New-CmAzIaasFirewalls

Creates multiple firewalls and policies

Completes the following:

  • Creates firewall polices.
  • Creates firewalls.
  • Creates firewall subnet.

This command forms part of the IaaS Building Block.

Parameters

-SettingsFile

Required. (String) File path for the settings file to be converted into a settings object.

-SettingsObject

Required. (Object) Object containing the configuration values required to run this cmdlet.

-TagSettingsFile

Required. (String) File path for the tag settings file to be converted into a tag settings object.

-WhatIf

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

-Confirm

(Switch) Run the command without executing any actions, so that no changes are made. The command will output a description of actions to be performed against the affected resources in the console window. Use this option if you are unsure of the overall impact of your command and wish to review it before committing to making changes.

Usage

Example 1

1
New-CmAzIaasFirewalls -settingsFile "firewalls.yml"

Example 2

1
New-CmAzIaasFirewalls -settingsObject $firewalls

Settings

Beta documentation
The following schema documentation is automatically generated as part of a recent roadmap task. There may be inaccuracies or incomplete information while we flush out bugs; please refer to the packed project settings examples where necessary.

Settings Root.

Component

component [string | null]

Value to determine what cmdlet should be dynamically loaded for these settings.

Service

service [object | null]

Contains dependency and publish details for service location.

Dependencies

dependencies [object | null]

Contains dependency details for service location.

ResourceGroup

resourceGroup [string | null]

Dependency value to fetch existing resource type.

Vnet

vnet [string | null]

Global default dependency value to fetch existing resource type.

Publish

publish [object | null]

Contains publish details for service location.

Firewall

firewall [string | null]

FirewallPolicy

firewallPolicy [string | null]

Global default value to publish on deployed resource type.

Firewalls

firewalls [array | null]

Container for Firewalls configuration details.

Name

name [string]

Becomes part of firewall name.

zones

zones [array | null]

A list of availability zones.

FirewallSubnetPrefix

firewallSubnetPrefix [string | null]

Used to populate AzureFirewallSubnet cidr value.

sku

sku [string]

Firewall Sku.

Valid values:"Standard" , "Premium"

Service

service [object | null]

Contains dependency and publish details for service location.

Dependencies

dependencies [object | null]

Contains dependency details for service location.

Vnet

vnet [string | null]

Local overriding dependency value to fetch existing resource type.

FirewallPolicy

firewallPolicy [string | null]

Local overriding dependency value to fetch existing resource type.

Publish

publish [object | null]

Contains publish details for service location.

Firewall

firewall [string | null]

Local overriding value to publish on deployed existing resource type.

FirewallPolicies

firewallPolicies [array | null]

Container for configuration details of Firewall Policies.

Name

name [string]

Becomes part of private endpoint name.

Location

location [string | null]

Location to deploy resource.

sku

sku [string]

Firewall Sku

Valid values:"Standard" , "Premium"

RuleCollectionGroupsSettingFiles

ruleCollectionGroupsSettingFiles [array | null]

Path to files containing firewall rules.

ruleCollectionGroups

ruleCollectionGroups [array | null]

Container for configuration details of rules to added to Firewall Policy.

Name

name [string]

Name of rule collection group.

priority

priority [number]

Priority of rule collection.

ruleCollections

ruleCollections [array | null]

Collection of firewall rules.

name

name [string]

Name of rule collection.

type

type [string]

Type of rule collection.

Valid values:"dnat" , "network" , "application"

priority

priority [integer]

Priority of rule collection.

rules

rules [array]

ThreatIntelMode

threatIntelMode [string | null]

Operation mode for Threat Intelligence.

Valid values:"Alert" , "Deny" , "Off" , ""

threatIntelWhitelist

threatIntelWhitelist [object | null]

IpAddresses

ipAddresses [array | null]

Contains white listed Ip addresses.

Fqdns

fqdns [array | null]

Contains white listed Fqdns.

dnsSettings

dnsSettings [object | null]

Contains dependency and publish details for service location.

Servers

servers [array | null]

Contains list of DNS servers.

