Microsoft.Network firewallPolicies 2021-02-01

Article
10/24/2024

Bicep resource definition

The firewallPolicies resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Network/firewallPolicies@2021-02-01' = {
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    basePolicy: {
      id: 'string'
    }
    dnsSettings: {
      enableProxy: bool
      requireProxyForNetworkRules: bool
      servers: [
        'string'
      ]
    }
    insights: {
      isEnabled: bool
      logAnalyticsResources: {
        defaultWorkspaceId: {
          id: 'string'
        }
        workspaces: [
          {
            region: 'string'
            workspaceId: {
              id: 'string'
            }
          }
        ]
      }
      retentionDays: int
    }
    intrusionDetection: {
      configuration: {
        bypassTrafficSettings: [
          {
            description: 'string'
            destinationAddresses: [
              'string'
            ]
            destinationIpGroups: [
              'string'
            ]
            destinationPorts: [
              'string'
            ]
            name: 'string'
            protocol: 'string'
            sourceAddresses: [
              'string'
            ]
            sourceIpGroups: [
              'string'
            ]
          }
        ]
        signatureOverrides: [
          {
            id: 'string'
            mode: 'string'
          }
        ]
      }
      mode: 'string'
    }
    sku: {
      tier: 'string'
    }
    snat: {
      privateRanges: [
        'string'
      ]
    }
    threatIntelMode: 'string'
    threatIntelWhitelist: {
      fqdns: [
        'string'
      ]
      ipAddresses: [
        'string'
      ]
    }
    transportSecurity: {
      certificateAuthority: {
        keyVaultSecretId: 'string'
        name: 'string'
      }
    }
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

DnsSettings

Name	Description	Value
enableProxy	Enable DNS Proxy on Firewalls attached to the Firewall Policy.	bool
requireProxyForNetworkRules	FQDNs in Network Rules are supported when set to true.	bool
servers	List of Custom DNS Servers.	string[]

FirewallPolicyCertificateAuthority

Name	Description	Value
keyVaultSecretId	Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.	string
name	Name of the CA certificate.	string

FirewallPolicyInsights

Name	Description	Value
isEnabled	A flag to indicate if the insights are enabled on the policy.	bool
logAnalyticsResources	Workspaces needed to configure the Firewall Policy Insights.	FirewallPolicyLogAnalyticsResources
retentionDays	Number of days the insights should be enabled on the policy.	int

FirewallPolicyIntrusionDetection

Name	Description	Value
configuration	Intrusion detection configuration properties.	FirewallPolicyIntrusionDetectionConfiguration
mode	Intrusion detection general state.	'Alert' 'Deny' 'Off'

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

Name	Description	Value
description	Description of the bypass traffic rule.	string
destinationAddresses	List of destination IP addresses or ranges for this rule.	string[]
destinationIpGroups	List of destination IpGroups for this rule.	string[]
destinationPorts	List of destination ports or ranges.	string[]
name	Name of the bypass traffic rule.	string
protocol	The rule bypass protocol.	'ANY' 'ICMP' 'TCP' 'UDP'
sourceAddresses	List of source IP addresses or ranges for this rule.	string[]
sourceIpGroups	List of source IpGroups for this rule.	string[]

FirewallPolicyIntrusionDetectionConfiguration

Name	Description	Value
bypassTrafficSettings	List of rules for traffic to bypass.	FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]
signatureOverrides	List of specific signatures states.	FirewallPolicyIntrusionDetectionSignatureSpecification[]

FirewallPolicyIntrusionDetectionSignatureSpecification

Name	Description	Value
id	Signature id.	string
mode	The signature state.	'Alert' 'Deny' 'Off'

FirewallPolicyLogAnalyticsResources

Name	Description	Value
defaultWorkspaceId	The default workspace Id for Firewall Policy Insights.	SubResource
workspaces	List of workspaces for Firewall Policy Insights.	FirewallPolicyLogAnalyticsWorkspace[]

FirewallPolicyLogAnalyticsWorkspace

Name	Description	Value
region	Region to configure the Workspace.	string
workspaceId	The workspace Id for Firewall Policy Insights.	SubResource

