Microsoft.Network routeTables 2016-03-30
- Latest
- 2024-03-01
- 2024-01-01
- 2023-11-01
- 2023-09-01
- 2023-06-01
- 2023-05-01
- 2023-04-01
- 2023-02-01
- 2022-11-01
- 2022-09-01
- 2022-07-01
- 2022-05-01
- 2022-01-01
- 2021-08-01
- 2021-05-01
- 2021-03-01
- 2021-02-01
- 2020-11-01
- 2020-08-01
- 2020-07-01
- 2020-06-01
- 2020-05-01
- 2020-04-01
- 2020-03-01
- 2019-12-01
- 2019-11-01
- 2019-09-01
- 2019-08-01
- 2019-07-01
- 2019-06-01
- 2019-04-01
- 2019-02-01
- 2018-12-01
- 2018-11-01
- 2018-10-01
- 2018-08-01
- 2018-07-01
- 2018-06-01
- 2018-04-01
- 2018-02-01
- 2018-01-01
- 2017-11-01
- 2017-10-01
- 2017-09-01
- 2017-08-01
- 2017-06-01
- 2017-03-30
- 2017-03-01
- 2016-12-01
- 2016-09-01
- 2016-06-01
- 2016-03-30
- 2015-06-15
- 2015-05-01-preview
Bicep resource definition
The routeTables resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/routeTables resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Network/routeTables@2016-03-30' = {
etag: 'string'
location: 'string'
name: 'string'
properties: {
provisioningState: 'string'
routes: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
nextHopIpAddress: 'string'
nextHopType: 'string'
provisioningState: 'string'
}
}
]
subnets: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
addressPrefix: 'string'
ipConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
dnsSettings: {
domainNameLabel: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipConfiguration: ...
provisioningState: 'string'
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
resourceGuid: 'string'
}
tags: {
{customized property}: 'string'
}
}
subnet: ...
}
}
]
networkSecurityGroup: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
defaultSecurityRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationPortRange: 'string'
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourcePortRange: 'string'
}
}
]
networkInterfaces: [
{
etag: 'string'
id: 'string'
location: 'string'
properties: {
dnsSettings: {
appliedDnsServers: [
'string'
]
dnsServers: [
'string'
]
internalDnsNameLabel: 'string'
internalDomainNameSuffix: 'string'
internalFqdn: 'string'
}
enableIPForwarding: bool
ipConfigurations: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
applicationGatewayBackendAddressPools: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendAddresses: [
{
fqdn: 'string'
ipAddress: 'string'
}
]
backendIPConfigurations: [
...
]
provisioningState: 'string'
}
}
]
loadBalancerBackendAddressPools: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendIPConfigurations: [
...
]
loadBalancingRules: [
{
id: 'string'
}
]
outboundNatRule: {
id: 'string'
}
provisioningState: 'string'
}
}
]
loadBalancerInboundNatRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
backendIPConfiguration: ...
backendPort: int
enableFloatingIP: bool
frontendIPConfiguration: {
id: 'string'
}
frontendPort: int
idleTimeoutInMinutes: int
protocol: 'string'
provisioningState: 'string'
}
}
]
primary: bool
privateIPAddress: 'string'
privateIPAddressVersion: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: {
etag: 'string'
id: 'string'
location: 'string'
properties: {
dnsSettings: {
domainNameLabel: 'string'
fqdn: 'string'
reverseFqdn: 'string'
}
idleTimeoutInMinutes: int
ipAddress: 'string'
ipConfiguration: {
etag: 'string'
id: 'string'
name: 'string'
properties: {
privateIPAddress: 'string'
privateIPAllocationMethod: 'string'
provisioningState: 'string'
publicIPAddress: ...
subnet: ...
}
}
provisioningState: 'string'
publicIPAddressVersion: 'string'
publicIPAllocationMethod: 'string'
resourceGuid: 'string'
}
tags: {
{customized property}: 'string'
}
}
subnet: ...
}
}
]
macAddress: 'string'
networkSecurityGroup: ...
primary: bool
provisioningState: 'string'
resourceGuid: 'string'
virtualMachine: {
id: 'string'
}
}
tags: {
{customized property}: 'string'
}
}
]
provisioningState: 'string'
resourceGuid: 'string'
securityRules: [
{
etag: 'string'
id: 'string'
name: 'string'
properties: {
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationPortRange: 'string'
direction: 'string'
priority: int
protocol: 'string'
provisioningState: 'string'
sourceAddressPrefix: 'string'
sourcePortRange: 'string'
}
}
]
subnets: [
...
