")
                        .translatedPort("8443")
                        .build(),
                    AzureFirewallNatRuleArgs.builder()
                        .description("D-NAT all inbound web traffic for inspection")
                        .destinationAddresses("1.2.3.4")
                        .destinationPorts("80")
                        .name("DNAT-HTTP-traffic-With-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("*")
                        .translatedFqdn("internalhttpserver")
                        .translatedPort("880")
                        .build())
                .build())
            .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
                .action(AzureFirewallRCActionArgs.builder()
                    .type("Deny")
                    .build())
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll")
                .name("netrulecoll")
                .priority(112)
                .rules(                
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports")
                        .destinationAddresses("*")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic")
                        .protocols("TCP")
                        .sourceAddresses(                        
                            "192.168.1.1-192.168.1.12",
                            "10.1.4.12-10.1.4.255")
                        .build(),
                    AzureFirewallNetworkRuleArgs.builder()
                        .description("Block traffic based on source IPs and ports to amazon")
                        .destinationFqdns("www.amazon.com")
                        .destinationPorts(                        
                            "443-444",
                            "8443")
                        .name("L4-traffic-with-FQDN")
                        .protocols("TCP")
                        .sourceAddresses("10.2.4.12-10.2.4.255")
                        .build())
                .build())
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_VNet")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .zones()
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    applicationRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        name: "apprulecoll",
        priority: 110,
        rules: [{
            description: "Deny inbound rule",
            name: "rule1",
            protocols: [{
                port: 443,
                protocolType: azure_native.network.AzureFirewallApplicationRuleProtocolType.Https,
            }],
            sourceAddresses: [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            targetFqdns: ["www.test.com"],
        }],
    }],
    azureFirewallName: "azurefirewall",
    ipConfigurations: [{
        name: "azureFirewallIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location: "West US",
    managementIpConfiguration: {
        name: "azureFirewallMgmtIpConfiguration",
        publicIPAddress: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
        },
        subnet: {
            id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
        },
    },
    natRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallNatRCActionType.Dnat,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        name: "natrulecoll",
        priority: 112,
        rules: [
            {
                description: "D-NAT all outbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["443"],
                name: "DNAT-HTTPS-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedAddress: "1.2.3.5",
                translatedPort: "8443",
            },
            {
                description: "D-NAT all inbound web traffic for inspection",
                destinationAddresses: ["1.2.3.4"],
                destinationPorts: ["80"],
                name: "DNAT-HTTP-traffic-With-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["*"],
                translatedFqdn: "internalhttpserver",
                translatedPort: "880",
            },
        ],
    }],
    networkRuleCollections: [{
        action: {
            type: azure_native.network.AzureFirewallRCActionType.Deny,
        },
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        name: "netrulecoll",
        priority: 112,
        rules: [
            {
                description: "Block traffic based on source IPs and ports",
                destinationAddresses: ["*"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                description: "Block traffic based on source IPs and ports to amazon",
                destinationFqdns: ["www.amazon.com"],
                destinationPorts: [
                    "443-444",
                    "8443",
                ],
                name: "L4-traffic-with-FQDN",
                protocols: [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                sourceAddresses: ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_VNet,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    zones: [],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    application_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll",
        "name": "apprulecoll",
        "priority": 110,
        "rules": [{
            "description": "Deny inbound rule",
            "name": "rule1",
            "protocols": [{
                "port": 443,
                "protocol_type": azure_native.network.AzureFirewallApplicationRuleProtocolType.HTTPS,
            }],
            "source_addresses": [
                "216.58.216.164",
                "10.0.0.0/24",
            ],
            "target_fqdns": ["www.test.com"],
        }],
    }],
    azure_firewall_name="azurefirewall",
    ip_configurations=[{
        "name": "azureFirewallIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet",
        },
    }],
    location="West US",
    management_ip_configuration={
        "name": "azureFirewallMgmtIpConfiguration",
        "public_ip_address": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName",
        },
        "subnet": {
            "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet",
        },
    },
    nat_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallNatRCActionType.DNAT,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll",
        "name": "natrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "D-NAT all outbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["443"],
                "name": "DNAT-HTTPS-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_address": "1.2.3.5",
                "translated_port": "8443",
            },
            {
                "description": "D-NAT all inbound web traffic for inspection",
                "destination_addresses": ["1.2.3.4"],
                "destination_ports": ["80"],
                "name": "DNAT-HTTP-traffic-With-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["*"],
                "translated_fqdn": "internalhttpserver",
                "translated_port": "880",
            },
        ],
    }],
    network_rule_collections=[{
        "action": {
            "type": azure_native.network.AzureFirewallRCActionType.DENY,
        },
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll",
        "name": "netrulecoll",
        "priority": 112,
        "rules": [
            {
                "description": "Block traffic based on source IPs and ports",
                "destination_addresses": ["*"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": [
                    "192.168.1.1-192.168.1.12",
                    "10.1.4.12-10.1.4.255",
                ],
            },
            {
                "description": "Block traffic based on source IPs and ports to amazon",
                "destination_fqdns": ["www.amazon.com"],
                "destination_ports": [
                    "443-444",
                    "8443",
                ],
                "name": "L4-traffic-with-FQDN",
                "protocols": [azure_native.network.AzureFirewallNetworkRuleProtocol.TCP],
                "source_addresses": ["10.2.4.12-10.2.4.255"],
            },
        ],
    }],
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_V_NET,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    zones=[])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      applicationRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/applicationRuleCollections/apprulecoll
          name: apprulecoll
          priority: 110
          rules:
            - description: Deny inbound rule
              name: rule1
              protocols:
                - port: 443
                  protocolType: Https
              sourceAddresses:
                - 216.58.216.164
                - 10.0.0.0/24
              targetFqdns:
                - www.test.com
      azureFirewallName: azurefirewall
      ipConfigurations:
        - name: azureFirewallIpConfiguration
          publicIPAddress:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName
          subnet:
            id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet
      location: West US
      managementIpConfiguration:
        name: azureFirewallMgmtIpConfiguration
        publicIPAddress:
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/managementPipName
        subnet:
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallManagementSubnet
      natRuleCollections:
        - action:
            type: Dnat
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/natRuleCollections/natrulecoll
          name: natrulecoll
          priority: 112
          rules:
            - description: D-NAT all outbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '443'
              name: DNAT-HTTPS-traffic
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedAddress: 1.2.3.5
              translatedPort: '8443'
            - description: D-NAT all inbound web traffic for inspection
              destinationAddresses:
                - 1.2.3.4
              destinationPorts:
                - '80'
              name: DNAT-HTTP-traffic-With-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - '*'
              translatedFqdn: internalhttpserver
              translatedPort: '880'
      networkRuleCollections:
        - action:
            type: Deny
          id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall/networkRuleCollections/netrulecoll
          name: netrulecoll
          priority: 112
          rules:
            - description: Block traffic based on source IPs and ports
              destinationAddresses:
                - '*'
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic
              protocols:
                - TCP
              sourceAddresses:
                - 192.168.1.1-192.168.1.12
                - 10.1.4.12-10.1.4.255
            - description: Block traffic based on source IPs and ports to amazon
              destinationFqdns:
                - www.amazon.com
              destinationPorts:
                - 443-444
                - '8443'
              name: L4-traffic-with-FQDN
              protocols:
                - TCP
              sourceAddresses:
                - 10.2.4.12-10.2.4.255
      resourceGroupName: rg1
      sku:
        name: AZFW_VNet
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      zones: []
Create Azure Firewall in virtual Hub
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() => 
{
    var azureFirewall = new AzureNative.Network.AzureFirewall("azureFirewall", new()
    {
        AzureFirewallName = "azurefirewall",
        FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
        },
        HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
        {
            PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
            {
                Addresses = new() { },
                Count = 1,
            },
        },
        Location = "West US",
        ResourceGroupName = "rg1",
        Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
        {
            Name = AzureNative.Network.AzureFirewallSkuName.AZFW_Hub,
            Tier = AzureNative.Network.AzureFirewallSkuTier.Standard,
        },
        Tags = 
        {
            { "key1", "value1" },
        },
        ThreatIntelMode = AzureNative.Network.AzureFirewallThreatIntelMode.Alert,
        VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
        },
