New-AzFirewall
Creates a new Firewall in a resource group.
Syntax
Default (Default)
New-AzFirewall
-Name <String>
-ResourceGroupName <String>
-Location <String>
[-PublicIpAddress <PSPublicIpAddress[]>]
[-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
[-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
[-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>]
[-ThreatIntelMode <String>]
[-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>]
[-PrivateRange <String[]>]
[-EnableDnsProxy]
[-DnsServer <String[]>]
[-Tag <Hashtable>]
[-Force]
[-AsJob]
[-Zone <String[]>]
[-SkuName <String>]
[-SkuTier <String>]
[-VirtualHubId <String>]
[-HubIPAddress <PSAzureFirewallHubIpAddresses>]
[-FirewallPolicyId <String>]
[-AllowActiveFTP]
[-EnableFatFlowLogging]
[-EnableDnstapLogging]
[-EnableUDPLogOptimization]
[-RouteServerId <String>]
[-MinCapacity <Int32>]
[-MaxCapacity <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
OldIpConfigurationParameterValues
New-AzFirewall
-Name <String>
-ResourceGroupName <String>
-Location <String>
-VirtualNetworkName <String>
[-PublicIpName <String>]
[-PublicIpAddress <PSPublicIpAddress[]>]
[-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
[-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
[-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>]
[-ThreatIntelMode <String>]
[-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>]
[-PrivateRange <String[]>]
[-EnableDnsProxy]
[-DnsServer <String[]>]
[-Tag <Hashtable>]
[-Force]
[-AsJob]
[-Zone <String[]>]
[-SkuName <String>]
[-SkuTier <String>]
[-VirtualHubId <String>]
[-HubIPAddress <PSAzureFirewallHubIpAddresses>]
[-FirewallPolicyId <String>]
[-AllowActiveFTP]
[-EnableFatFlowLogging]
[-EnableDnstapLogging]
[-EnableUDPLogOptimization]
[-RouteServerId <String>]
[-MinCapacity <Int32>]
[-MaxCapacity <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
IpConfigurationParameterValues
New-AzFirewall
-Name <String>
-ResourceGroupName <String>
-Location <String>
-VirtualNetwork <PSVirtualNetwork>
[-PublicIpAddress <PSPublicIpAddress[]>]
[-ManagementPublicIpAddress <PSPublicIpAddress>]
[-ApplicationRuleCollection <PSAzureFirewallApplicationRuleCollection[]>]
[-NatRuleCollection <PSAzureFirewallNatRuleCollection[]>]
[-NetworkRuleCollection <PSAzureFirewallNetworkRuleCollection[]>]
[-ThreatIntelMode <String>]
[-ThreatIntelWhitelist <PSAzureFirewallThreatIntelWhitelist>]
[-PrivateRange <String[]>]
[-EnableDnsProxy]
[-DnsServer <String[]>]
[-Tag <Hashtable>]
[-Force]
[-AsJob]
[-Zone <String[]>]
[-SkuName <String>]
[-SkuTier <String>]
[-VirtualHubId <String>]
[-HubIPAddress <PSAzureFirewallHubIpAddresses>]
[-FirewallPolicyId <String>]
[-AllowActiveFTP]
[-EnableFatFlowLogging]
[-EnableDnstapLogging]
[-EnableUDPLogOptimization]
[-RouteServerId <String>]
[-MinCapacity <Int32>]
[-MaxCapacity <Int32>]
[-DefaultProfile <IAzureContextContainer>]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-AzFirewall cmdlet creates an Azure Firewall.
Examples
Example 1: Create a Firewall attached to a virtual network
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip
This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
Since no rules were specified, the firewall will block all traffic (default behavior).
Threat Intel will also run in default mode - Alert - which means malicious traffic will be logged, but not denied.
Example 2: Create a Firewall which allows all HTTPS traffic
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$rule = New-AzFirewallApplicationRule -Name R1 -Protocol "https:443" -TargetFqdn "*"
$ruleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ApplicationRuleCollection $ruleCollection
This example creates a Firewall which allows all HTTPS traffic on port 443.
Threat Intel will run in default mode - Alert - which means malicious traffic will be logged, but not denied.
Example 3: DNAT - redirect traffic destined to 10.1.2.3:80 to 10.2.3.4:8080
$rule = New-AzFirewallNatRule -Name "natRule" -Protocol "TCP" -SourceAddress "*" -DestinationAddress "10.1.2.3" -DestinationPort "80" -TranslatedAddress "10.2.3.4" -TranslatedPort "8080"
$ruleCollection = New-AzFirewallNatRuleCollection -Name "NatRuleCollection" -Priority 1000 -Rule $rule
New-AzFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -NatRuleCollection $ruleCollection -ThreatIntelMode Off
This example created a Firewall which translated the destination IP and port of all packets destined to 10.1.2.3:80 to 10.2.3.4:8080
Threat Intel is turned off in this example.