]
}
tags: {
{customized property}: 'string'
}
}
provisioningState: 'string'
routeTable: {
etag: 'string'
id: 'string'
location: 'string'
properties: ...
tags: {
{customized property}: 'string'
}
}
}
}
]
}
tags: {
{customized property}: 'string'
}
}
Property values
ApplicationGatewayBackendAddress
| Name | Description | Value |
|---|---|---|
| fqdn | Gets or sets the dns name | string |
| ipAddress | Gets or sets the ip address | string |
ApplicationGatewayBackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Backend Address Pool of application gateway | ApplicationGatewayBackendAddressPoolPropertiesFormat |
ApplicationGatewayBackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendAddresses | Gets or sets the backend addresses | ApplicationGatewayBackendAddress[] |
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| provisioningState | Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed | string |
BackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| loadBalancingRules | Gets Load Balancing rules that use this Backend Address Pool | SubResource[] |
| outboundNatRule | Gets outbound rules that use this Backend Address Pool | SubResource |
| provisioningState | Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
InboundNatRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfiguration | Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP | NetworkInterfaceIPConfiguration |
| backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
| enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
| frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
| frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
| idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
| protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
IPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | IPConfigurationPropertiesFormat |
IPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
| subnet | Gets or sets the reference of the subnet resource | Subnet |
Microsoft.Network/routeTables
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkInterface
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | NetworkInterface properties. | NetworkInterfacePropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkInterfaceDnsSettings
| Name | Description | Value |
|---|---|---|
| appliedDnsServers | Gets or sets list of Applied DNS servers IP addresses | string[] |
| dnsServers | Gets or sets list of DNS servers IP addresses | string[] |
| internalDnsNameLabel | Gets or sets the Internal DNS name | string |
| internalDomainNameSuffix | Gets or sets internal domain name suffix of the NIC. | string |
| internalFqdn | Gets or sets the internal FQDN. | string |
NetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Gets or sets the reference of ApplicationGatewayBackendAddressPool resource | ApplicationGatewayBackendAddressPool[] |
| loadBalancerBackendAddressPools | Gets or sets the reference of LoadBalancerBackendAddressPool resource | BackendAddressPool[] |
| loadBalancerInboundNatRules | Gets or sets list of references of LoadBalancerInboundNatRules | InboundNatRule[] |
| primary | Gets whether this is a primary customer address on the NIC | bool |
| privateIPAddress | string | |
| privateIPAddressVersion | Gets or sets PrivateIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | string | |
| publicIPAddress | PublicIPAddress resource | PublicIPAddress |
| subnet | Subnet in a VirtualNetwork resource | Subnet |
NetworkInterfacePropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets DNS Settings in NetworkInterface | NetworkInterfaceDnsSettings |
| enableIPForwarding | Gets or sets whether IPForwarding is enabled on the NIC | bool |
| ipConfigurations | Gets or sets list of IPConfigurations of the NetworkInterface | NetworkInterfaceIPConfiguration[] |
| macAddress | Gets the MAC Address of the network interface | string |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| primary | Gets whether this is a primary NIC on a virtual machine | bool |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network interface resource | string |
| virtualMachine | Gets or sets the reference of a VirtualMachine | SubResource |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| defaultSecurityRules | Gets or sets Default security rules of network security group | SecurityRule[] |
| networkInterfaces | Gets collection of references to Network Interfaces | NetworkInterface[] |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network security group resource | string |
| securityRules | Gets or sets Security rules of network security group | SecurityRule[] |
| subnets | Gets collection of references to subnets | Subnet[] |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
| tags | Resource tags | ResourceTags |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
| ipAddress | string | |
| ipConfiguration | IPConfiguration | IPConfiguration |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| resourceGuid | Gets or sets resource GUID property of the PublicIP resource | string |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Route resource | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
| nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
RouteTable
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
| routes | Gets or sets Routes in a Route Table | Route[] |
| subnets | Gets collection of references to subnets | Subnet[] |
SecurityRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
| description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
| destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
| protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
| sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Subnet
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets Address prefix for the subnet. | string |
| ipConfigurations | Gets array of references to the network interface IP configurations using subnet | IPConfiguration[] |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Create a sandbox setup of Azure Firewall with Linux VMs | This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup of Azure Firewall with Zones | This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3. |
| Create an Azure Firewall with IpGroups | This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with multiple IP public addresses | This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
| Create sandbox of Azure Firewall, client VM, and server VM | This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
| Create SQL MI inside the new virtual network | Deploy Azure Sql Database Managed Instance (SQL MI) inside new Virtual Network. |
| Hyper-V Host Virtual Machine with nested VMs | Deploys a Virtual Machine to by a Hyper-V Host and all dependent resources including virtual network, public IP address and route tables. |
| Route table with routes | This template creates a Route Table with routes |
| Secured virtual hubs | This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
| Testing environment for Azure Firewall Premium | This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
| Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology | This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
ARM template resource definition
The routeTables resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/routeTables resource, add the following JSON to your template.