        Zones = new[] {},
    });
});
package main
import (
	network "github.com/pulumi/pulumi-azure-native-sdk/network/v3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := network.NewAzureFirewall(ctx, "azureFirewall", &network.AzureFirewallArgs{
			AzureFirewallName: pulumi.String("azurefirewall"),
			FirewallPolicy: &network.SubResourceArgs{
				Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1"),
			},
			HubIPAddresses: &network.HubIPAddressesArgs{
				PublicIPs: &network.HubPublicIPAddressesArgs{
					Addresses: network.AzureFirewallPublicIPAddressArray{},
					Count:     pulumi.Int(1),
				},
			},
			Location:          pulumi.String("West US"),
			ResourceGroupName: pulumi.String("rg1"),
			Sku: &network.AzureFirewallSkuArgs{
				Name: pulumi.String(network.AzureFirewallSkuName_AZFW_Hub),
				Tier: pulumi.String(network.AzureFirewallSkuTierStandard),
			},
			Tags: pulumi.StringMap{
				"key1": pulumi.String("value1"),
			},
			ThreatIntelMode: pulumi.String(network.AzureFirewallThreatIntelModeAlert),
			VirtualHub: &network.SubResourceArgs{
				Id: pulumi.String("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1"),
			},
			Zones: pulumi.StringArray{},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.network.AzureFirewall;
import com.pulumi.azurenative.network.AzureFirewallArgs;
import com.pulumi.azurenative.network.inputs.SubResourceArgs;
import com.pulumi.azurenative.network.inputs.HubIPAddressesArgs;
import com.pulumi.azurenative.network.inputs.HubPublicIPAddressesArgs;
import com.pulumi.azurenative.network.inputs.AzureFirewallSkuArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var azureFirewall = new AzureFirewall("azureFirewall", AzureFirewallArgs.builder()
            .azureFirewallName("azurefirewall")
            .firewallPolicy(SubResourceArgs.builder()
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1")
                .build())
            .hubIPAddresses(HubIPAddressesArgs.builder()
                .publicIPs(HubPublicIPAddressesArgs.builder()
                    .addresses()
                    .count(1)
                    .build())
                .build())
            .location("West US")
            .resourceGroupName("rg1")
            .sku(AzureFirewallSkuArgs.builder()
                .name("AZFW_Hub")
                .tier("Standard")
                .build())
            .tags(Map.of("key1", "value1"))
            .threatIntelMode("Alert")
            .virtualHub(SubResourceArgs.builder()
                .id("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1")
                .build())
            .zones()
            .build());
    }
}
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const azureFirewall = new azure_native.network.AzureFirewall("azureFirewall", {
    azureFirewallName: "azurefirewall",
    firewallPolicy: {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
    },
    hubIPAddresses: {
        publicIPs: {
            addresses: [],
            count: 1,
        },
    },
    location: "West US",
    resourceGroupName: "rg1",
    sku: {
        name: azure_native.network.AzureFirewallSkuName.AZFW_Hub,
        tier: azure_native.network.AzureFirewallSkuTier.Standard,
    },
    tags: {
        key1: "value1",
    },
    threatIntelMode: azure_native.network.AzureFirewallThreatIntelMode.Alert,
    virtualHub: {
        id: "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
    },
    zones: [],
});
import pulumi
import pulumi_azure_native as azure_native
azure_firewall = azure_native.network.AzureFirewall("azureFirewall",
    azure_firewall_name="azurefirewall",
    firewall_policy={
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1",
    },
    hub_ip_addresses={
        "public_ips": {
            "addresses": [],
            "count": 1,
        },
    },
    location="West US",
    resource_group_name="rg1",
    sku={
        "name": azure_native.network.AzureFirewallSkuName.AZF_W_HUB,
        "tier": azure_native.network.AzureFirewallSkuTier.STANDARD,
    },
    tags={
        "key1": "value1",
    },
    threat_intel_mode=azure_native.network.AzureFirewallThreatIntelMode.ALERT,
    virtual_hub={
        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1",
    },
    zones=[])
resources:
  azureFirewall:
    type: azure-native:network:AzureFirewall
    properties:
      azureFirewallName: azurefirewall
      firewallPolicy:
        id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/policy1
      hubIPAddresses:
        publicIPs:
          addresses: []
          count: 1
      location: West US
      resourceGroupName: rg1
      sku:
        name: AZFW_Hub
        tier: Standard
      tags:
        key1: value1
      threatIntelMode: Alert
      virtualHub:
        id: /subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualHubs/hub1
      zones: []
Create AzureFirewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new AzureFirewall(name: string, args: AzureFirewallArgs, opts?: CustomResourceOptions);@overload
def AzureFirewall(resource_name: str,
                  args: AzureFirewallArgs,
                  opts: Optional[ResourceOptions] = None)
@overload
def AzureFirewall(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  resource_group_name: Optional[str] = None,
                  firewall_policy: Optional[SubResourceArgs] = None,
                  nat_rule_collections: Optional[Sequence[AzureFirewallNatRuleCollectionArgs]] = None,
                  azure_firewall_name: Optional[str] = None,
                  additional_properties: Optional[Mapping[str, str]] = None,
                  hub_ip_addresses: Optional[HubIPAddressesArgs] = None,
                  id: Optional[str] = None,
                  ip_configurations: Optional[Sequence[AzureFirewallIPConfigurationArgs]] = None,
                  location: Optional[str] = None,
                  autoscale_configuration: Optional[AzureFirewallAutoscaleConfigurationArgs] = None,
                  network_rule_collections: Optional[Sequence[AzureFirewallNetworkRuleCollectionArgs]] = None,
                  management_ip_configuration: Optional[AzureFirewallIPConfigurationArgs] = None,
                  application_rule_collections: Optional[Sequence[AzureFirewallApplicationRuleCollectionArgs]] = None,
                  sku: Optional[AzureFirewallSkuArgs] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  threat_intel_mode: Optional[Union[str, AzureFirewallThreatIntelMode]] = None,
                  virtual_hub: Optional[SubResourceArgs] = None,
                  zones: Optional[Sequence[str]] = None)func NewAzureFirewall(ctx *Context, name string, args AzureFirewallArgs, opts ...ResourceOption) (*AzureFirewall, error)public AzureFirewall(string name, AzureFirewallArgs args, CustomResourceOptions? opts = null)
public AzureFirewall(String name, AzureFirewallArgs args)
public AzureFirewall(String name, AzureFirewallArgs args, CustomResourceOptions options)
type: azure-native:network:AzureFirewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AzureFirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var azureFirewallResource = new AzureNative.Network.AzureFirewall("azureFirewallResource", new()
{
    ResourceGroupName = "string",
    FirewallPolicy = new AzureNative.Network.Inputs.SubResourceArgs
    {
        Id = "string",
    },
    NatRuleCollections = new[]
    {
        new AzureNative.Network.Inputs.AzureFirewallNatRuleCollectionArgs
        {
            Action = new AzureNative.Network.Inputs.AzureFirewallNatRCActionArgs
            {
                Type = "string",
            },
            Id = "string",
            Name = "string",
            Priority = 0,
            Rules = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNatRuleArgs
                {
                    Description = "string",
                    DestinationAddresses = new[]
                    {
                        "string",
                    },
                    DestinationPorts = new[]
                    {
                        "string",
                    },
                    Name = "string",
                    Protocols = new[]
                    {
                        "string",
                    },
                    SourceAddresses = new[]
                    {
                        "string",
                    },
                    SourceIpGroups = new[]
                    {
                        "string",
                    },
                    TranslatedAddress = "string",
                    TranslatedFqdn = "string",
                    TranslatedPort = "string",
                },
            },
        },
    },
    AzureFirewallName = "string",
    AdditionalProperties = 
    {
        { "string", "string" },
    },
    HubIPAddresses = new AzureNative.Network.Inputs.HubIPAddressesArgs
    {
        PrivateIPAddress = "string",
        PublicIPs = new AzureNative.Network.Inputs.HubPublicIPAddressesArgs
        {
            Addresses = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallPublicIPAddressArgs
                {
                    Address = "string",
                },
            },
            Count = 0,
        },
    },
    Id = "string",
    IpConfigurations = new[]
    {
        new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
        {
            Id = "string",
            Name = "string",
            PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "string",
            },
            Subnet = new AzureNative.Network.Inputs.SubResourceArgs
            {
                Id = "string",
            },
        },
    },
    Location = "string",
    AutoscaleConfiguration = new AzureNative.Network.Inputs.AzureFirewallAutoscaleConfigurationArgs
    {
        MaxCapacity = 0,
        MinCapacity = 0,
    },
    NetworkRuleCollections = new[]
    {
        new AzureNative.Network.Inputs.AzureFirewallNetworkRuleCollectionArgs
        {
            Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
            {
                Type = "string",
            },
            Id = "string",
            Name = "string",
            Priority = 0,
            Rules = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallNetworkRuleArgs
                {
                    Description = "string",
                    DestinationAddresses = new[]
                    {
                        "string",
                    },
                    DestinationFqdns = new[]
                    {
                        "string",
                    },
                    DestinationIpGroups = new[]
                    {
                        "string",
                    },
                    DestinationPorts = new[]
                    {
                        "string",
                    },
                    Name = "string",
                    Protocols = new[]
                    {
                        "string",
                    },
                    SourceAddresses = new[]
                    {
                        "string",
                    },
                    SourceIpGroups = new[]
                    {
                        "string",
                    },
                },
            },
        },
    },
    ManagementIpConfiguration = new AzureNative.Network.Inputs.AzureFirewallIPConfigurationArgs
    {
        Id = "string",
        Name = "string",
        PublicIPAddress = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "string",
        },
        Subnet = new AzureNative.Network.Inputs.SubResourceArgs
        {
            Id = "string",
        },
    },
    ApplicationRuleCollections = new[]
    {
        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleCollectionArgs
        {
            Action = new AzureNative.Network.Inputs.AzureFirewallRCActionArgs
            {
                Type = "string",
            },
            Id = "string",
            Name = "string",
            Priority = 0,
            Rules = new[]
            {
                new AzureNative.Network.Inputs.AzureFirewallApplicationRuleArgs
                {
                    Description = "string",
                    FqdnTags = new[]
                    {
                        "string",
                    },
                    Name = "string",
                    Protocols = new[]