FirewallPolicyPropertiesFormat

Name	Description	Value
basePolicy	The parent firewall policy from which rules are inherited.	SubResource
dnsSettings	DNS Proxy Settings definition.	DnsSettings
insights	Insights on Firewall Policy.	FirewallPolicyInsights
intrusionDetection	The configuration for Intrusion detection.	FirewallPolicyIntrusionDetection
sku	The Firewall Policy SKU.	FirewallPolicySku
snat	The private IP addresses/IP ranges to which traffic will not be SNAT.	FirewallPolicySnat
threatIntelMode	The operation mode for Threat Intelligence.	'Alert' 'Deny' 'Off'
threatIntelWhitelist	ThreatIntel Whitelist for Firewall Policy.	FirewallPolicyThreatIntelWhitelist
transportSecurity	TLS Configuration definition.	FirewallPolicyTransportSecurity

FirewallPolicySku

Name	Description	Value
tier	Tier of Firewall Policy.	'Premium' 'Standard'

FirewallPolicySnat

Name	Description	Value
privateRanges	List of private IP addresses/IP address ranges to not be SNAT.	string[]

FirewallPolicyThreatIntelWhitelist

Name	Description	Value
fqdns	List of FQDNs for the ThreatIntel Whitelist.	string[]
ipAddresses	List of IP addresses for the ThreatIntel Whitelist.	string[]

FirewallPolicyTransportSecurity

Name	Description	Value
certificateAuthority	The CA used for intermediate CA generation.	FirewallPolicyCertificateAuthority

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/firewallPolicies

Name	Description	Value
identity	The identity of the firewall policy.	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the firewall policy.	FirewallPolicyPropertiesFormat
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File	Description
Create a Firewall and FirewallPolicy with Rules and Ipgroups	This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules.
Secured virtual hubs	This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured	Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Testing environment for Azure Firewall Premium	This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology	This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

ARM template resource definition

The firewallPolicies resource type can be deployed with operations that target:

Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies resource, add the following JSON to your template.

{
  "type": "Microsoft.Network/firewallPolicies",
  "apiVersion": "2021-02-01",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "basePolicy": {
      "id": "string"
    },
    "dnsSettings": {
      "enableProxy": "bool",
      "requireProxyForNetworkRules": "bool",
      "servers": [ "string" ]
    },
    "insights": {
      "isEnabled": "bool",
      "logAnalyticsResources": {
        "defaultWorkspaceId": {
          "id": "string"
        },
        "workspaces": [
          {
            "region": "string",
            "workspaceId": {
              "id": "string"
            }
          }
        ]
      },
      "retentionDays": "int"
    },
    "intrusionDetection": {
      "configuration": {
        "bypassTrafficSettings": [
          {
            "description": "string",
            "destinationAddresses": [ "string" ],
            "destinationIpGroups": [ "string" ],
            "destinationPorts": [ "string" ],
            "name": "string",
            "protocol": "string",
            "sourceAddresses": [ "string" ],
            "sourceIpGroups": [ "string" ]
          }
        ],
        "signatureOverrides": [
          {
            "id": "string",
            "mode": "string"
          }
        ]
      },
      "mode": "string"
    },
    "sku": {
      "tier": "string"
    },
    "snat": {
      "privateRanges": [ "string" ]
    },
    "threatIntelMode": "string",
    "threatIntelWhitelist": {
      "fqdns": [ "string" ],
      "ipAddresses": [ "string" ]
    },
    "transportSecurity": {
      "certificateAuthority": {
        "keyVaultSecretId": "string",
        "name": "string"
      }
    }
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

DnsSettings

Name	Description	Value
enableProxy	Enable DNS Proxy on Firewalls attached to the Firewall Policy.	bool
requireProxyForNetworkRules	FQDNs in Network Rules are supported when set to true.	bool
servers	List of Custom DNS Servers.	string[]

FirewallPolicyCertificateAuthority

Name	Description	Value
keyVaultSecretId	Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.	string
name	Name of the CA certificate.	string

FirewallPolicyInsights

Name	Description	Value
isEnabled	A flag to indicate if the insights are enabled on the policy.	bool
logAnalyticsResources	Workspaces needed to configure the Firewall Policy Insights.	FirewallPolicyLogAnalyticsResources
retentionDays	Number of days the insights should be enabled on the policy.	int

FirewallPolicyIntrusionDetection

Name	Description	Value
configuration	Intrusion detection configuration properties.	FirewallPolicyIntrusionDetectionConfiguration
mode	Intrusion detection general state.	'Alert' 'Deny' 'Off'