{
"type": "Microsoft.Network/routeTables",
"apiVersion": "2016-03-30",
"name": "string",
"etag": "string",
"location": "string",
"properties": {
"provisioningState": "string",
"routes": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"nextHopIpAddress": "string",
"nextHopType": "string",
"provisioningState": "string"
}
}
],
"subnets": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"addressPrefix": "string",
"ipConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipConfiguration": ...,
"provisioningState": "string",
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"resourceGuid": "string"
},
"tags": {
"{customized property}": "string"
}
},
"subnet": ...
}
}
],
"networkSecurityGroup": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"defaultSecurityRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationPortRange": "string",
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourcePortRange": "string"
}
}
],
"networkInterfaces": [
{
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"dnsSettings": {
"appliedDnsServers": [ "string" ],
"dnsServers": [ "string" ],
"internalDnsNameLabel": "string",
"internalDomainNameSuffix": "string",
"internalFqdn": "string"
},
"enableIPForwarding": "bool",
"ipConfigurations": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"applicationGatewayBackendAddressPools": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendAddresses": [
{
"fqdn": "string",
"ipAddress": "string"
}
],
"backendIPConfigurations": [
...
],
"provisioningState": "string"
}
}
],
"loadBalancerBackendAddressPools": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendIPConfigurations": [
...
],
"loadBalancingRules": [
{
"id": "string"
}
],
"outboundNatRule": {
"id": "string"
},
"provisioningState": "string"
}
}
],
"loadBalancerInboundNatRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"backendIPConfiguration": ...,
"backendPort": "int",
"enableFloatingIP": "bool",
"frontendIPConfiguration": {
"id": "string"
},
"frontendPort": "int",
"idleTimeoutInMinutes": "int",
"protocol": "string",
"provisioningState": "string"
}
}
],
"primary": "bool",
"privateIPAddress": "string",
"privateIPAddressVersion": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": {
"etag": "string",
"id": "string",
"location": "string",
"properties": {
"dnsSettings": {
"domainNameLabel": "string",
"fqdn": "string",
"reverseFqdn": "string"
},
"idleTimeoutInMinutes": "int",
"ipAddress": "string",
"ipConfiguration": {
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"privateIPAddress": "string",
"privateIPAllocationMethod": "string",
"provisioningState": "string",
"publicIPAddress": ...,
"subnet": ...
}
},
"provisioningState": "string",
"publicIPAddressVersion": "string",
"publicIPAllocationMethod": "string",
"resourceGuid": "string"
},
"tags": {
"{customized property}": "string"
}
},
"subnet": ...
}
}
],
"macAddress": "string",
"networkSecurityGroup": ...,
"primary": "bool",
"provisioningState": "string",
"resourceGuid": "string",
"virtualMachine": {
"id": "string"
}
},
"tags": {
"{customized property}": "string"
}
}
],
"provisioningState": "string",
"resourceGuid": "string",
"securityRules": [
{
"etag": "string",
"id": "string",
"name": "string",
"properties": {
"access": "string",
"description": "string",
"destinationAddressPrefix": "string",
"destinationPortRange": "string",
"direction": "string",
"priority": "int",
"protocol": "string",
"provisioningState": "string",
"sourceAddressPrefix": "string",
"sourcePortRange": "string"
}
}
],
"subnets": [
...