Example 4: Create a Firewall with no rules and with Threat Intel in Alert mode
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ThreatIntelMode Alert
This example creates a Firewall which blocks all traffic (default behavior) and has Threat Intel running in Alert mode.
This means alerting logs are emitted for malicious traffic before applying the other rules (in this case just the default rule - Deny All)
Example 5: Create a Firewall which allows all HTTP traffic on port 8080, but blocks malicious domains identified by Threat Intel
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$rule = New-AzFirewallApplicationRule -Name R1 -Protocol "http:8080" -TargetFqdn "*"
$ruleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ApplicationRuleCollection $ruleCollection -ThreatIntelMode Deny
This example creates a Firewall which allows all HTTP traffic on port 8080 unless it is considered malicious by Threat Intel.
When running in Deny mode, unlike Alert, traffic considered malicious by Threat Intel is not just logged, but also blocked.
Example 6: Create a Firewall with no rules and with availability zones
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetworkName $vnet.Name -PublicIpName $pip.Name -Zone 1,2,3
This example creates a Firewall with all available availability zones.
Example 7: Create a Firewall with two or more Public IP Addresses
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -Name "vnet" -ResourceGroupName $rgName
$pip1 = New-AzPublicIpAddress -Name "AzFwPublicIp1" -ResourceGroupName "rg" -Sku "Basic" -Tier "Regional" -Location "centralus" -AllocationMethod Static
$pip2 = New-AzPublicIpAddress -Name "AzFwPublicIp2" -ResourceGroupName "rg" -Sku "Basic" -Tier "Regional" -Location "centralus" -AllocationMethod Static
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress @($pip1, $pip2)
This example creates a Firewall attached to virtual network "vnet" with two public IP addresses.
Example 8: Create a Firewall which allows MSSQL traffic to specific SQL database
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$rule = New-AzFirewallApplicationRule -Name R1 -Protocol "mssql:1433" -TargetFqdn "sql1.database.windows.net"
$ruleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ApplicationRuleCollection $ruleCollection -ThreatIntelMode Deny
This example creates a Firewall which allows MSSQL traffic on standard port 1433 to SQL database sql1.database.windows.net.
Example 9: Create a Firewall attached to a virtual hub
$rgName = "resourceGroupName"
$fp = Get-AzFirewallPolicy -ResourceGroupName $rgName -Name "fp"
$fpId = $fp.Id
$vHub = Get-AzVirtualHub -Name "hub"
$vHubId = $vHub.Id
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -SkuName AZFW_Hub -VirtualHubId $vHubId -FirewallPolicyId -$fpId
This example creates a Firewall attached to virtual hub "vHub". A firewall policy $fp will be attached to the firewall. This firewall allows/denies the traffic based on the rules mentioned in the firewall policy $fp. The virtual hub and the firewall should be in the same regions.
Example 10: Create a Firewall with threat intelligence allowlist setup
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$tiWhitelist = New-AzFirewallThreatIntelWhitelist -FQDN @("www.microsoft.com") -IpAddress @("8.8.8.8")
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ThreatIntelWhitelist $tiWhitelist
This example creates a Firewall that allowlists "www.microsoft.com" and "8.8.8.8" from threat intelligence
Example 11: Create a Firewall with customized private range setup
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -PrivateRange @("99.99.99.0/24", "66.66.0.0/16")
This example creates a Firewall that treats "99.99.99.0/24" and "66.66.0.0/16" as private ip ranges and won't snat traffic to those addresses
Example 12: Create a Firewall with a management subnet and Public IP address
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$mgmtPip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "managementPublicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -ManagementPublicIpAddress $mgmtPip
This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
Since no rules were specified, the firewall will block all traffic (default behavior).
Threat Intel will also run in default mode - Alert - which means malicious traffic will be logged, but not denied.
To support "forced tunneling" scenarios, this firewall will use the subnet "AzureFirewallManagementSubnet" and the management public IP address for its management traffic
Example 13: Create a Firewall with Firewall Policy attached to a virtual network
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
$fp = Get-AzFirewallPolicy -ResourceGroupName $rgName -Name "fp"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -FirewallPolicyId $fp
This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
The rules and threat intelligence that will be applied to the firewall will be taken from the firewall policy
Example 14: Create a Firewall with DNS Proxy and DNS Servers
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -DnsServer @("10.10.10.1", "20.20.20.2")
This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
DNS Proxy is enabled for this firewall and 2 DNS Servers are provided. Also Require DNS Proxy for Network rules is set
so if there are any Network rules with FQDNs then DNS proxy will be used for them too.
Example 15: Create a Firewall with multiple IPs. The Firewall can be associated with the Virtual Hub
$rgName = "resourceGroupName"
$vHub = Get-AzVirtualHub -Name "hub"
$vHubId = $vHub.Id
$fwpips = New-AzFirewallHubPublicIpAddress -Count 2
$hubIpAddresses = New-AzFirewallHubIpAddress -PublicIP $fwpips
$fw=New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location westus -SkuName AZFW_Hub -HubIPAddress $hubIpAddresses -VirtualHubId $vHubId
This example creates a Firewall attached to virtual hub "hub" in the same resource group as the firewall.