                    {
                        new AzureNative.Network.Inputs.AzureFirewallApplicationRuleProtocolArgs
                        {
                            Port = 0,
                            ProtocolType = "string",
                        },
                    },
                    SourceAddresses = new[]
                    {
                        "string",
                    },
                    SourceIpGroups = new[]
                    {
                        "string",
                    },
                    TargetFqdns = new[]
                    {
                        "string",
                    },
                },
            },
        },
    },
    Sku = new AzureNative.Network.Inputs.AzureFirewallSkuArgs
    {
        Name = "string",
        Tier = "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    ThreatIntelMode = "string",
    VirtualHub = new AzureNative.Network.Inputs.SubResourceArgs
    {
        Id = "string",
    },
    Zones = new[]
    {
        "string",
    },
});
example, err := network.NewAzureFirewall(ctx, "azureFirewallResource", &network.AzureFirewallArgs{
	ResourceGroupName: pulumi.String("string"),
	FirewallPolicy: &network.SubResourceArgs{
		Id: pulumi.String("string"),
	},
	NatRuleCollections: network.AzureFirewallNatRuleCollectionArray{
		&network.AzureFirewallNatRuleCollectionArgs{
			Action: &network.AzureFirewallNatRCActionArgs{
				Type: pulumi.String("string"),
			},
			Id:       pulumi.String("string"),
			Name:     pulumi.String("string"),
			Priority: pulumi.Int(0),
			Rules: network.AzureFirewallNatRuleArray{
				&network.AzureFirewallNatRuleArgs{
					Description: pulumi.String("string"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("string"),
					},
					DestinationPorts: pulumi.StringArray{
						pulumi.String("string"),
					},
					Name: pulumi.String("string"),
					Protocols: pulumi.StringArray{
						pulumi.String("string"),
					},
					SourceAddresses: pulumi.StringArray{
						pulumi.String("string"),
					},
					SourceIpGroups: pulumi.StringArray{
						pulumi.String("string"),
					},
					TranslatedAddress: pulumi.String("string"),
					TranslatedFqdn:    pulumi.String("string"),
					TranslatedPort:    pulumi.String("string"),
				},
			},
		},
	},
	AzureFirewallName: pulumi.String("string"),
	AdditionalProperties: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	HubIPAddresses: &network.HubIPAddressesArgs{
		PrivateIPAddress: pulumi.String("string"),
		PublicIPs: &network.HubPublicIPAddressesArgs{
			Addresses: network.AzureFirewallPublicIPAddressArray{
				&network.AzureFirewallPublicIPAddressArgs{
					Address: pulumi.String("string"),
				},
			},
			Count: pulumi.Int(0),
		},
	},
	Id: pulumi.String("string"),
	IpConfigurations: network.AzureFirewallIPConfigurationArray{
		&network.AzureFirewallIPConfigurationArgs{
			Id:   pulumi.String("string"),
			Name: pulumi.String("string"),
			PublicIPAddress: &network.SubResourceArgs{
				Id: pulumi.String("string"),
			},
			Subnet: &network.SubResourceArgs{
				Id: pulumi.String("string"),
			},
		},
	},
	Location: pulumi.String("string"),
	AutoscaleConfiguration: &network.AzureFirewallAutoscaleConfigurationArgs{
		MaxCapacity: pulumi.Int(0),
		MinCapacity: pulumi.Int(0),
	},
	NetworkRuleCollections: network.AzureFirewallNetworkRuleCollectionArray{
		&network.AzureFirewallNetworkRuleCollectionArgs{
			Action: &network.AzureFirewallRCActionArgs{
				Type: pulumi.String("string"),
			},
			Id:       pulumi.String("string"),
			Name:     pulumi.String("string"),
			Priority: pulumi.Int(0),
			Rules: network.AzureFirewallNetworkRuleArray{
				&network.AzureFirewallNetworkRuleArgs{
					Description: pulumi.String("string"),
					DestinationAddresses: pulumi.StringArray{
						pulumi.String("string"),
					},
					DestinationFqdns: pulumi.StringArray{
						pulumi.String("string"),
					},
					DestinationIpGroups: pulumi.StringArray{
						pulumi.String("string"),
					},
					DestinationPorts: pulumi.StringArray{
						pulumi.String("string"),
					},
					Name: pulumi.String("string"),
					Protocols: pulumi.StringArray{
						pulumi.String("string"),
					},
					SourceAddresses: pulumi.StringArray{
						pulumi.String("string"),
					},
					SourceIpGroups: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
		},
	},
	ManagementIpConfiguration: &network.AzureFirewallIPConfigurationArgs{
		Id:   pulumi.String("string"),
		Name: pulumi.String("string"),
		PublicIPAddress: &network.SubResourceArgs{
			Id: pulumi.String("string"),
		},
		Subnet: &network.SubResourceArgs{
			Id: pulumi.String("string"),
		},
	},
	ApplicationRuleCollections: network.AzureFirewallApplicationRuleCollectionArray{
		&network.AzureFirewallApplicationRuleCollectionArgs{
			Action: &network.AzureFirewallRCActionArgs{
				Type: pulumi.String("string"),
			},
			Id:       pulumi.String("string"),
			Name:     pulumi.String("string"),
			Priority: pulumi.Int(0),
			Rules: network.AzureFirewallApplicationRuleArray{
				&network.AzureFirewallApplicationRuleArgs{
					Description: pulumi.String("string"),
					FqdnTags: pulumi.StringArray{
						pulumi.String("string"),
					},
					Name: pulumi.String("string"),
					Protocols: network.AzureFirewallApplicationRuleProtocolArray{
						&network.AzureFirewallApplicationRuleProtocolArgs{
							Port:         pulumi.Int(0),
							ProtocolType: pulumi.String("string"),
						},
					},
					SourceAddresses: pulumi.StringArray{
						pulumi.String("string"),
					},
					SourceIpGroups: pulumi.StringArray{
						pulumi.String("string"),
					},
					TargetFqdns: pulumi.StringArray{
						pulumi.String("string"),
					},
				},
			},
		},
	},
	Sku: &network.AzureFirewallSkuArgs{
		Name: pulumi.String("string"),
		Tier: pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	ThreatIntelMode: pulumi.String("string"),
	VirtualHub: &network.SubResourceArgs{
		Id: pulumi.String("string"),
	},
	Zones: pulumi.StringArray{
		pulumi.String("string"),
	},
})
var azureFirewallResource = new AzureFirewall("azureFirewallResource", AzureFirewallArgs.builder()
    .resourceGroupName("string")
    .firewallPolicy(SubResourceArgs.builder()
        .id("string")
        .build())
    .natRuleCollections(AzureFirewallNatRuleCollectionArgs.builder()
        .action(AzureFirewallNatRCActionArgs.builder()
            .type("string")
            .build())
        .id("string")
        .name("string")
        .priority(0)
        .rules(AzureFirewallNatRuleArgs.builder()
            .description("string")
            .destinationAddresses("string")
            .destinationPorts("string")
            .name("string")
            .protocols("string")
            .sourceAddresses("string")
            .sourceIpGroups("string")
            .translatedAddress("string")
            .translatedFqdn("string")
            .translatedPort("string")
            .build())
        .build())
    .azureFirewallName("string")
    .additionalProperties(Map.of("string", "string"))
    .hubIPAddresses(HubIPAddressesArgs.builder()
        .privateIPAddress("string")
        .publicIPs(HubPublicIPAddressesArgs.builder()
            .addresses(AzureFirewallPublicIPAddressArgs.builder()
                .address("string")
                .build())
            .count(0)
            .build())
        .build())
    .id("string")
    .ipConfigurations(AzureFirewallIPConfigurationArgs.builder()
        .id("string")
        .name("string")
        .publicIPAddress(SubResourceArgs.builder()
            .id("string")
            .build())
        .subnet(SubResourceArgs.builder()
            .id("string")
            .build())
        .build())
    .location("string")
    .autoscaleConfiguration(AzureFirewallAutoscaleConfigurationArgs.builder()
        .maxCapacity(0)
        .minCapacity(0)
        .build())
    .networkRuleCollections(AzureFirewallNetworkRuleCollectionArgs.builder()
        .action(AzureFirewallRCActionArgs.builder()
            .type("string")
            .build())
        .id("string")
        .name("string")
        .priority(0)
        .rules(AzureFirewallNetworkRuleArgs.builder()
            .description("string")
            .destinationAddresses("string")
            .destinationFqdns("string")
            .destinationIpGroups("string")
            .destinationPorts("string")
            .name("string")
            .protocols("string")
            .sourceAddresses("string")
            .sourceIpGroups("string")
            .build())
        .build())
    .managementIpConfiguration(AzureFirewallIPConfigurationArgs.builder()
        .id("string")
        .name("string")
        .publicIPAddress(SubResourceArgs.builder()
            .id("string")
            .build())
        .subnet(SubResourceArgs.builder()
            .id("string")
            .build())
        .build())
    .applicationRuleCollections(AzureFirewallApplicationRuleCollectionArgs.builder()
        .action(AzureFirewallRCActionArgs.builder()
            .type("string")
            .build())
        .id("string")
        .name("string")
        .priority(0)
        .rules(AzureFirewallApplicationRuleArgs.builder()
            .description("string")
            .fqdnTags("string")
            .name("string")
            .protocols(AzureFirewallApplicationRuleProtocolArgs.builder()
                .port(0)
                .protocolType("string")
                .build())
            .sourceAddresses("string")
            .sourceIpGroups("string")
            .targetFqdns("string")
            .build())
        .build())
    .sku(AzureFirewallSkuArgs.builder()
        .name("string")
        .tier("string")
        .build())
    .tags(Map.of("string", "string"))
    .threatIntelMode("string")
    .virtualHub(SubResourceArgs.builder()
        .id("string")
        .build())
    .zones("string")
    .build());
azure_firewall_resource = azure_native.network.AzureFirewall("azureFirewallResource",
    resource_group_name="string",
    firewall_policy={
        "id": "string",
    },
    nat_rule_collections=[{
        "action": {
            "type": "string",
        },
        "id": "string",
        "name": "string",
        "priority": 0,
        "rules": [{
            "description": "string",
            "destination_addresses": ["string"],
            "destination_ports": ["string"],
            "name": "string",
            "protocols": ["string"],
            "source_addresses": ["string"],
            "source_ip_groups": ["string"],
            "translated_address": "string",
            "translated_fqdn": "string",
            "translated_port": "string",
        }],
    }],
    azure_firewall_name="string",
    additional_properties={
        "string": "string",
    },
    hub_ip_addresses={
        "private_ip_address": "string",
        "public_ips": {
            "addresses": [{
                "address": "string",
            }],
            "count": 0,
        },
    },
    id="string",
    ip_configurations=[{
        "id": "string",
        "name": "string",
        "public_ip_address": {
            "id": "string",
        },
        "subnet": {
            "id": "string",
        },
    }],
    location="string",
    autoscale_configuration={
        "max_capacity": 0,
        "min_capacity": 0,
    },
    network_rule_collections=[{
        "action": {
            "type": "string",
        },
        "id": "string",
        "name": "string",
        "priority": 0,
        "rules": [{
            "description": "string",
            "destination_addresses": ["string"],
            "destination_fqdns": ["string"],
            "destination_ip_groups": ["string"],
            "destination_ports": ["string"],
            "name": "string",
            "protocols": ["string"],
            "source_addresses": ["string"],
            "source_ip_groups": ["string"],
        }],
    }],
    management_ip_configuration={
        "id": "string",
        "name": "string",
        "public_ip_address": {
            "id": "string",
        },
        "subnet": {
            "id": "string",
        },
    },
    application_rule_collections=[{
        "action": {
            "type": "string",
        },
        "id": "string",
        "name": "string",
        "priority": 0,
        "rules": [{
            "description": "string",