]
},
"tags": {
"{customized property}": "string"
}
},
"provisioningState": "string",
"routeTable": {
"etag": "string",
"id": "string",
"location": "string",
"properties": ...,
"tags": {
"{customized property}": "string"
}
}
}
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property values
ApplicationGatewayBackendAddress
| Name | Description | Value |
|---|---|---|
| fqdn | Gets or sets the dns name | string |
| ipAddress | Gets or sets the ip address | string |
ApplicationGatewayBackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Backend Address Pool of application gateway | ApplicationGatewayBackendAddressPoolPropertiesFormat |
ApplicationGatewayBackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendAddresses | Gets or sets the backend addresses | ApplicationGatewayBackendAddress[] |
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| provisioningState | Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed | string |
BackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| loadBalancingRules | Gets Load Balancing rules that use this Backend Address Pool | SubResource[] |
| outboundNatRule | Gets outbound rules that use this Backend Address Pool | SubResource |
| provisioningState | Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
InboundNatRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfiguration | Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP | NetworkInterfaceIPConfiguration |
| backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
| enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
| frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
| frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
| idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
| protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
IPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | IPConfigurationPropertiesFormat |
IPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
| subnet | Gets or sets the reference of the subnet resource | Subnet |
Microsoft.Network/routeTables
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2016-03-30' |
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.Network/routeTables' |
NetworkInterface
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | NetworkInterface properties. | NetworkInterfacePropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkInterfaceDnsSettings
| Name | Description | Value |
|---|---|---|
| appliedDnsServers | Gets or sets list of Applied DNS servers IP addresses | string[] |
| dnsServers | Gets or sets list of DNS servers IP addresses | string[] |
| internalDnsNameLabel | Gets or sets the Internal DNS name | string |
| internalDomainNameSuffix | Gets or sets internal domain name suffix of the NIC. | string |
| internalFqdn | Gets or sets the internal FQDN. | string |
NetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Gets or sets the reference of ApplicationGatewayBackendAddressPool resource | ApplicationGatewayBackendAddressPool[] |
| loadBalancerBackendAddressPools | Gets or sets the reference of LoadBalancerBackendAddressPool resource | BackendAddressPool[] |
| loadBalancerInboundNatRules | Gets or sets list of references of LoadBalancerInboundNatRules | InboundNatRule[] |
| primary | Gets whether this is a primary customer address on the NIC | bool |
| privateIPAddress | string | |
| privateIPAddressVersion | Gets or sets PrivateIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | string | |
| publicIPAddress | PublicIPAddress resource | PublicIPAddress |
| subnet | Subnet in a VirtualNetwork resource | Subnet |
NetworkInterfacePropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets DNS Settings in NetworkInterface | NetworkInterfaceDnsSettings |
| enableIPForwarding | Gets or sets whether IPForwarding is enabled on the NIC | bool |
| ipConfigurations | Gets or sets list of IPConfigurations of the NetworkInterface | NetworkInterfaceIPConfiguration[] |
| macAddress | Gets the MAC Address of the network interface | string |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| primary | Gets whether this is a primary NIC on a virtual machine | bool |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network interface resource | string |
| virtualMachine | Gets or sets the reference of a VirtualMachine | SubResource |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| defaultSecurityRules | Gets or sets Default security rules of network security group | SecurityRule[] |
| networkInterfaces | Gets collection of references to Network Interfaces | NetworkInterface[] |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network security group resource | string |
| securityRules | Gets or sets Security rules of network security group | SecurityRule[] |
| subnets | Gets collection of references to subnets | Subnet[] |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
| tags | Resource tags | ResourceTags |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
| ipAddress | string | |
| ipConfiguration | IPConfiguration | IPConfiguration |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| resourceGuid | Gets or sets resource GUID property of the PublicIP resource | string |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Route resource | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
| nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
RouteTable
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
| routes | Gets or sets Routes in a Route Table | Route[] |
| subnets | Gets collection of references to subnets | Subnet[] |
SecurityRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
| description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
| destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
| protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
| sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Subnet
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets Address prefix for the subnet. | string |
| ipConfigurations | Gets array of references to the network interface IP configurations using subnet | IPConfiguration[] |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Create a Firewall with FirewallPolicy and IpGroups |
This template creates an Azure Firewall with FirewalllPolicy referencing Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create a Firewall, FirewallPolicy with Explicit Proxy |