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

Name	Description	Value
description	Description of the bypass traffic rule.	string
destinationAddresses	List of destination IP addresses or ranges for this rule.	string[]
destinationIpGroups	List of destination IpGroups for this rule.	string[]
destinationPorts	List of destination ports or ranges.	string[]
name	Name of the bypass traffic rule.	string
protocol	The rule bypass protocol.	'ANY' 'ICMP' 'TCP' 'UDP'
sourceAddresses	List of source IP addresses or ranges for this rule.	string[]
sourceIpGroups	List of source IpGroups for this rule.	string[]

FirewallPolicyIntrusionDetectionConfiguration

Name	Description	Value
bypassTrafficSettings	List of rules for traffic to bypass.	FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]
signatureOverrides	List of specific signatures states.	FirewallPolicyIntrusionDetectionSignatureSpecification[]

FirewallPolicyIntrusionDetectionSignatureSpecification

Name	Description	Value
id	Signature id.	string
mode	The signature state.	'Alert' 'Deny' 'Off'

FirewallPolicyLogAnalyticsResources

Name	Description	Value
defaultWorkspaceId	The default workspace Id for Firewall Policy Insights.	SubResource
workspaces	List of workspaces for Firewall Policy Insights.	FirewallPolicyLogAnalyticsWorkspace[]

FirewallPolicyLogAnalyticsWorkspace

Name	Description	Value
region	Region to configure the Workspace.	string
workspaceId	The workspace Id for Firewall Policy Insights.	SubResource

FirewallPolicyPropertiesFormat

Name	Description	Value
basePolicy	The parent firewall policy from which rules are inherited.	SubResource
dnsSettings	DNS Proxy Settings definition.	DnsSettings
insights	Insights on Firewall Policy.	FirewallPolicyInsights
intrusionDetection	The configuration for Intrusion detection.	FirewallPolicyIntrusionDetection
sku	The Firewall Policy SKU.	FirewallPolicySku
snat	The private IP addresses/IP ranges to which traffic will not be SNAT.	FirewallPolicySnat
threatIntelMode	The operation mode for Threat Intelligence.	'Alert' 'Deny' 'Off'
threatIntelWhitelist	ThreatIntel Whitelist for Firewall Policy.	FirewallPolicyThreatIntelWhitelist
transportSecurity	TLS Configuration definition.	FirewallPolicyTransportSecurity

FirewallPolicySku

Name	Description	Value
tier	Tier of Firewall Policy.	'Premium' 'Standard'

FirewallPolicySnat

Name	Description	Value
privateRanges	List of private IP addresses/IP address ranges to not be SNAT.	string[]

FirewallPolicyThreatIntelWhitelist

Name	Description	Value
fqdns	List of FQDNs for the ThreatIntel Whitelist.	string[]
ipAddresses	List of IP addresses for the ThreatIntel Whitelist.	string[]

FirewallPolicyTransportSecurity

Name	Description	Value
certificateAuthority	The CA used for intermediate CA generation.	FirewallPolicyCertificateAuthority

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/firewallPolicies

Name	Description	Value
apiVersion	The api version	'2021-02-01'
identity	The identity of the firewall policy.	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the firewall policy.	FirewallPolicyPropertiesFormat
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Network/firewallPolicies'

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
Create a Firewall and FirewallPolicy with Rules and Ipgroups	This template deploys an Azure Firewall with Firewall Policy (including multiple application and network rules) referencing IP Groups in application and network rules.
Create a Firewall with FirewallPolicy and IpGroups	This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create a Firewall, FirewallPolicy with Explicit Proxy	This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup
Create a sandbox setup with Firewall Policy	This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges
Secured virtual hubs	This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet.
SharePoint Subscription / 2019 / 2016 fully configured	Create a DC, a SQL Server 2022, and from 1 to 5 server(s) hosting a SharePoint Subscription / 2019 / 2016 farm with an extensive configuration, including trusted authentication, user profiles with personal sites, an OAuth trust (using a certificate), a dedicated IIS site for hosting high-trust add-ins, etc... The latest version of key softwares (including Fiddler, vscode, np++, 7zip, ULS Viewer) is installed. SharePoint machines have additional fine-tuning to make them immediately usable (remote administration tools, custom policies for Edge and Chrome, shortcuts, etc...).
Testing environment for Azure Firewall Premium	This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering
Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology	This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering.