            "fqdn_tags": ["string"],
            "name": "string",
            "protocols": [{
                "port": 0,
                "protocol_type": "string",
            }],
            "source_addresses": ["string"],
            "source_ip_groups": ["string"],
            "target_fqdns": ["string"],
        }],
    }],
    sku={
        "name": "string",
        "tier": "string",
    },
    tags={
        "string": "string",
    },
    threat_intel_mode="string",
    virtual_hub={
        "id": "string",
    },
    zones=["string"])
const azureFirewallResource = new azure_native.network.AzureFirewall("azureFirewallResource", {
    resourceGroupName: "string",
    firewallPolicy: {
        id: "string",
    },
    natRuleCollections: [{
        action: {
            type: "string",
        },
        id: "string",
        name: "string",
        priority: 0,
        rules: [{
            description: "string",
            destinationAddresses: ["string"],
            destinationPorts: ["string"],
            name: "string",
            protocols: ["string"],
            sourceAddresses: ["string"],
            sourceIpGroups: ["string"],
            translatedAddress: "string",
            translatedFqdn: "string",
            translatedPort: "string",
        }],
    }],
    azureFirewallName: "string",
    additionalProperties: {
        string: "string",
    },
    hubIPAddresses: {
        privateIPAddress: "string",
        publicIPs: {
            addresses: [{
                address: "string",
            }],
            count: 0,
        },
    },
    id: "string",
    ipConfigurations: [{
        id: "string",
        name: "string",
        publicIPAddress: {
            id: "string",
        },
        subnet: {
            id: "string",
        },
    }],
    location: "string",
    autoscaleConfiguration: {
        maxCapacity: 0,
        minCapacity: 0,
    },
    networkRuleCollections: [{
        action: {
            type: "string",
        },
        id: "string",
        name: "string",
        priority: 0,
        rules: [{
            description: "string",
            destinationAddresses: ["string"],
            destinationFqdns: ["string"],
            destinationIpGroups: ["string"],
            destinationPorts: ["string"],
            name: "string",
            protocols: ["string"],
            sourceAddresses: ["string"],
            sourceIpGroups: ["string"],
        }],
    }],
    managementIpConfiguration: {
        id: "string",
        name: "string",
        publicIPAddress: {
            id: "string",
        },
        subnet: {
            id: "string",
        },
    },
    applicationRuleCollections: [{
        action: {
            type: "string",
        },
        id: "string",
        name: "string",
        priority: 0,
        rules: [{
            description: "string",
            fqdnTags: ["string"],
            name: "string",
            protocols: [{
                port: 0,
                protocolType: "string",
            }],
            sourceAddresses: ["string"],
            sourceIpGroups: ["string"],
            targetFqdns: ["string"],
        }],
    }],
    sku: {
        name: "string",
        tier: "string",
    },
    tags: {
        string: "string",
    },
    threatIntelMode: "string",
    virtualHub: {
        id: "string",
    },
    zones: ["string"],
});
type: azure-native:network:AzureFirewall
properties:
    additionalProperties:
        string: string
    applicationRuleCollections:
        - action:
            type: string
          id: string
          name: string
          priority: 0
          rules:
            - description: string
              fqdnTags:
                - string
              name: string
              protocols:
                - port: 0
                  protocolType: string
              sourceAddresses:
                - string
              sourceIpGroups:
                - string
              targetFqdns:
                - string
    autoscaleConfiguration:
        maxCapacity: 0
        minCapacity: 0
    azureFirewallName: string
    firewallPolicy:
        id: string
    hubIPAddresses:
        privateIPAddress: string
        publicIPs:
            addresses:
                - address: string
            count: 0
    id: string
    ipConfigurations:
        - id: string
          name: string
          publicIPAddress:
            id: string
          subnet:
            id: string
    location: string
    managementIpConfiguration:
        id: string
        name: string
        publicIPAddress:
            id: string
        subnet:
            id: string
    natRuleCollections:
        - action:
            type: string
          id: string
          name: string
          priority: 0
          rules:
            - description: string
              destinationAddresses:
                - string
              destinationPorts:
                - string
              name: string
              protocols:
                - string
              sourceAddresses:
                - string
              sourceIpGroups:
                - string
              translatedAddress: string
              translatedFqdn: string
              translatedPort: string
    networkRuleCollections:
        - action:
            type: string
          id: string
          name: string
          priority: 0
          rules:
            - description: string
              destinationAddresses:
                - string
              destinationFqdns:
                - string
              destinationIpGroups:
                - string
              destinationPorts:
                - string
              name: string
              protocols:
                - string
              sourceAddresses:
                - string
              sourceIpGroups:
                - string
    resourceGroupName: string
    sku:
        name: string
        tier: string
    tags:
        string: string
    threatIntelMode: string
    virtualHub:
        id: string
    zones:
        - string
AzureFirewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The AzureFirewall resource accepts the following input properties:
- ResourceGroup stringName 
- The name of the resource group.
- AdditionalProperties Dictionary<string, string>
- The additional properties used to further config this azure firewall.
- ApplicationRule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Application Rule Collection> 
- Collection of application rule collections used by Azure Firewall.
- AutoscaleConfiguration Pulumi.Azure Native. Network. Inputs. Azure Firewall Autoscale Configuration 
- Properties to provide a custom autoscale configuration to this azure firewall.
- AzureFirewall stringName 
- The name of the Azure Firewall.
- FirewallPolicy Pulumi.Azure Native. Network. Inputs. Sub Resource 
- The firewallPolicy associated with this azure firewall.
- HubIPAddresses Pulumi.Azure Native. Network. Inputs. Hub IPAddresses 
- IP addresses associated with AzureFirewall.
- Id string
- Resource ID.
- IpConfigurations List<Pulumi.Azure Native. Network. Inputs. Azure Firewall IPConfiguration> 
- IP configuration of the Azure Firewall resource.
- Location string
- Resource location.
- ManagementIp Pulumi.Configuration Azure Native. Network. Inputs. Azure Firewall IPConfiguration 
- IP configuration of the Azure Firewall used for management traffic.
- NatRule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Nat Rule Collection> 
- Collection of NAT rule collections used by Azure Firewall.
- NetworkRule List<Pulumi.Collections Azure Native. Network. Inputs. Azure Firewall Network Rule Collection> 
- Collection of network rule collections used by Azure Firewall.
- Sku
Pulumi.Azure Native. Network. Inputs. Azure Firewall Sku 
- The Azure Firewall Resource SKU.
- Dictionary<string, string>
- Resource tags.
- ThreatIntel string | Pulumi.Mode Azure Native. Network. Azure Firewall Threat Intel Mode 
- The operation mode for Threat Intelligence.
- VirtualHub Pulumi.Azure Native. Network. Inputs. Sub Resource 
- The virtualHub to which the firewall belongs.
- Zones List<string>
- A list of availability zones denoting where the resource needs to come from.
- ResourceGroup stringName 
- The name of the resource group.
- AdditionalProperties map[string]string
- The additional properties used to further config this azure firewall.
- ApplicationRule []AzureCollections Firewall Application Rule Collection Args 
- Collection of application rule collections used by Azure Firewall.
- AutoscaleConfiguration AzureFirewall Autoscale Configuration Args 
- Properties to provide a custom autoscale configuration to this azure firewall.
- AzureFirewall stringName 
- The name of the Azure Firewall.
- FirewallPolicy SubResource Args 
- The firewallPolicy associated with this azure firewall.
- HubIPAddresses HubIPAddresses Args 
- IP addresses associated with AzureFirewall.
- Id string
- Resource ID.
- IpConfigurations []AzureFirewall IPConfiguration Args 
- IP configuration of the Azure Firewall resource.
- Location string
- Resource location.
- ManagementIp AzureConfiguration Firewall IPConfiguration Args 
- IP configuration of the Azure Firewall used for management traffic.
- NatRule []AzureCollections Firewall Nat Rule Collection Args 
- Collection of NAT rule collections used by Azure Firewall.
- NetworkRule []AzureCollections Firewall Network Rule Collection Args 
- Collection of network rule collections used by Azure Firewall.
- Sku
AzureFirewall Sku Args 
- The Azure Firewall Resource SKU.
- map[string]string
- Resource tags.
- ThreatIntel string | AzureMode Firewall Threat Intel Mode 
- The operation mode for Threat Intelligence.
- VirtualHub SubResource Args 
- The virtualHub to which the firewall belongs.
- Zones []string
- A list of availability zones denoting where the resource needs to come from.
- resourceGroup StringName 
- The name of the resource group.
- additionalProperties Map<String,String>
- The additional properties used to further config this azure firewall.
- applicationRule List<AzureCollections Firewall Application Rule Collection> 
- Collection of application rule collections used by Azure Firewall.
- autoscaleConfiguration AzureFirewall Autoscale Configuration 
- Properties to provide a custom autoscale configuration to this azure firewall.
- azureFirewall StringName 
- The name of the Azure Firewall.
- firewallPolicy SubResource 
- The firewallPolicy associated with this azure firewall.
- hubIPAddresses HubIPAddresses 
- IP addresses associated with AzureFirewall.
- id String
- Resource ID.
- ipConfigurations List<AzureFirewall IPConfiguration> 
- IP configuration of the Azure Firewall resource.
- location String
- Resource location.
- managementIp AzureConfiguration Firewall IPConfiguration 
- IP configuration of the Azure Firewall used for management traffic.
- natRule List<AzureCollections Firewall Nat Rule Collection> 
- Collection of NAT rule collections used by Azure Firewall.
- networkRule List<AzureCollections Firewall Network Rule Collection> 
- Collection of network rule collections used by Azure Firewall.
- sku
AzureFirewall Sku 
- The Azure Firewall Resource SKU.
- Map<String,String>
- Resource tags.
- threatIntel String | AzureMode Firewall Threat Intel Mode 
- The operation mode for Threat Intelligence.
- virtualHub SubResource 
- The virtualHub to which the firewall belongs.
- zones List<String>
- A list of availability zones denoting where the resource needs to come from.
- resourceGroup stringName 
- The name of the resource group.
- additionalProperties {[key: string]: string}
- The additional properties used to further config this azure firewall.
- applicationRule AzureCollections Firewall Application Rule Collection[] 
- Collection of application rule collections used by Azure Firewall.
- autoscaleConfiguration AzureFirewall Autoscale Configuration 
- Properties to provide a custom autoscale configuration to this azure firewall.
- azureFirewall stringName 
- The name of the Azure Firewall.
- firewallPolicy SubResource 
- The firewallPolicy associated with this azure firewall.
- hubIPAddresses HubIPAddresses 
- IP addresses associated with AzureFirewall.
- id string
- Resource ID.
- ipConfigurations AzureFirewall IPConfiguration[] 
- IP configuration of the Azure Firewall resource.