This template creates an Azure Firewall, FirewalllPolicy with Explicit Proxy and Network Rules with IpGroups. Also, includes a Linux Jumpbox vm setup |
| Create a sandbox setup of Azure Firewall with Linux VMs |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses, 1 sample application rule, 1 sample network rule and default private ranges |
| Create a sandbox setup of Azure Firewall with Zones |
This template creates a virtual network with three subnets (server subnet, jumpbox subnet, and Azure Firewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the ServerSubnet,an Azure Firewall with one or more Public IP addresses, one sample application rule, and one sample network rule and Azure Firewall in Availability Zones 1, 2, and 3. |
| Create a sandbox setup with Firewall Policy |
This template creates a virtual network with 3 subnets (server subnet, jumpbox subet and AzureFirewall subnet), a jumpbox VM with public IP, A server VM, UDR route to point to Azure Firewall for the Server Subnet and an Azure Firewall with 1 or more Public IP addresses. Also creates a Firewall policy with 1 sample application rule, 1 sample network rule and default private ranges |
| Create an Azure Firewall sandbox with forced tunneling |
This template creates an Azure Firewall sandbox (Linux) with one firewall force tunneled through another firewall in a peered VNET |
| Create an Azure Firewall with IpGroups |
This template creates an Azure Firewall with Application and Network Rules referring to IP Groups. Also, includes a Linux Jumpbox vm setup |
| Create an Azure Firewall with multiple IP public addresses |
This template creates an Azure Firewall with two public IP addresses and two Windows Server 2019 servers to test. |
| Create sandbox of Azure Firewall, client VM, and server VM |
This template creates a virtual network with 2 subnets (server subnet and AzureFirewall subnet), A server VM, a client VM, a public IP address for each VM, and a route table to send traffic between VMs through the firewall. |
| Create SQL MI inside the new virtual network |
Deploy Azure Sql Database Managed Instance (SQL MI) inside new Virtual Network. |
| Create SQL MI with configured sending of logs and metrics |
This template allows you to deploy SQL MI and additional resources used for storing logs and metrics (diagnostic workspace, storage account, event hub). |
| Create SQL MI with jumpbox inside new virtual network |
Deploy Azure Sql Database Managed Instance (SQL MI) and JumpBox with SSMS inside new Virtual Network. |
| Create SQL MI with point-to-site connection configured |
Deploy Azure Sql Database Managed Instance (SQL MI) and Virtual network gateway configured for point-to-site connection inside the new virtual network. |
| Deploy Azure Data Explorer cluster into your VNet |
This template allows you deploy a cluster into your VNet. |
| Environment required to deploy Azure SQL Managed Instance |
This template allows you to create an environment required to deploy Azure SQL Managed Instance - Virtual Network with two subnets. |
| Hyper-V Host Virtual Machine with nested VMs |
Deploys a Virtual Machine to by a Hyper-V Host and all dependent resources including virtual network, public IP address and route tables. |
| IPv6 in Azure Virtual Network (VNET) |
Create a dual stack IPv4/IPv6 VNET with 2 VMs. |
| IPv6 in Azure Virtual Network (VNET) with Std LB |
Create a dual stack IPv4/IPv6 VNET with 2 VMs and an Internet-facing Standard Load Balancer. |
| Route table with routes |
This template creates a Route Table with routes |
| Secured virtual hubs |
This template creates a secured virtual hub using Azure Firewall to secure your cloud network traffic destined to the Internet. |
| Testing environment for Azure Firewall Premium |
This template creates an Azure Firewall Premium and Firewall Policy with premium features such as Intrusion Inspection Detection (IDPS), TLS inspection and Web Category filtering |
| Use Azure Firewall as a DNS Proxy in a Hub & Spoke topology |
This sample show how to deploy a hub-spoke topology in Azure using the Azure Firewall. The hub virtual network acts as a central point of connectivity to many spoke virtual networks that are connected to hub virtual network via virtual network peering. |
| User defined routes and Appliance |
This template deploys a Virtual Network, VMs in respective subnets and routes to direct traffic to the appliance |
| VNS3 network appliance for cloud connectivity and security |
VNS3 is a software only virtual appliance that provides the combined features and functions of a security appliance, application delivery controller and unified threat management device at the cloud application edge. Key benefits, on top of cloud networking, always on end to end encryption, federate data centres, cloud regions, cloud providers, and/or containers, creating one unified address space, attestable control over encryption keys, meshed network manageable at scale, reliable HA in the cloud, isolate sensitive applications (fast low cost Network Segmentation), segmentation within applications, Analysis of all data in motion in the cloud. Key network functions; virtual router, switch, firewall, vpn concentrator, multicast distributor, with plugins for WAF, NIDS, caching, proxy, load balancers and other layer 4 thru 7 network functions, VNS3 doesn't require new knowledge or training to implement, so you can integrate with existing network equipment. |
Terraform (AzAPI provider) resource definition
The routeTables resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Network/routeTables resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Network/routeTables@2016-03-30"
name = "string"
etag = "string"
location = "string"
body = jsonencode({
properties = {
provisioningState = "string"
routes = [
{
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
nextHopIpAddress = "string"
nextHopType = "string"
provisioningState = "string"
}
}
]
subnets = [
{
etag = "string"
id = "string"
name = "string"
properties = {
addressPrefix = "string"
ipConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = {
etag = "string"
id = "string"
location = "string"
properties = {
dnsSettings = {
domainNameLabel = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipConfiguration = ...
provisioningState = "string"
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
resourceGuid = "string"
}
tags = {
{customized property} = "string"
}
}
subnet = ...
