az network firewall policy draft

Note

This reference is part of the azure-firewall extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network firewall policy draft command. Learn more about extensions.

Manage and configure Azure firewall policy draft,.

Commands

Name	Description	Type	Status
az network firewall policy draft create	Create a draft Firewall Policy.	Extension	Preview
az network firewall policy draft delete	Delete a draft policy.	Extension	GA
az network firewall policy draft intrusion-detection	Manage intrusion signature rules and bypass rules.	Extension	GA
az network firewall policy draft intrusion-detection add	Update a draft Firewall Policy.	Extension	Preview
az network firewall policy draft intrusion-detection list	List all intrusion detection configuration.	Extension	Preview
az network firewall policy draft intrusion-detection remove	Update a draft Firewall Policy.	Extension	Preview
az network firewall policy draft rule-collection-group		Extension	GA
az network firewall policy draft rule-collection-group wait	Place the CLI in a waiting state until a condition is met.	Extension	GA
az network firewall policy draft show	Get a draft Firewall Policy.	Extension	Preview
az network firewall policy draft update	Update a draft Firewall Policy.	Extension	Preview
az network firewall policy draft wait	Place the CLI in a waiting state until a condition is met.	Extension	GA

az network firewall policy draft create

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Create a draft Firewall Policy.

az network firewall policy draft create --policy-name
                                        --resource-group
                                        [--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
                                        [--base-policy]
                                        [--dns-servers]
                                        [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--explicit-proxy]
                                        [--fqdns]
                                        [--idps-mode {Alert, Deny, Off}]
                                        [--ip-addresses]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--private-ranges]
                                        [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--tags]
                                        [--threat-intel-mode {Alert, Deny, Off}]

Required Parameters

--policy-name

The name of the Firewall Policy.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Property	Value
Parameter group:	Snat Arguments
Accepted values:	Disabled, Enabled

--base-policy

The name or ID of parent firewall policy from which rules are inherited.

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	DNS Arguments

--enable-dns-proxy

Enable DNS Proxy.

Property	Value
Parameter group:	DNS Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Explicit Proxy Arguments

--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Threat Intel Allowlist Arguments

--idps-mode

Preview

IDPS mode.

Property	Value
Parameter group:	Intrustion Detection Arguments
Accepted values:	Alert, Deny, Off

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Threat Intel Allowlist Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Snat Arguments

--sql

Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Property	Value
Accepted values:	Alert, Deny, Off

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network firewall policy draft delete

Delete a draft policy.

az network firewall policy draft delete [--ids]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--policy-name]
                                        [--resource-group]
                                        [--subscription]
                                        [--yes]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--ids

One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.

Property	Value
Parameter group:	Resource Id Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--policy-name

The name of the Firewall Policy.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--yes -y

Do not prompt for confirmation.

Property	Value
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network firewall policy draft show

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Get a draft Firewall Policy.

az network firewall policy draft show [--expand]
                                      [--ids]
                                      [--policy-name]
                                      [--resource-group]
                                      [--subscription]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--expand

Expands referenced resources. Default value is None.

--ids

Property	Value
Parameter group:	Resource Id Arguments

--policy-name

The name of the Firewall Policy.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network firewall policy draft update

Preview

This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Update a draft Firewall Policy.

az network firewall policy draft update [--add]
                                        [--auto-learn-private-ranges --learn-ranges {Disabled, Enabled}]
                                        [--dns-servers]
                                        [--enable-dns-proxy {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--explicit-proxy]
                                        [--force-string {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--fqdns]
                                        [--idps-mode {Alert, Deny, Off}]
                                        [--ids]
                                        [--ip-addresses]
                                        [--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--policy-name]
                                        [--private-ranges]
                                        [--remove]
                                        [--resource-group]
                                        [--set]
                                        [--sql {0, 1, f, false, n, no, t, true, y, yes}]
                                        [--subscription]
                                        [--tags]
                                        [--threat-intel-mode {Alert, Deny, Off}]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.

Property	Value
Parameter group:	Generic Update Arguments

--auto-learn-private-ranges --learn-ranges

The operation mode for automatically learning private ranges to not be SNAT.

Property	Value
Parameter group:	Snat Arguments
Accepted values:	Disabled, Enabled

--dns-servers

Space-separated list of DNS server IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	DNS Arguments

--enable-dns-proxy

Enable DNS Proxy.

Property	Value
Parameter group:	DNS Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--explicit-proxy

Explicit Proxy Settings definition. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Explicit Proxy Arguments

--force-string

When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.

Property	Value
Parameter group:	Generic Update Arguments
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--fqdns

Space-separated list of FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Threat Intel Allowlist Arguments

--idps-mode

Preview

IDPS mode.

Property	Value
Parameter group:	Intrustion Detection Arguments
Accepted values:	Alert, Deny, Off

--ids

Property	Value
Parameter group:	Resource Id Arguments

--ip-addresses

Space-separated list of IPv4 addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Threat Intel Allowlist Arguments

--no-wait

Do not wait for the long-running operation to finish.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--policy-name

The name of the Firewall Policy.

Property	Value
Parameter group:	Resource Id Arguments

--private-ranges

List of private IP addresses/IP address ranges to not be SNAT. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

Property	Value
Parameter group:	Snat Arguments

--remove

Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.

Property	Value
Parameter group:	Generic Update Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.

Property	Value
Parameter group:	Generic Update Arguments

--sql

Preview

A flag to indicate if SQL Redirect traffic filtering is enabled.

Property	Value
Accepted values:	0, 1, f, false, n, no, t, true, y, yes

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.

--threat-intel-mode

The operation mode for Threat Intelligence.

Property	Value
Accepted values:	Alert, Deny, Off

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

az network firewall policy draft wait

Place the CLI in a waiting state until a condition is met.

az network firewall policy draft wait [--created]
                                      [--custom]
                                      [--deleted]
                                      [--exists]
                                      [--expand]
                                      [--ids]
                                      [--interval]
                                      [--name]
                                      [--resource-group]
                                      [--subscription]
                                      [--timeout]
                                      [--updated]

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--created

Wait until created with 'provisioningState' at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--custom

Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].

Property	Value
Parameter group:	Wait Condition Arguments

--deleted

Wait until deleted.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--exists

Wait until the resource exists.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

--expand

Expands referenced resources. Default value is None.

--ids

Property	Value
Parameter group:	Resource Id Arguments

--interval

Polling interval in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	30

--name -n

The name of the Firewall Policy.

Property	Value
Parameter group:	Resource Id Arguments

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Property	Value
Parameter group:	Resource Id Arguments

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

Property	Value
Parameter group:	Resource Id Arguments

--timeout

Maximum wait in seconds.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	3600

--updated

Wait until updated with provisioningState at 'Succeeded'.

Property	Value
Parameter group:	Wait Condition Arguments
Default value:	False

Global Parameters

--debug

Increase logging verbosity to show all debug logs.

Property	Value
Default value:	False

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property	Value
Default value:	False

--output -o

Output format.

Property	Value
Default value:	json
Accepted values:	json, jsonc, none, table, tsv, yaml, yamlc

--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property	Value
Default value:	False

Share via

az network firewall policy draft

Commands

az network firewall policy draft create

Required Parameters

Optional Parameters

az network firewall policy draft delete

Optional Parameters

az network firewall policy draft show

Optional Parameters

az network firewall policy draft update

Optional Parameters

az network firewall policy draft wait

Optional Parameters

Feedback