- location string
- Resource location.
- managementIp AzureConfiguration Firewall IPConfiguration 
- IP configuration of the Azure Firewall used for management traffic.
- natRule AzureCollections Firewall Nat Rule Collection[] 
- Collection of NAT rule collections used by Azure Firewall.
- networkRule AzureCollections Firewall Network Rule Collection[] 
- Collection of network rule collections used by Azure Firewall.
- sku
AzureFirewall Sku 
- The Azure Firewall Resource SKU.
- {[key: string]: string}
- Resource tags.
- threatIntel string | AzureMode Firewall Threat Intel Mode 
- The operation mode for Threat Intelligence.
- virtualHub SubResource 
- The virtualHub to which the firewall belongs.
- zones string[]
- A list of availability zones denoting where the resource needs to come from.
- resource_group_ strname 
- The name of the resource group.
- additional_properties Mapping[str, str]
- The additional properties used to further config this azure firewall.
- application_rule_ Sequence[Azurecollections Firewall Application Rule Collection Args] 
- Collection of application rule collections used by Azure Firewall.
- autoscale_configuration AzureFirewall Autoscale Configuration Args 
- Properties to provide a custom autoscale configuration to this azure firewall.
- azure_firewall_ strname 
- The name of the Azure Firewall.
- firewall_policy SubResource Args 
- The firewallPolicy associated with this azure firewall.
- hub_ip_ Hubaddresses IPAddresses Args 
- IP addresses associated with AzureFirewall.
- id str
- Resource ID.
- ip_configurations Sequence[AzureFirewall IPConfiguration Args] 
- IP configuration of the Azure Firewall resource.
- location str
- Resource location.
- management_ip_ Azureconfiguration Firewall IPConfiguration Args 
- IP configuration of the Azure Firewall used for management traffic.
- nat_rule_ Sequence[Azurecollections Firewall Nat Rule Collection Args] 
- Collection of NAT rule collections used by Azure Firewall.
- network_rule_ Sequence[Azurecollections Firewall Network Rule Collection Args] 
- Collection of network rule collections used by Azure Firewall.
- sku
AzureFirewall Sku Args 
- The Azure Firewall Resource SKU.
- Mapping[str, str]
- Resource tags.
- threat_intel_ str | Azuremode Firewall Threat Intel Mode 
- The operation mode for Threat Intelligence.
- virtual_hub SubResource Args 
- The virtualHub to which the firewall belongs.
- zones Sequence[str]
- A list of availability zones denoting where the resource needs to come from.
- resourceGroup StringName 
- The name of the resource group.
- additionalProperties Map<String>
- The additional properties used to further config this azure firewall.
- applicationRule List<Property Map>Collections 
- Collection of application rule collections used by Azure Firewall.
- autoscaleConfiguration Property Map
- Properties to provide a custom autoscale configuration to this azure firewall.
- azureFirewall StringName 
- The name of the Azure Firewall.
- firewallPolicy Property Map
- The firewallPolicy associated with this azure firewall.
- hubIPAddresses Property Map
- IP addresses associated with AzureFirewall.
- id String
- Resource ID.
- ipConfigurations List<Property Map>
- IP configuration of the Azure Firewall resource.
- location String
- Resource location.
- managementIp Property MapConfiguration 
- IP configuration of the Azure Firewall used for management traffic.
- natRule List<Property Map>Collections 
- Collection of NAT rule collections used by Azure Firewall.
- networkRule List<Property Map>Collections 
- Collection of network rule collections used by Azure Firewall.
- sku Property Map
- The Azure Firewall Resource SKU.
- Map<String>
- Resource tags.
- threatIntel String | "Alert" | "Deny" | "Off"Mode 
- The operation mode for Threat Intelligence.
- virtualHub Property Map
- The virtualHub to which the firewall belongs.
- zones List<String>
- A list of availability zones denoting where the resource needs to come from.
Outputs
All input properties are implicitly available as output properties. Additionally, the AzureFirewall resource produces the following output properties:
- AzureApi stringVersion 
- The Azure API version of the resource.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Id string
- The provider-assigned unique ID for this managed resource.
- IpGroups List<Pulumi.Azure Native. Network. Outputs. Azure Firewall Ip Groups Response> 
- IpGroups associated with AzureFirewall.
- Name string
- Resource name.
- ProvisioningState string
- The provisioning state of the Azure firewall resource.
- Type string
- Resource type.
- AzureApi stringVersion 
- The Azure API version of the resource.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- Id string
- The provider-assigned unique ID for this managed resource.
- IpGroups []AzureFirewall Ip Groups Response 
- IpGroups associated with AzureFirewall.
- Name string
- Resource name.
- ProvisioningState string
- The provisioning state of the Azure firewall resource.
- Type string
- Resource type.
- azureApi StringVersion 
- The Azure API version of the resource.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- id String
- The provider-assigned unique ID for this managed resource.
- ipGroups List<AzureFirewall Ip Groups Response> 
- IpGroups associated with AzureFirewall.
- name String
- Resource name.
- provisioningState String
- The provisioning state of the Azure firewall resource.
- type String
- Resource type.
- azureApi stringVersion 
- The Azure API version of the resource.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- id string
- The provider-assigned unique ID for this managed resource.
- ipGroups AzureFirewall Ip Groups Response[] 
- IpGroups associated with AzureFirewall.
- name string
- Resource name.
- provisioningState string
- The provisioning state of the Azure firewall resource.
- type string
- Resource type.
- azure_api_ strversion 
- The Azure API version of the resource.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- id str
- The provider-assigned unique ID for this managed resource.
- ip_groups Sequence[AzureFirewall Ip Groups Response] 
- IpGroups associated with AzureFirewall.
- name str
- Resource name.
- provisioning_state str
- The provisioning state of the Azure firewall resource.
- type str
- Resource type.
- azureApi StringVersion 
- The Azure API version of the resource.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- id String
- The provider-assigned unique ID for this managed resource.
- ipGroups List<Property Map>
- IpGroups associated with AzureFirewall.
- name String
- Resource name.
- provisioningState String
- The provisioning state of the Azure firewall resource.
- type String
- Resource type.
Supporting Types
AzureFirewallApplicationRule, AzureFirewallApplicationRuleArgs        
- Description string
- Description of the rule.
- List<string>
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol> 
- Array of ApplicationRuleProtocols.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- TargetFqdns List<string>
- List of FQDNs for this rule.
- Description string
- Description of the rule.
- []string
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
[]AzureFirewall Application Rule Protocol 
- Array of ApplicationRuleProtocols.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- TargetFqdns []string
- List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols
List<AzureFirewall Application Rule Protocol> 
- Array of ApplicationRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- targetFqdns List<String>
- List of FQDNs for this rule.
- description string
- Description of the rule.
- string[]
- List of FQDN Tags for this rule.
- name string
- Name of the application rule.
- protocols
AzureFirewall Application Rule Protocol[] 
- Array of ApplicationRuleProtocols.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- targetFqdns string[]
- List of FQDNs for this rule.
- description str
- Description of the rule.
- Sequence[str]
- List of FQDN Tags for this rule.
- name str
- Name of the application rule.
- protocols
Sequence[AzureFirewall Application Rule Protocol] 
- Array of ApplicationRuleProtocols.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- target_fqdns Sequence[str]
- List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols List<Property Map>
- Array of ApplicationRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- targetFqdns List<String>
- List of FQDNs for this rule.
AzureFirewallApplicationRuleCollection, AzureFirewallApplicationRuleCollectionArgs          
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall RCAction 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Application Rule> 
- Collection of rules used by a application rule collection.
- Action
AzureFirewall RCAction 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
[]AzureFirewall Application Rule 
- Collection of rules used by a application rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the application rule collection resource.
- rules
List<AzureFirewall Application Rule> 
- Collection of rules used by a application rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the application rule collection resource.
- rules
AzureFirewall Application Rule[] 
- Collection of rules used by a application rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the application rule collection resource.
- rules
Sequence[AzureFirewall Application Rule] 
- Collection of rules used by a application rule collection.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the application rule collection resource.
- rules List<Property Map>
- Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleCollectionResponse, AzureFirewallApplicationRuleCollectionResponseArgs            
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the application rule collection resource.
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall RCAction Response 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Application Rule Response> 
- Collection of rules used by a application rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the application rule collection resource.
- Action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the application rule collection resource.
- Rules
[]AzureFirewall Application Rule Response 
- Collection of rules used by a application rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the application rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the application rule collection resource.
- rules
List<AzureFirewall Application Rule Response> 
- Collection of rules used by a application rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioningState string
- The provisioning state of the application rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the application rule collection resource.
- rules
AzureFirewall Application Rule Response[] 
- Collection of rules used by a application rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_state str
- The provisioning state of the application rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the application rule collection resource.
- rules
Sequence[AzureFirewall Application Rule Response] 
- Collection of rules used by a application rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the application rule collection resource.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the application rule collection resource.
- rules List<Property Map>
- Collection of rules used by a application rule collection.
AzureFirewallApplicationRuleProtocol, AzureFirewallApplicationRuleProtocolArgs          
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- ProtocolType string | Pulumi.Azure Native. Network. Azure Firewall Application Rule Protocol Type 
- Protocol type.
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- ProtocolType string | AzureFirewall Application Rule Protocol Type 
- Protocol type.
- port Integer
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType String | AzureFirewall Application Rule Protocol Type 
- Protocol type.
- port number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType string | AzureFirewall Application Rule Protocol Type 
- Protocol type.
- port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_type str | AzureFirewall Application Rule Protocol Type 
- Protocol type.
- port Number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType String | "Http" | "Https" | "Mssql"
- Protocol type.
AzureFirewallApplicationRuleProtocolResponse, AzureFirewallApplicationRuleProtocolResponseArgs            
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- ProtocolType string
- Protocol type.
- Port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- ProtocolType string
- Protocol type.
- port Integer
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType String
- Protocol type.
- port number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType string
- Protocol type.
- port int
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocol_type str
- Protocol type.
- port Number
- Port number for the protocol, cannot be greater than 64000. This field is optional.
- protocolType String
- Protocol type.