}
}
]
networkSecurityGroup = {
etag = "string"
id = "string"
location = "string"
properties = {
defaultSecurityRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationPortRange = "string"
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourcePortRange = "string"
}
}
]
networkInterfaces = [
{
etag = "string"
id = "string"
location = "string"
properties = {
dnsSettings = {
appliedDnsServers = [
"string"
]
dnsServers = [
"string"
]
internalDnsNameLabel = "string"
internalDomainNameSuffix = "string"
internalFqdn = "string"
}
enableIPForwarding = bool
ipConfigurations = [
{
etag = "string"
id = "string"
name = "string"
properties = {
applicationGatewayBackendAddressPools = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendAddresses = [
{
fqdn = "string"
ipAddress = "string"
}
]
backendIPConfigurations = [
...
]
provisioningState = "string"
}
}
]
loadBalancerBackendAddressPools = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendIPConfigurations = [
...
]
loadBalancingRules = [
{
id = "string"
}
]
outboundNatRule = {
id = "string"
}
provisioningState = "string"
}
}
]
loadBalancerInboundNatRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
backendIPConfiguration = ...
backendPort = int
enableFloatingIP = bool
frontendIPConfiguration = {
id = "string"
}
frontendPort = int
idleTimeoutInMinutes = int
protocol = "string"
provisioningState = "string"
}
}
]
primary = bool
privateIPAddress = "string"
privateIPAddressVersion = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = {
etag = "string"
id = "string"
location = "string"
properties = {
dnsSettings = {
domainNameLabel = "string"
fqdn = "string"
reverseFqdn = "string"
}
idleTimeoutInMinutes = int
ipAddress = "string"
ipConfiguration = {
etag = "string"
id = "string"
name = "string"
properties = {
privateIPAddress = "string"
privateIPAllocationMethod = "string"
provisioningState = "string"
publicIPAddress = ...
subnet = ...
}
}
provisioningState = "string"
publicIPAddressVersion = "string"
publicIPAllocationMethod = "string"
resourceGuid = "string"
}
tags = {
{customized property} = "string"
}
}
subnet = ...
}
}
]
macAddress = "string"
networkSecurityGroup = ...
primary = bool
provisioningState = "string"
resourceGuid = "string"
virtualMachine = {
id = "string"
}
}
tags = {
{customized property} = "string"
}
}
]
provisioningState = "string"
resourceGuid = "string"
securityRules = [
{
etag = "string"
id = "string"
name = "string"
properties = {
access = "string"
description = "string"
destinationAddressPrefix = "string"
destinationPortRange = "string"
direction = "string"
priority = int
protocol = "string"
provisioningState = "string"
sourceAddressPrefix = "string"
sourcePortRange = "string"
}
}
]
subnets = [
...
]
}
tags = {
{customized property} = "string"
}
}
provisioningState = "string"
routeTable = {
etag = "string"
id = "string"
location = "string"
properties = ...