EnableProxy

enableProxy [boolean | null]

Configurs Azure Firewall to act as a DNS proxy.

Service

service [object | null]

Contains dependency and publish details for service location.

Dependencies

dependencies [object | null]

Contains dependency details for service location.

Vnet

vnet [string | null]

Local overriding dependency value to fetch existing resource type.

ResourceGroup

resourceGroup [string | null]

Local overriding dependency value to fetch existing resource type.

BaseFirewallPolicy

baseFirewallPolicy [string | null]

Local overriding dependency value to fetch existing resource type.

Publish

publish [object | null]

Contains publish details for service location.

FirewallPolicy

firewallPolicy [string | null]

Local overriding value to publish on deployed existing resource type.

Examples

The following example files are automatically generated from the settings file schema definition to show how the specification can be used in practise. Cloudmarque can accept both JSON and YAML parameter files.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{
  "component": "string",
  "service": {
    "dependencies": {
      "resourceGroup": "string",
      "vnet": "string"
    },
    "publish": {
      "firewall": "string",
      "firewallPolicy": "string"
    }
  },
  "firewalls": [
    {
      "name": "string",
      "zones": [

      ],
      "firewallSubnetPrefix": "string",
      "sku": "Standard",
      "service": {
        "dependencies": {
          "vnet": "string",
          "firewallPolicy": "string"
        },
        "publish": {
          "firewall": "string"
        }
      }
    }
  ],
  "firewallPolicies": [
    {
      "name": "string",
      "location": "string",
      "sku": "Standard",
      "ruleCollectionGroupsSettingFiles": [

      ],
      "ruleCollectionGroups": [
        {
          "name": "string",
          "priority": 0.0,
          "ruleCollections": [
            {
              "name": "string",
              "type": "dnat",
              "priority": 0,
              "rules": [

              ]
            }
          ]
        }
      ],
      "threatIntelMode": "Alert",
      "threatIntelWhitelist": {
        "ipAddresses": [

        ],
        "fqdns": [

        ]
      },
      "dnsSettings": {
        "servers": [

        ],
        "enableProxy": "boolean"
      },
      "service": {
        "dependencies": {
          "vnet": "string",
          "resourceGroup": "string",
          "baseFirewallPolicy": "string"
        },
        "publish": {
          "firewallPolicy": "string"
        }
      }
    }
  ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
component: "string"    # Optional
service:     # Optional
  dependencies:     # Optional
    resourceGroup: "string"    # Optional
    vnet: "string"    # Optional
  publish:     # Optional
    firewall: "string"    # Optional
    firewallPolicy: "string"    # Optional
firewalls:     # Optional
  - name: "string"    # Mandatory
    zones:     # Optional
      -     firewallSubnetPrefix: "string"    # Optional
    sku: "Standard"    # Mandatory
    service:     # Optional
      dependencies:     # Optional
        vnet: "string"    # Optional
        firewallPolicy: "string"    # Optional
      publish:     # Optional
        firewall: "string"    # Optional
firewallPolicies:     # Optional
  - name: "string"    # Mandatory
    location: "string"    # Mandatory
    sku: "Standard"    # Mandatory
    ruleCollectionGroupsSettingFiles:     # Optional
      -     ruleCollectionGroups:     # Optional
      - name: "string"    # Mandatory
        priority: 0.0    # Mandatory
        ruleCollections:     # Optional
          - name: "string"    # Mandatory
            type: "dnat"    # Mandatory
            priority: 0    # Mandatory
            rules:     # Mandatory
              -     threatIntelMode: "Alert"    # Optional
    threatIntelWhitelist:     # Optional
      ipAddresses:     # Optional
        -       fqdns:     # Optional
        -     dnsSettings:     # Optional
      servers:     # Optional
        -       enableProxy: "boolean"    # Optional
    service:     # Optional
      dependencies:     # Optional
        vnet: "string"    # Optional
        resourceGroup: "string"    # Optional
        baseFirewallPolicy: "string"    # Optional
      publish:     # Optional
        firewallPolicy: "string"    # Optional