The Firewall will be assigned 2 public IPs that are created implicitly.
Example 16: Create a Firewall with Allow Active FTP.
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -AllowActiveFTP
This example creates a Firewall with allow active FTP flag.
Example 17: Create a Firewall with a management subnet and no data Public IP address
$rgName = "resourceGroupName"
$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
$mgmtPip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "managementPublicIpName"
New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -ManagementPublicIpAddress $mgmtPip
This example creates a "forced tunneling" Firewall that uses the subnet "AzureFirewallManagementSubnet" and the management public IP address for its management traffic.
In this scenario, users do not have to specify a data Public IP if they are only using firewall for private traffic only.
Parameters
-AllowActiveFTP
Allows Active FTP on the Firewall. By default it is disabled.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-ApplicationRuleCollection
Specifies the collections of application rules for the new Firewall.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-AsJob
Run cmdlet in the background
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: cf
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Parameter properties
Type: IAzureContextContainer
Default value: None Supports wildcards: False DontShow: False Aliases: AzContext, AzureRmContext, AzureCredential
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-DnsServer
The list of DNS Servers to be used for DNS resolution,
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableDnsProxy
Enable DNS Proxy. By default it is disabled.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableDnstapLogging
Enable Dnstap Logging. By default it is false.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableFatFlowLogging
Enable Fat Flow Logging. By default it is false.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-EnableUDPLogOptimization
Enable UDP Log Optimization. By default it is false.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-FirewallPolicyId
The firewall policy attached to the firewall
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
Type: SwitchParameter
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-HubIPAddress
The ip addresses for the firewall attached to a virtual hub
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Location
Specifies the region for the Firewall.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ManagementPublicIpAddress
One or more Public IP Addresses to use for management traffic. The Public IP addresses must use Standard SKU and must belong to the same resource group as the Firewall.
Parameter properties
Parameter sets
IpConfigurationParameterValues
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-MaxCapacity
The maximum number of capacity units for this azure firewall
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-MinCapacity
The minimum number of capacity units for this azure firewall
Parameter properties
Type: Nullable<T> [ Int32 ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Name
Specifies the name of the Azure Firewall that this cmdlet creates.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False Aliases: ResourceName
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-NatRuleCollection
The list of AzureFirewallNatRuleCollections
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-NetworkRuleCollection
The list of AzureFirewallNetworkRuleCollections
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-PrivateRange
The private IP ranges to which traffic won't be SNAT'ed
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-PublicIpAddress
One or more Public IP Addresses. The Public IP addresses must use Standard SKU and must belong to the same resource group as the Firewall. No input needed for Forced Tunneling Firewalls.
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-PublicIpName
Public Ip Name. The Public IP must use Standard SKU and must belong to the same resource group as the Firewall.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
OldIpConfigurationParameterValues
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ResourceGroupName
Specifies the name of a resource group to contain the Firewall.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-RouteServerId
The Route Server Id for the firewall
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-SkuName
The sku name for firewall
Parameter properties
Type: String
Default value: None Accepted values: AZFW_Hub, AZFW_VNet Supports wildcards: False DontShow: False Aliases: Sku
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-SkuTier
The sku tier for firewall
Parameter properties
Type: String
Default value: None Accepted values: Standard, Premium, Basic Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-Tag
Key-value pairs in the form of a hash table. For example:
@{key0="value0";key1=$null;key2="value2"}
Parameter properties
Type: Hashtable
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ThreatIntelMode
Specifies the operation mode for Threat Intelligence. Default mode is Alert, not Off.
Parameter properties
Type: String
Default value: Alert Accepted values: Alert, Deny, Off Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-ThreatIntelWhitelist
The allowlist for Threat Intelligence
Parameter properties
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-VirtualHubId
The virtual hub that a firewall is attached to
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-VirtualNetwork
Virtual Network
Parameter properties
Type: PSVirtualNetwork
Default value: None Supports wildcards: False DontShow: False
Parameter sets
IpConfigurationParameterValues
Position: Named Mandatory: True Value from pipeline: True Value from pipeline by property name: False Value from remaining arguments: False
-VirtualNetworkName
Specifies the name of the virtual network for which the Firewall will be deployed. Virtual network and Firewall must belong to the same resource group.
Parameter properties
Type: String
Default value: None Supports wildcards: False DontShow: False
Parameter sets
OldIpConfigurationParameterValues
Position: Named Mandatory: True Value from pipeline: False Value from pipeline by property name: True Value from remaining arguments: False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type: SwitchParameter
Default value: False Supports wildcards: False DontShow: False Aliases: wi
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
-Zone
A list of availability zones denoting where the firewall needs to come from.
Parameter properties
Type: String [ ]
Default value: None Supports wildcards: False DontShow: False
Parameter sets
(All)
Position: Named Mandatory: False Value from pipeline: False Value from pipeline by property name: False Value from remaining arguments: False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters .
Outputs