Terraform (AzAPI provider) resource definition

The firewallPolicies resource type can be deployed with operations that target:

Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Network/firewallPolicies resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Network/firewallPolicies@2021-02-01"
  name = "string"
  identity = {
    type = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  body = jsonencode({
    properties = {
      basePolicy = {
        id = "string"
      }
      dnsSettings = {
        enableProxy = bool
        requireProxyForNetworkRules = bool
        servers = [
          "string"
        ]
      }
      insights = {
        isEnabled = bool
        logAnalyticsResources = {
          defaultWorkspaceId = {
            id = "string"
          }
          workspaces = [
            {
              region = "string"
              workspaceId = {
                id = "string"
              }
            }
          ]
        }
        retentionDays = int
      }
      intrusionDetection = {
        configuration = {
          bypassTrafficSettings = [
            {
              description = "string"
              destinationAddresses = [
                "string"
              ]
              destinationIpGroups = [
                "string"
              ]
              destinationPorts = [
                "string"
              ]
              name = "string"
              protocol = "string"
              sourceAddresses = [
                "string"
              ]
              sourceIpGroups = [
                "string"
              ]
            }
          ]
          signatureOverrides = [
            {
              id = "string"
              mode = "string"
            }
          ]
        }
        mode = "string"
      }
      sku = {
        tier = "string"
      }
      snat = {
        privateRanges = [
          "string"
        ]
      }
      threatIntelMode = "string"
      threatIntelWhitelist = {
        fqdns = [
          "string"
        ]
        ipAddresses = [
          "string"
        ]
      }
      transportSecurity = {
        certificateAuthority = {
          keyVaultSecretId = "string"
          name = "string"
        }
      }
    }
  })
  tags = {
    {customized property} = "string"
  }
}

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

Name	Description	Value

DnsSettings

Name	Description	Value
enableProxy	Enable DNS Proxy on Firewalls attached to the Firewall Policy.	bool
requireProxyForNetworkRules	FQDNs in Network Rules are supported when set to true.	bool
servers	List of Custom DNS Servers.	string[]

FirewallPolicyCertificateAuthority

Name	Description	Value
keyVaultSecretId	Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault.	string
name	Name of the CA certificate.	string

FirewallPolicyInsights

Name	Description	Value
isEnabled	A flag to indicate if the insights are enabled on the policy.	bool
logAnalyticsResources	Workspaces needed to configure the Firewall Policy Insights.	FirewallPolicyLogAnalyticsResources
retentionDays	Number of days the insights should be enabled on the policy.	int

FirewallPolicyIntrusionDetection

Name	Description	Value
configuration	Intrusion detection configuration properties.	FirewallPolicyIntrusionDetectionConfiguration
mode	Intrusion detection general state.	'Alert' 'Deny' 'Off'

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

Name	Description	Value
description	Description of the bypass traffic rule.	string
destinationAddresses	List of destination IP addresses or ranges for this rule.	string[]
destinationIpGroups	List of destination IpGroups for this rule.	string[]
destinationPorts	List of destination ports or ranges.	string[]
name	Name of the bypass traffic rule.	string
protocol	The rule bypass protocol.	'ANY' 'ICMP' 'TCP' 'UDP'
sourceAddresses	List of source IP addresses or ranges for this rule.	string[]
sourceIpGroups	List of source IpGroups for this rule.	string[]

FirewallPolicyIntrusionDetectionConfiguration

Name	Description	Value
bypassTrafficSettings	List of rules for traffic to bypass.	FirewallPolicyIntrusionDetectionBypassTrafficSpecifications[]
signatureOverrides	List of specific signatures states.	FirewallPolicyIntrusionDetectionSignatureSpecification[]

FirewallPolicyIntrusionDetectionSignatureSpecification

Name	Description	Value
id	Signature id.	string
mode	The signature state.	'Alert' 'Deny' 'Off'

FirewallPolicyLogAnalyticsResources

Name	Description	Value
defaultWorkspaceId	The default workspace Id for Firewall Policy Insights.	SubResource
workspaces	List of workspaces for Firewall Policy Insights.	FirewallPolicyLogAnalyticsWorkspace[]

FirewallPolicyLogAnalyticsWorkspace

Name	Description	Value
region	Region to configure the Workspace.	string
workspaceId	The workspace Id for Firewall Policy Insights.	SubResource