AzureFirewallApplicationRuleProtocolType, AzureFirewallApplicationRuleProtocolTypeArgs            
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- AzureFirewall Application Rule Protocol Type Http 
- Http
- AzureFirewall Application Rule Protocol Type Https 
- Https
- AzureFirewall Application Rule Protocol Type Mssql 
- Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- Http
- Http
- Https
- Https
- Mssql
- Mssql
- HTTP
- Http
- HTTPS
- Https
- MSSQL
- Mssql
- "Http"
- Http
- "Https"
- Https
- "Mssql"
- Mssql
AzureFirewallApplicationRuleResponse, AzureFirewallApplicationRuleResponseArgs          
- Description string
- Description of the rule.
- List<string>
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Application Rule Protocol Response> 
- Array of ApplicationRuleProtocols.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- TargetFqdns List<string>
- List of FQDNs for this rule.
- Description string
- Description of the rule.
- []string
- List of FQDN Tags for this rule.
- Name string
- Name of the application rule.
- Protocols
[]AzureFirewall Application Rule Protocol Response 
- Array of ApplicationRuleProtocols.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- TargetFqdns []string
- List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols
List<AzureFirewall Application Rule Protocol Response> 
- Array of ApplicationRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- targetFqdns List<String>
- List of FQDNs for this rule.
- description string
- Description of the rule.
- string[]
- List of FQDN Tags for this rule.
- name string
- Name of the application rule.
- protocols
AzureFirewall Application Rule Protocol Response[] 
- Array of ApplicationRuleProtocols.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- targetFqdns string[]
- List of FQDNs for this rule.
- description str
- Description of the rule.
- Sequence[str]
- List of FQDN Tags for this rule.
- name str
- Name of the application rule.
- protocols
Sequence[AzureFirewall Application Rule Protocol Response] 
- Array of ApplicationRuleProtocols.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- target_fqdns Sequence[str]
- List of FQDNs for this rule.
- description String
- Description of the rule.
- List<String>
- List of FQDN Tags for this rule.
- name String
- Name of the application rule.
- protocols List<Property Map>
- Array of ApplicationRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- targetFqdns List<String>
- List of FQDNs for this rule.
AzureFirewallAutoscaleConfiguration, AzureFirewallAutoscaleConfigurationArgs        
- MaxCapacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MinCapacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MaxCapacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MinCapacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity Integer
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity Integer
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity number
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity number
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- max_capacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- min_capacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity Number
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity Number
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
AzureFirewallAutoscaleConfigurationResponse, AzureFirewallAutoscaleConfigurationResponseArgs          
- MaxCapacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MinCapacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MaxCapacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- MinCapacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity Integer
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity Integer
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity number
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity number
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- max_capacity int
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- min_capacity int
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- maxCapacity Number
- The maximum number of capacity units for this azure firewall. Use null to reset the value to the service default.
- minCapacity Number
- The minimum number of capacity units for this azure firewall. Use null to reset the value to the service default.
AzureFirewallIPConfiguration, AzureFirewallIPConfigurationArgs      
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- PublicIPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.Azure Native. Network. Inputs. Sub Resource 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- PublicIPAddress SubResource 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
SubResource 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress SubResource 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id string
- Resource ID.
- name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress SubResource 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id str
- Resource ID.
- name str
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_ip_ Subaddress Resource 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress Property Map
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIPConfigurationResponse, AzureFirewallIPConfigurationResponseArgs        
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- PrivateIPAddress string
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- ProvisioningState string
- The provisioning state of the Azure firewall IP configuration resource.
- Type string
- Type of the resource.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- PublicIPAddress Pulumi.Azure Native. Network. Inputs. Sub Resource Response 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
Pulumi.Azure Native. Network. Inputs. Sub Resource Response 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- PrivateIPAddress string
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- ProvisioningState string
- The provisioning state of the Azure firewall IP configuration resource.
- Type string
- Type of the resource.
- Id string
- Resource ID.
- Name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- PublicIPAddress SubResource Response 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- Subnet
SubResource Response 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- privateIPAddress String
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioningState String
- The provisioning state of the Azure firewall IP configuration resource.
- type String
- Type of the resource.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress SubResource Response 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource Response 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- privateIPAddress string
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioningState string
- The provisioning state of the Azure firewall IP configuration resource.
- type string
- Type of the resource.
- id string
- Resource ID.
- name string
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress SubResource Response 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource Response 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- private_ip_ straddress 
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioning_state str
- The provisioning state of the Azure firewall IP configuration resource.
- type str
- Type of the resource.
- id str
- Resource ID.
- name str
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- public_ip_ Subaddress Resource Response 
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet
SubResource Response 
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- privateIPAddress String
- The Firewall Internal Load Balancer IP to be used as the next hop in User Defined Routes.
- provisioningState String
- The provisioning state of the Azure firewall IP configuration resource.
- type String
- Type of the resource.
- id String
- Resource ID.
- name String
- Name of the resource that is unique within a resource group. This name can be used to access the resource.
- publicIPAddress Property Map
- Reference to the PublicIP resource. This field is a mandatory input if subnet is not null.
- subnet Property Map
- Reference to the subnet resource. This resource must be named 'AzureFirewallSubnet' or 'AzureFirewallManagementSubnet'.
AzureFirewallIpGroupsResponse, AzureFirewallIpGroupsResponseArgs          
- ChangeNumber string
- The iteration number.
- Id string
- Resource ID.
- ChangeNumber string
- The iteration number.
- Id string
- Resource ID.
- changeNumber String
- The iteration number.
- id String
- Resource ID.
- changeNumber string
- The iteration number.
- id string
- Resource ID.
- change_number str
- The iteration number.
- id str
- Resource ID.
- changeNumber String
- The iteration number.
- id String
- Resource ID.
AzureFirewallNatRCAction, AzureFirewallNatRCActionArgs        
- Type
string | Pulumi.Azure Native. Network. Azure Firewall Nat RCAction Type 
- The type of action.
- Type
string | AzureFirewall Nat RCAction Type 
- The type of action.
- type
String | AzureFirewall Nat RCAction Type 
- The type of action.
- type
string | AzureFirewall Nat RCAction Type 
- The type of action.
- type
str | AzureFirewall Nat RCAction Type 
- The type of action.
- type String | "Snat" | "Dnat"
- The type of action.
AzureFirewallNatRCActionResponse, AzureFirewallNatRCActionResponseArgs          
- Type string
- The type of action.
- Type string
- The type of action.
- type String
- The type of action.
- type string
- The type of action.
- type str
- The type of action.
- type String
- The type of action.
AzureFirewallNatRCActionType, AzureFirewallNatRCActionTypeArgs          
- Snat
- Snat
- Dnat
- Dnat
- AzureFirewall Nat RCAction Type Snat 
- Snat
- AzureFirewall Nat RCAction Type Dnat 
- Dnat
- Snat
- Snat
- Dnat
- Dnat
- Snat
- Snat
- Dnat
- Dnat
- SNAT
- Snat
- DNAT
- Dnat
- "Snat"
- Snat
- "Dnat"
- Dnat
AzureFirewallNatRule, AzureFirewallNatRuleArgs        
- Description string
- Description of the rule.
- DestinationAddresses List<string>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- DestinationPorts List<string>
- List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols
List<Union<string, Pulumi.Azure Native. Network. Azure Firewall Network Rule Protocol>> 
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- TranslatedAddress string
- The translated address for this NAT rule.
- TranslatedFqdn string
- The translated FQDN for this NAT rule.
- TranslatedPort string
- The translated port for this NAT rule.
- Description string
- Description of the rule.
- DestinationAddresses []string
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- DestinationPorts []string
- List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- TranslatedAddress string
- The translated address for this NAT rule.
- TranslatedFqdn string
- The translated FQDN for this NAT rule.
- TranslatedPort string
- The translated port for this NAT rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the NAT rule.
- protocols
List<Either<String,AzureFirewall Network Rule Protocol>> 
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- translatedAddress String
- The translated address for this NAT rule.
- translatedFqdn String
- The translated FQDN for this NAT rule.
- translatedPort String
- The translated port for this NAT rule.
- description string
- Description of the rule.
- destinationAddresses string[]
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts string[]
- List of destination ports.
- name string
- Name of the NAT rule.
- protocols
(string | AzureFirewall Network Rule Protocol)[] 
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- translatedAddress string
- The translated address for this NAT rule.
- translatedFqdn string
- The translated FQDN for this NAT rule.
- translatedPort string
- The translated port for this NAT rule.
- description str
- Description of the rule.
- destination_addresses Sequence[str]
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_ports Sequence[str]
- List of destination ports.
- name str
- Name of the NAT rule.
- protocols
Sequence[Union[str, AzureFirewall Network Rule Protocol]] 
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- translated_address str
- The translated address for this NAT rule.
- translated_fqdn str
- The translated FQDN for this NAT rule.
- translated_port str
- The translated port for this NAT rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- translatedAddress String
- The translated address for this NAT rule.
- translatedFqdn String
- The translated FQDN for this NAT rule.
- translatedPort String
- The translated port for this NAT rule.
AzureFirewallNatRuleCollection, AzureFirewallNatRuleCollectionArgs          
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall Nat RCAction 
- The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Nat Rule> 
- Collection of rules used by a NAT rule collection.
- Action
AzureFirewall Nat RCAction 
- The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
[]AzureFirewall Nat Rule 
- Collection of rules used by a NAT rule collection.
- action
AzureFirewall Nat RCAction 
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the NAT rule collection resource.
- rules
List<AzureFirewall Nat Rule> 
- Collection of rules used by a NAT rule collection.
- action
AzureFirewall Nat RCAction 
- The action type of a NAT rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the NAT rule collection resource.
- rules
AzureFirewall Nat Rule[] 
- Collection of rules used by a NAT rule collection.
- action
AzureFirewall Nat RCAction 
- The action type of a NAT rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the NAT rule collection resource.
- rules
Sequence[AzureFirewall Nat Rule] 
- Collection of rules used by a NAT rule collection.
- action Property Map
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the NAT rule collection resource.
- rules List<Property Map>
- Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleCollectionResponse, AzureFirewallNatRuleCollectionResponseArgs            
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the NAT rule collection resource.
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall Nat RCAction Response 
- The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Nat Rule Response> 
- Collection of rules used by a NAT rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the NAT rule collection resource.