tags = {
{customized property} = "string"
}
}
}
}
]
}
})
tags = {
{customized property} = "string"
}
}
Property values
ApplicationGatewayBackendAddress
| Name | Description | Value |
|---|---|---|
| fqdn | Gets or sets the dns name | string |
| ipAddress | Gets or sets the ip address | string |
ApplicationGatewayBackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Backend Address Pool of application gateway | ApplicationGatewayBackendAddressPoolPropertiesFormat |
ApplicationGatewayBackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendAddresses | Gets or sets the backend addresses | ApplicationGatewayBackendAddress[] |
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| provisioningState | Gets or sets Provisioning state of the backend address pool resource Updating/Deleting/Failed | string |
BackendAddressPool
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of BackendAddressPool | BackendAddressPoolPropertiesFormat |
BackendAddressPoolPropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfigurations | Gets collection of references to IPs defined in NICs | NetworkInterfaceIPConfiguration[] |
| loadBalancingRules | Gets Load Balancing rules that use this Backend Address Pool | SubResource[] |
| outboundNatRule | Gets outbound rules that use this Backend Address Pool | SubResource |
| provisioningState | Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
InboundNatRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of Inbound NAT rule | InboundNatRulePropertiesFormat |
InboundNatRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| backendIPConfiguration | Gets or sets a reference to a private ip address defined on a NetworkInterface of a VM. Traffic sent to frontendPort of each of the frontendIPConfigurations is forwarded to the backed IP | NetworkInterfaceIPConfiguration |
| backendPort | Gets or sets a port used for internal connections on the endpoint. The localPort attribute maps the eternal port of the endpoint to an internal port on a role. This is useful in scenarios where a role must communicate to an internal component on a port that is different from the one that is exposed externally. If not specified, the value of localPort is the same as the port attribute. Set the value of localPort to '*' to automatically assign an unallocated port that is discoverable using the runtime API | int |
| enableFloatingIP | Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn availability Group. This setting is required when using the SQL Always ON availability Groups in SQL server. This setting can't be changed after you create the endpoint | bool |
| frontendIPConfiguration | Gets or sets a reference to frontend IP Addresses | SubResource |
| frontendPort | Gets or sets the port for the external endpoint. You can specify any port number you choose, but the port numbers specified for each role in the service must be unique. Possible values range between 1 and 65535, inclusive | int |
| idleTimeoutInMinutes | Gets or sets the timeout for the Tcp idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to Tcp | int |
| protocol | Gets or sets the transport protocol for the external endpoint. Possible values are Udp or Tcp | 'Tcp' 'Udp' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
IPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | IPConfigurationPropertiesFormat |
IPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| privateIPAddress | Gets or sets the privateIPAddress of the IP Configuration | string |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddress | Gets or sets the reference of the PublicIP resource | PublicIPAddress |
| subnet | Gets or sets the reference of the subnet resource | Subnet |
Microsoft.Network/routeTables
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| location | Resource location | string |
| name | The resource name | string (required) |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.Network/routeTables@2016-03-30" |
NetworkInterface
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | NetworkInterface properties. | NetworkInterfacePropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkInterfaceDnsSettings
| Name | Description | Value |
|---|---|---|
| appliedDnsServers | Gets or sets list of Applied DNS servers IP addresses | string[] |
| dnsServers | Gets or sets list of DNS servers IP addresses | string[] |
| internalDnsNameLabel | Gets or sets the Internal DNS name | string |
| internalDomainNameSuffix | Gets or sets internal domain name suffix of the NIC. | string |
| internalFqdn | Gets or sets the internal FQDN. | string |
NetworkInterfaceIPConfiguration
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Properties of IPConfiguration | NetworkInterfaceIPConfigurationPropertiesFormat |
NetworkInterfaceIPConfigurationPropertiesFormat
| Name | Description | Value |
|---|---|---|
| applicationGatewayBackendAddressPools | Gets or sets the reference of ApplicationGatewayBackendAddressPool resource | ApplicationGatewayBackendAddressPool[] |
| loadBalancerBackendAddressPools | Gets or sets the reference of LoadBalancerBackendAddressPool resource | BackendAddressPool[] |
| loadBalancerInboundNatRules | Gets or sets list of references of LoadBalancerInboundNatRules | InboundNatRule[] |
| primary | Gets whether this is a primary customer address on the NIC | bool |
| privateIPAddress | string | |
| privateIPAddressVersion | Gets or sets PrivateIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| privateIPAllocationMethod | Gets or sets PrivateIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| provisioningState | string | |
| publicIPAddress | PublicIPAddress resource | PublicIPAddress |
| subnet | Subnet in a VirtualNetwork resource | Subnet |
NetworkInterfacePropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets DNS Settings in NetworkInterface | NetworkInterfaceDnsSettings |
| enableIPForwarding | Gets or sets whether IPForwarding is enabled on the NIC | bool |
| ipConfigurations | Gets or sets list of IPConfigurations of the NetworkInterface | NetworkInterfaceIPConfiguration[] |