FirewallPolicyPropertiesFormat

Name	Description	Value
basePolicy	The parent firewall policy from which rules are inherited.	SubResource
dnsSettings	DNS Proxy Settings definition.	DnsSettings
insights	Insights on Firewall Policy.	FirewallPolicyInsights
intrusionDetection	The configuration for Intrusion detection.	FirewallPolicyIntrusionDetection
sku	The Firewall Policy SKU.	FirewallPolicySku
snat	The private IP addresses/IP ranges to which traffic will not be SNAT.	FirewallPolicySnat
threatIntelMode	The operation mode for Threat Intelligence.	'Alert' 'Deny' 'Off'
threatIntelWhitelist	ThreatIntel Whitelist for Firewall Policy.	FirewallPolicyThreatIntelWhitelist
transportSecurity	TLS Configuration definition.	FirewallPolicyTransportSecurity

FirewallPolicySku

Name	Description	Value
tier	Tier of Firewall Policy.	'Premium' 'Standard'

FirewallPolicySnat

Name	Description	Value
privateRanges	List of private IP addresses/IP address ranges to not be SNAT.	string[]

FirewallPolicyThreatIntelWhitelist

Name	Description	Value
fqdns	List of FQDNs for the ThreatIntel Whitelist.	string[]
ipAddresses	List of IP addresses for the ThreatIntel Whitelist.	string[]

FirewallPolicyTransportSecurity

Name	Description	Value
certificateAuthority	The CA used for intermediate CA generation.	FirewallPolicyCertificateAuthority

ManagedServiceIdentity

Name	Description	Value
type	The type of identity used for the resource. The type 'SystemAssigned, UserAssigned' includes both an implicitly created identity and a set of user assigned identities. The type 'None' will remove any identities from the virtual machine.	'None' 'SystemAssigned' 'SystemAssigned, UserAssigned' 'UserAssigned'
userAssignedIdentities	The list of user identities associated with resource. The user identity dictionary key references will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

Microsoft.Network/firewallPolicies

Name	Description	Value
identity	The identity of the firewall policy.	ManagedServiceIdentity
location	Resource location.	string
name	The resource name	string (required)
properties	Properties of the firewall policy.	FirewallPolicyPropertiesFormat
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Network/firewallPolicies@2021-02-01"

ResourceTags

Name	Description	Value

SubResource

Name	Description	Value
id	Resource ID.	string

Share via

Microsoft.Network firewallPolicies 2021-02-01

Bicep resource definition

Resource format

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

DnsSettings

FirewallPolicyCertificateAuthority

FirewallPolicyInsights

FirewallPolicyIntrusionDetection

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

FirewallPolicyIntrusionDetectionConfiguration

FirewallPolicyIntrusionDetectionSignatureSpecification

FirewallPolicyLogAnalyticsResources

FirewallPolicyLogAnalyticsWorkspace

FirewallPolicyPropertiesFormat

FirewallPolicySku

FirewallPolicySnat

FirewallPolicyThreatIntelWhitelist

FirewallPolicyTransportSecurity

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

Microsoft.Network/firewallPolicies

ResourceTags

SubResource

Quickstart samples

ARM template resource definition

Resource format

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

DnsSettings

FirewallPolicyCertificateAuthority

FirewallPolicyInsights

FirewallPolicyIntrusionDetection

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

FirewallPolicyIntrusionDetectionConfiguration

FirewallPolicyIntrusionDetectionSignatureSpecification

FirewallPolicyLogAnalyticsResources

FirewallPolicyLogAnalyticsWorkspace

FirewallPolicyPropertiesFormat

FirewallPolicySku

FirewallPolicySnat

FirewallPolicyThreatIntelWhitelist

FirewallPolicyTransportSecurity

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

Microsoft.Network/firewallPolicies

ResourceTags

SubResource

Quickstart templates

Terraform (AzAPI provider) resource definition

Resource format

Property values

Components1Jq1T4ISchemasManagedserviceidentityPropertiesUserassignedidentitiesAdditionalproperties

DnsSettings

FirewallPolicyCertificateAuthority

FirewallPolicyInsights

FirewallPolicyIntrusionDetection

FirewallPolicyIntrusionDetectionBypassTrafficSpecifications

FirewallPolicyIntrusionDetectionConfiguration

FirewallPolicyIntrusionDetectionSignatureSpecification

FirewallPolicyLogAnalyticsResources

FirewallPolicyLogAnalyticsWorkspace

FirewallPolicyPropertiesFormat

FirewallPolicySku

FirewallPolicySnat

FirewallPolicyThreatIntelWhitelist

FirewallPolicyTransportSecurity

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

Microsoft.Network/firewallPolicies

ResourceTags

SubResource

Feedback

Additional resources