- Action
AzureFirewall Nat RCAction Response 
- The action type of a NAT rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the NAT rule collection resource.
- Rules
[]AzureFirewall Nat Rule Response 
- Collection of rules used by a NAT rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the NAT rule collection resource.
- action
AzureFirewall Nat RCAction Response 
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the NAT rule collection resource.
- rules
List<AzureFirewall Nat Rule Response> 
- Collection of rules used by a NAT rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioningState string
- The provisioning state of the NAT rule collection resource.
- action
AzureFirewall Nat RCAction Response 
- The action type of a NAT rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the NAT rule collection resource.
- rules
AzureFirewall Nat Rule Response[] 
- Collection of rules used by a NAT rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_state str
- The provisioning state of the NAT rule collection resource.
- action
AzureFirewall Nat RCAction Response 
- The action type of a NAT rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the NAT rule collection resource.
- rules
Sequence[AzureFirewall Nat Rule Response] 
- Collection of rules used by a NAT rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the NAT rule collection resource.
- action Property Map
- The action type of a NAT rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the NAT rule collection resource.
- rules List<Property Map>
- Collection of rules used by a NAT rule collection.
AzureFirewallNatRuleResponse, AzureFirewallNatRuleResponseArgs          
- Description string
- Description of the rule.
- DestinationAddresses List<string>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- DestinationPorts List<string>
- List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols List<string>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- TranslatedAddress string
- The translated address for this NAT rule.
- TranslatedFqdn string
- The translated FQDN for this NAT rule.
- TranslatedPort string
- The translated port for this NAT rule.
- Description string
- Description of the rule.
- DestinationAddresses []string
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- DestinationPorts []string
- List of destination ports.
- Name string
- Name of the NAT rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- TranslatedAddress string
- The translated address for this NAT rule.
- TranslatedFqdn string
- The translated FQDN for this NAT rule.
- TranslatedPort string
- The translated port for this NAT rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- translatedAddress String
- The translated address for this NAT rule.
- translatedFqdn String
- The translated FQDN for this NAT rule.
- translatedPort String
- The translated port for this NAT rule.
- description string
- Description of the rule.
- destinationAddresses string[]
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts string[]
- List of destination ports.
- name string
- Name of the NAT rule.
- protocols string[]
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- translatedAddress string
- The translated address for this NAT rule.
- translatedFqdn string
- The translated FQDN for this NAT rule.
- translatedPort string
- The translated port for this NAT rule.
- description str
- Description of the rule.
- destination_addresses Sequence[str]
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destination_ports Sequence[str]
- List of destination ports.
- name str
- Name of the NAT rule.
- protocols Sequence[str]
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- translated_address str
- The translated address for this NAT rule.
- translated_fqdn str
- The translated FQDN for this NAT rule.
- translated_port str
- The translated port for this NAT rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses for this rule. Supports IP ranges, prefixes, and service tags.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the NAT rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- translatedAddress String
- The translated address for this NAT rule.
- translatedFqdn String
- The translated FQDN for this NAT rule.
- translatedPort String
- The translated port for this NAT rule.
AzureFirewallNetworkRule, AzureFirewallNetworkRuleArgs        
- Description string
- Description of the rule.
- DestinationAddresses List<string>
- List of destination IP addresses.
- DestinationFqdns List<string>
- List of destination FQDNs.
- DestinationIp List<string>Groups 
- List of destination IpGroups for this rule.
- DestinationPorts List<string>
- List of destination ports.
- Name string
- Name of the network rule.
- Protocols
List<Union<string, Pulumi.Azure Native. Network. Azure Firewall Network Rule Protocol>> 
- Array of AzureFirewallNetworkRuleProtocols.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- Description string
- Description of the rule.
- DestinationAddresses []string
- List of destination IP addresses.
- DestinationFqdns []string
- List of destination FQDNs.
- DestinationIp []stringGroups 
- List of destination IpGroups for this rule.
- DestinationPorts []string
- List of destination ports.
- Name string
- Name of the network rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses.
- destinationFqdns List<String>
- List of destination FQDNs.
- destinationIp List<String>Groups 
- List of destination IpGroups for this rule.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the network rule.
- protocols
List<Either<String,AzureFirewall Network Rule Protocol>> 
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- description string
- Description of the rule.
- destinationAddresses string[]
- List of destination IP addresses.
- destinationFqdns string[]
- List of destination FQDNs.
- destinationIp string[]Groups 
- List of destination IpGroups for this rule.
- destinationPorts string[]
- List of destination ports.
- name string
- Name of the network rule.
- protocols
(string | AzureFirewall Network Rule Protocol)[] 
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- description str
- Description of the rule.
- destination_addresses Sequence[str]
- List of destination IP addresses.
- destination_fqdns Sequence[str]
- List of destination FQDNs.
- destination_ip_ Sequence[str]groups 
- List of destination IpGroups for this rule.
- destination_ports Sequence[str]
- List of destination ports.
- name str
- Name of the network rule.
- protocols
Sequence[Union[str, AzureFirewall Network Rule Protocol]] 
- Array of AzureFirewallNetworkRuleProtocols.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses.
- destinationFqdns List<String>
- List of destination FQDNs.
- destinationIp List<String>Groups 
- List of destination IpGroups for this rule.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the network rule.
- protocols List<String | "TCP" | "UDP" | "Any" | "ICMP">
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
AzureFirewallNetworkRuleCollection, AzureFirewallNetworkRuleCollectionArgs          
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall RCAction 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Network Rule> 
- Collection of rules used by a network rule collection.
- Action
AzureFirewall RCAction 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
[]AzureFirewall Network Rule 
- Collection of rules used by a network rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the network rule collection resource.
- rules
List<AzureFirewall Network Rule> 
- Collection of rules used by a network rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the network rule collection resource.
- rules
AzureFirewall Network Rule[] 
- Collection of rules used by a network rule collection.
- action
AzureFirewall RCAction 
- The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the network rule collection resource.
- rules
Sequence[AzureFirewall Network Rule] 
- Collection of rules used by a network rule collection.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the network rule collection resource.
- rules List<Property Map>
- Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleCollectionResponse, AzureFirewallNetworkRuleCollectionResponseArgs            
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the network rule collection resource.
- Action
Pulumi.Azure Native. Network. Inputs. Azure Firewall RCAction Response 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Network Rule Response> 
- Collection of rules used by a network rule collection.
- Etag string
- A unique read-only string that changes whenever the resource is updated.
- ProvisioningState string
- The provisioning state of the network rule collection resource.
- Action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- Id string
- Resource ID.
- Name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- Priority int
- Priority of the network rule collection resource.
- Rules
[]AzureFirewall Network Rule Response 
- Collection of rules used by a network rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the network rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Integer
- Priority of the network rule collection resource.
- rules
List<AzureFirewall Network Rule Response> 
- Collection of rules used by a network rule collection.
- etag string
- A unique read-only string that changes whenever the resource is updated.
- provisioningState string
- The provisioning state of the network rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id string
- Resource ID.
- name string
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority number
- Priority of the network rule collection resource.
- rules
AzureFirewall Network Rule Response[] 
- Collection of rules used by a network rule collection.
- etag str
- A unique read-only string that changes whenever the resource is updated.
- provisioning_state str
- The provisioning state of the network rule collection resource.
- action
AzureFirewall RCAction Response 
- The action type of a rule collection.
- id str
- Resource ID.
- name str
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority int
- Priority of the network rule collection resource.
- rules
Sequence[AzureFirewall Network Rule Response] 
- Collection of rules used by a network rule collection.
- etag String
- A unique read-only string that changes whenever the resource is updated.
- provisioningState String
- The provisioning state of the network rule collection resource.
- action Property Map
- The action type of a rule collection.
- id String
- Resource ID.
- name String
- The name of the resource that is unique within the Azure firewall. This name can be used to access the resource.
- priority Number
- Priority of the network rule collection resource.
- rules List<Property Map>
- Collection of rules used by a network rule collection.
AzureFirewallNetworkRuleProtocol, AzureFirewallNetworkRuleProtocolArgs          
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- AzureFirewall Network Rule Protocol TCP 
- TCP
- AzureFirewall Network Rule Protocol UDP 
- UDP
- AzureFirewall Network Rule Protocol Any 
- Any
- AzureFirewall Network Rule Protocol ICMP 
- ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- Any
- Any
- ICMP
- ICMP
- TCP
- TCP
- UDP
- UDP
- ANY
- Any
- ICMP
- ICMP
- "TCP"
- TCP
- "UDP"
- UDP
- "Any"
- Any
- "ICMP"
- ICMP
AzureFirewallNetworkRuleResponse, AzureFirewallNetworkRuleResponseArgs          
- Description string
- Description of the rule.
- DestinationAddresses List<string>
- List of destination IP addresses.
- DestinationFqdns List<string>
- List of destination FQDNs.
- DestinationIp List<string>Groups 
- List of destination IpGroups for this rule.
- DestinationPorts List<string>
- List of destination ports.
- Name string
- Name of the network rule.
- Protocols List<string>
- Array of AzureFirewallNetworkRuleProtocols.
- SourceAddresses List<string>
- List of source IP addresses for this rule.
- SourceIp List<string>Groups 
- List of source IpGroups for this rule.
- Description string
- Description of the rule.
- DestinationAddresses []string
- List of destination IP addresses.
- DestinationFqdns []string
- List of destination FQDNs.
- DestinationIp []stringGroups 
- List of destination IpGroups for this rule.
- DestinationPorts []string
- List of destination ports.
- Name string
- Name of the network rule.
- Protocols []string
- Array of AzureFirewallNetworkRuleProtocols.
- SourceAddresses []string
- List of source IP addresses for this rule.
- SourceIp []stringGroups 
- List of source IpGroups for this rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses.
- destinationFqdns List<String>
- List of destination FQDNs.
- destinationIp List<String>Groups 
- List of destination IpGroups for this rule.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the network rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
- description string
- Description of the rule.
- destinationAddresses string[]
- List of destination IP addresses.
- destinationFqdns string[]
- List of destination FQDNs.
- destinationIp string[]Groups 
- List of destination IpGroups for this rule.
- destinationPorts string[]
- List of destination ports.
- name string
- Name of the network rule.
- protocols string[]
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses string[]
- List of source IP addresses for this rule.