| macAddress | Gets the MAC Address of the network interface | string |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| primary | Gets whether this is a primary NIC on a virtual machine | bool |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network interface resource | string |
| virtualMachine | Gets or sets the reference of a VirtualMachine | SubResource |
NetworkSecurityGroup
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Network Security Group resource | NetworkSecurityGroupPropertiesFormat |
| tags | Resource tags | ResourceTags |
NetworkSecurityGroupPropertiesFormat
| Name | Description | Value |
|---|---|---|
| defaultSecurityRules | Gets or sets Default security rules of network security group | SecurityRule[] |
| networkInterfaces | Gets collection of references to Network Interfaces | NetworkInterface[] |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| resourceGuid | Gets or sets resource GUID property of the network security group resource | string |
| securityRules | Gets or sets Security rules of network security group | SecurityRule[] |
| subnets | Gets collection of references to subnets | Subnet[] |
PublicIPAddress
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | PublicIpAddress properties | PublicIPAddressPropertiesFormat |
| tags | Resource tags | ResourceTags |
PublicIPAddressDnsSettings
| Name | Description | Value |
|---|---|---|
| domainNameLabel | Gets or sets the Domain name label.The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. | string |
| fqdn | Gets the FQDN, Fully qualified domain name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. | string |
| reverseFqdn | Gets or Sets the Reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. | string |
PublicIPAddressPropertiesFormat
| Name | Description | Value |
|---|---|---|
| dnsSettings | Gets or sets FQDN of the DNS record associated with the public IP address | PublicIPAddressDnsSettings |
| idleTimeoutInMinutes | Gets or sets the idle timeout of the public IP address | int |
| ipAddress | string | |
| ipConfiguration | IPConfiguration | IPConfiguration |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| publicIPAddressVersion | Gets or sets PublicIP address version (IPv4/IPv6) | 'IPv4' 'IPv6' |
| publicIPAllocationMethod | Gets or sets PublicIP allocation method (Static/Dynamic) | 'Dynamic' 'Static' |
| resourceGuid | Gets or sets resource GUID property of the PublicIP resource | string |
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
ResourceTags
| Name | Description | Value |
|---|
Route
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | Route resource | RoutePropertiesFormat |
RoutePropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets the destination CIDR to which the route applies. | string |
| nextHopIpAddress | Gets or sets the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance. | string |
| nextHopType | Gets or sets the type of Azure hop the packet should be sent to. | 'Internet' 'None' 'VirtualAppliance' 'VirtualNetworkGateway' 'VnetLocal' (required) |
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
RouteTable
| Name | Description | Value |
|---|---|---|
| etag | Gets a unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| location | Resource location | string |
| properties | Route Table resource | RouteTablePropertiesFormat |
| tags | Resource tags | ResourceTags |
RouteTablePropertiesFormat
| Name | Description | Value |
|---|---|---|
| provisioningState | Gets or sets Provisioning state of the resource Updating/Deleting/Failed | string |
| routes | Gets or sets Routes in a Route Table | Route[] |
| subnets | Gets collection of references to subnets | Subnet[] |
SecurityRule
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SecurityRulePropertiesFormat |
SecurityRulePropertiesFormat
| Name | Description | Value |
|---|---|---|
| access | Gets or sets network traffic is allowed or denied. Possible values are 'Allow' and 'Deny' | 'Allow' 'Deny' (required) |
| description | Gets or sets a description for this rule. Restricted to 140 chars. | string |
| destinationAddressPrefix | Gets or sets destination address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string (required) |
| destinationPortRange | Gets or sets Destination Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| direction | Gets or sets the direction of the rule.InBound or Outbound. The direction specifies if rule will be evaluated on incoming or outgoing traffic. | 'Inbound' 'Outbound' (required) |
| priority | Gets or sets the priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int |
| protocol | Gets or sets Network protocol this rule applies to. Can be Tcp, Udp or All(*). | '*' 'Tcp' 'Udp' (required) |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| sourceAddressPrefix | Gets or sets source address prefix. CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string (required) |
| sourcePortRange | Gets or sets Source Port or Range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
Subnet
| Name | Description | Value |
|---|---|---|
| etag | A unique read-only string that changes whenever the resource is updated | string |
| id | Resource Id | string |
| name | Gets name of the resource that is unique within a resource group. This name can be used to access the resource | string |
| properties | SubnetPropertiesFormat |
SubnetPropertiesFormat
| Name | Description | Value |
|---|---|---|
| addressPrefix | Gets or sets Address prefix for the subnet. | string |
| ipConfigurations | Gets array of references to the network interface IP configurations using subnet | IPConfiguration[] |
| networkSecurityGroup | Gets or sets the reference of the NetworkSecurityGroup resource | NetworkSecurityGroup |
| provisioningState | Gets or sets Provisioning state of the PublicIP resource Updating/Deleting/Failed | string |
| routeTable | Gets or sets the reference of the RouteTable resource | RouteTable |
SubResource
| Name | Description | Value |
|---|---|---|
| id | Resource Id | string |