- sourceIp string[]Groups 
- List of source IpGroups for this rule.
- description str
- Description of the rule.
- destination_addresses Sequence[str]
- List of destination IP addresses.
- destination_fqdns Sequence[str]
- List of destination FQDNs.
- destination_ip_ Sequence[str]groups 
- List of destination IpGroups for this rule.
- destination_ports Sequence[str]
- List of destination ports.
- name str
- Name of the network rule.
- protocols Sequence[str]
- Array of AzureFirewallNetworkRuleProtocols.
- source_addresses Sequence[str]
- List of source IP addresses for this rule.
- source_ip_ Sequence[str]groups 
- List of source IpGroups for this rule.
- description String
- Description of the rule.
- destinationAddresses List<String>
- List of destination IP addresses.
- destinationFqdns List<String>
- List of destination FQDNs.
- destinationIp List<String>Groups 
- List of destination IpGroups for this rule.
- destinationPorts List<String>
- List of destination ports.
- name String
- Name of the network rule.
- protocols List<String>
- Array of AzureFirewallNetworkRuleProtocols.
- sourceAddresses List<String>
- List of source IP addresses for this rule.
- sourceIp List<String>Groups 
- List of source IpGroups for this rule.
AzureFirewallPublicIPAddress, AzureFirewallPublicIPAddressArgs        
- Address string
- Public IP Address value.
- Address string
- Public IP Address value.
- address String
- Public IP Address value.
- address string
- Public IP Address value.
- address str
- Public IP Address value.
- address String
- Public IP Address value.
AzureFirewallPublicIPAddressResponse, AzureFirewallPublicIPAddressResponseArgs          
- Address string
- Public IP Address value.
- Address string
- Public IP Address value.
- address String
- Public IP Address value.
- address string
- Public IP Address value.
- address str
- Public IP Address value.
- address String
- Public IP Address value.
AzureFirewallRCAction, AzureFirewallRCActionArgs      
- Type
string | Pulumi.Azure Native. Network. Azure Firewall RCAction Type 
- The type of action.
- Type
string | AzureFirewall RCAction Type 
- The type of action.
- type
String | AzureFirewall RCAction Type 
- The type of action.
- type
string | AzureFirewall RCAction Type 
- The type of action.
- type
str | AzureFirewall RCAction Type 
- The type of action.
- type String | "Allow" | "Deny"
- The type of action.
AzureFirewallRCActionResponse, AzureFirewallRCActionResponseArgs        
- Type string
- The type of action.
- Type string
- The type of action.
- type String
- The type of action.
- type string
- The type of action.
- type str
- The type of action.
- type String
- The type of action.
AzureFirewallRCActionType, AzureFirewallRCActionTypeArgs        
- Allow
- Allow
- Deny
- Deny
- AzureFirewall RCAction Type Allow 
- Allow
- AzureFirewall RCAction Type Deny 
- Deny
- Allow
- Allow
- Deny
- Deny
- Allow
- Allow
- Deny
- Deny
- ALLOW
- Allow
- DENY
- Deny
- "Allow"
- Allow
- "Deny"
- Deny
AzureFirewallSku, AzureFirewallSkuArgs      
- Name
string | Pulumi.Azure Native. Network. Azure Firewall Sku Name 
- Name of an Azure Firewall SKU.
- Tier
string | Pulumi.Azure Native. Network. Azure Firewall Sku Tier 
- Tier of an Azure Firewall.
- Name
string | AzureFirewall Sku Name 
- Name of an Azure Firewall SKU.
- Tier
string | AzureFirewall Sku Tier 
- Tier of an Azure Firewall.
- name
String | AzureFirewall Sku Name 
- Name of an Azure Firewall SKU.
- tier
String | AzureFirewall Sku Tier 
- Tier of an Azure Firewall.
- name
string | AzureFirewall Sku Name 
- Name of an Azure Firewall SKU.
- tier
string | AzureFirewall Sku Tier 
- Tier of an Azure Firewall.
- name
str | AzureFirewall Sku Name 
- Name of an Azure Firewall SKU.
- tier
str | AzureFirewall Sku Tier 
- Tier of an Azure Firewall.
- name String | "AZFW_VNet" | "AZFW_Hub"
- Name of an Azure Firewall SKU.
- tier String | "Standard" | "Premium" | "Basic"
- Tier of an Azure Firewall.
AzureFirewallSkuName, AzureFirewallSkuNameArgs        
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- AzureFirewall Sku Name_AZFW_VNet 
- AZFW_VNet
- AzureFirewall Sku Name_AZFW_Hub 
- AZFW_Hub
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- AZFW_VNet
- AZFW_VNet
- AZFW_Hub
- AZFW_Hub
- AZF_W_V_NET
- AZFW_VNet
- AZF_W_HUB
- AZFW_Hub
- "AZFW_VNet"
- AZFW_VNet
- "AZFW_Hub"
- AZFW_Hub
AzureFirewallSkuResponse, AzureFirewallSkuResponseArgs        
AzureFirewallSkuTier, AzureFirewallSkuTierArgs        
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- AzureFirewall Sku Tier Standard 
- Standard
- AzureFirewall Sku Tier Premium 
- Premium
- AzureFirewall Sku Tier Basic 
- Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- Standard
- Standard
- Premium
- Premium
- Basic
- Basic
- STANDARD
- Standard
- PREMIUM
- Premium
- BASIC
- Basic
- "Standard"
- Standard
- "Premium"
- Premium
- "Basic"
- Basic
AzureFirewallThreatIntelMode, AzureFirewallThreatIntelModeArgs          
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- AzureFirewall Threat Intel Mode Alert 
- Alert
- AzureFirewall Threat Intel Mode Deny 
- Deny
- AzureFirewall Threat Intel Mode Off 
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- Alert
- Alert
- Deny
- Deny
- Off
- Off
- ALERT
- Alert
- DENY
- Deny
- OFF
- Off
- "Alert"
- Alert
- "Deny"
- Deny
- "Off"
- Off
HubIPAddresses, HubIPAddressesArgs    
- PrivateIPAddress string
- Private IP Address associated with azure firewall.
- PublicIPs Pulumi.Azure Native. Network. Inputs. Hub Public IPAddresses 
- Public IP addresses associated with azure firewall.
- PrivateIPAddress string
- Private IP Address associated with azure firewall.
- PublicIPs HubPublic IPAddresses 
- Public IP addresses associated with azure firewall.
- privateIPAddress String
- Private IP Address associated with azure firewall.
- publicIPs HubPublic IPAddresses 
- Public IP addresses associated with azure firewall.
- privateIPAddress string
- Private IP Address associated with azure firewall.
- publicIPs HubPublic IPAddresses 
- Public IP addresses associated with azure firewall.
- private_ip_ straddress 
- Private IP Address associated with azure firewall.
- public_ips HubPublic IPAddresses 
- Public IP addresses associated with azure firewall.
- privateIPAddress String
- Private IP Address associated with azure firewall.
- publicIPs Property Map
- Public IP addresses associated with azure firewall.
HubIPAddressesResponse, HubIPAddressesResponseArgs      
- PrivateIPAddress string
- Private IP Address associated with azure firewall.
- PublicIPs Pulumi.Azure Native. Network. Inputs. Hub Public IPAddresses Response 
- Public IP addresses associated with azure firewall.
- PrivateIPAddress string
- Private IP Address associated with azure firewall.
- PublicIPs HubPublic IPAddresses Response 
- Public IP addresses associated with azure firewall.
- privateIPAddress String
- Private IP Address associated with azure firewall.
- publicIPs HubPublic IPAddresses Response 
- Public IP addresses associated with azure firewall.
- privateIPAddress string
- Private IP Address associated with azure firewall.
- publicIPs HubPublic IPAddresses Response 
- Public IP addresses associated with azure firewall.
- private_ip_ straddress 
- Private IP Address associated with azure firewall.
- public_ips HubPublic IPAddresses Response 
- Public IP addresses associated with azure firewall.
- privateIPAddress String
- Private IP Address associated with azure firewall.
- publicIPs Property Map
- Public IP addresses associated with azure firewall.
HubPublicIPAddresses, HubPublicIPAddressesArgs      
- Addresses
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Public IPAddress> 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- Addresses
[]AzureFirewall Public IPAddress 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- addresses
List<AzureFirewall Public IPAddress> 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Integer
- The number of Public IP addresses associated with azure firewall.
- addresses
AzureFirewall Public IPAddress[] 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count number
- The number of Public IP addresses associated with azure firewall.
- addresses
Sequence[AzureFirewall Public IPAddress] 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count int
- The number of Public IP addresses associated with azure firewall.
- addresses List<Property Map>
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Number
- The number of Public IP addresses associated with azure firewall.
HubPublicIPAddressesResponse, HubPublicIPAddressesResponseArgs        
- Addresses
List<Pulumi.Azure Native. Network. Inputs. Azure Firewall Public IPAddress Response> 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- Addresses
[]AzureFirewall Public IPAddress Response 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- Count int
- The number of Public IP addresses associated with azure firewall.
- addresses
List<AzureFirewall Public IPAddress Response> 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Integer
- The number of Public IP addresses associated with azure firewall.
- addresses
AzureFirewall Public IPAddress Response[] 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count number
- The number of Public IP addresses associated with azure firewall.
- addresses
Sequence[AzureFirewall Public IPAddress Response] 
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count int
- The number of Public IP addresses associated with azure firewall.
- addresses List<Property Map>
- The list of Public IP addresses associated with azure firewall or IP addresses to be retained.
- count Number
- The number of Public IP addresses associated with azure firewall.
SubResource, SubResourceArgs    
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- Id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id string
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id str
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
- id String
- Sub-resource ID. Both absolute resource ID and a relative resource ID are accepted. An absolute ID starts with /subscriptions/ and contains the entire ID of the parent resource and the ID of the sub-resource in the end. A relative ID replaces the ID of the parent resource with a token '$self', followed by the sub-resource ID itself. Example of a relative ID: $self/frontEndConfigurations/my-frontend.
SubResourceResponse, SubResourceResponseArgs      
- Id string
- Resource ID.
- Id string
- Resource ID.
- id String
- Resource ID.
- id string
- Resource ID.
- id str
- Resource ID.
- id String
- Resource ID.
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:network:AzureFirewall azurefirewall /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName} 
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0