Firewall Policy Rule Collection Group Drafts - Create Or Update

Create or Update Rule Collection Group Draft.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}/ruleCollectionGroupDrafts/default?api-version=2024-03-01

URI Parameters

Name In Required Type Description
firewallPolicyName
path True

string

The name of the Firewall Policy.

Regex pattern: ^[^_\W][\w-._]{0,79}(?<![-.])$

resourceGroupName
path True

string

The name of the resource group.

ruleCollectionGroupName
path True

string

The name of the FirewallPolicyRuleCollectionGroup.

Regex pattern: ^[^_\W][\w-._]{0,79}(?<![-.])$

subscriptionId
path True

string

The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Client API version.

Request Body

Name Type Description
id

string

Resource ID.

name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.

properties.priority

integer

Priority of the Firewall Policy Rule Collection Group resource.

properties.ruleCollections FirewallPolicyRuleCollection[]:

Group of Firewall Policy rule collections.

Responses

Name Type Description
200 OK

FirewallPolicyRuleCollectionGroupDraft

Request successful. The operation returns a Firewall Policy Rule Collection Group Draft resource.

201 Created

FirewallPolicyRuleCollectionGroupDraft

Request successful. The operation returns a Firewall Policy Rule Collection Group Draft resource.

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

create or update rule collection group draft

Sample request

PUT https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1/ruleCollectionGroupDrafts/default?api-version=2024-03-01

{
  "properties": {
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}

Sample response

{
  "name": "ruleCollectionGroup1",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy/ruleCollectionGroups/ruleCollectionGroup1",
  "properties": {
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}
{
  "name": "firewallPolicy",
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/firewallPolicies/firewallPolicy",
  "properties": {
    "priority": 100,
    "ruleCollections": [
      {
        "ruleCollectionType": "FirewallPolicyFilterRuleCollection",
        "name": "Example-Filter-Rule-Collection",
        "priority": 100,
        "action": {
          "type": "Deny"
        },
        "rules": [
          {
            "ruleType": "NetworkRule",
            "name": "network-rule1",
            "sourceAddresses": [
              "10.1.25.0/24"
            ],
            "destinationAddresses": [
              "*"
            ],
            "ipProtocols": [
              "TCP"
            ],
            "destinationPorts": [
              "*"
            ]
          }
        ]
      }
    ]
  }
}

Definitions

Name Description
ApplicationRule

Rule of type application.

CloudError

An error response from the service.

CloudErrorBody

An error response from the service.

FirewallPolicyFilterRuleCollection

Firewall Policy Filter Rule Collection.

FirewallPolicyFilterRuleCollectionAction

Properties of the FirewallPolicyFilterRuleCollectionAction.

FirewallPolicyFilterRuleCollectionActionType

The action type of a rule.

FirewallPolicyHttpHeaderToInsert

name and value of HTTP/S header to insert

FirewallPolicyNatRuleCollection

Firewall Policy NAT Rule Collection.

FirewallPolicyNatRuleCollectionAction

Properties of the FirewallPolicyNatRuleCollectionAction.

FirewallPolicyNatRuleCollectionActionType

The action type of a rule.

FirewallPolicyRuleApplicationProtocol

Properties of the application rule protocol.

FirewallPolicyRuleApplicationProtocolType

The application protocol type of a Rule.

FirewallPolicyRuleCollectionGroupDraft

Rule Collection Group resource.

FirewallPolicyRuleNetworkProtocol

The Network protocol of a Rule.

NatRule

Rule of type nat.

NetworkRule

Rule of type network.

ApplicationRule

Rule of type application.

Name Type Description
description

string

Description of the rule.

destinationAddresses

string[]

List of destination IP addresses or Service Tags.

fqdnTags

string[]

List of FQDN Tags for this rule.

httpHeadersToInsert

FirewallPolicyHttpHeaderToInsert[]

List of HTTP/S headers to insert.

name

string

Name of the rule.

protocols

FirewallPolicyRuleApplicationProtocol[]

Array of Application Protocols.

ruleType string:

ApplicationRule

Rule Type.

sourceAddresses

string[]

List of source IP addresses for this rule.

sourceIpGroups

string[]

List of source IpGroups for this rule.

targetFqdns

string[]

List of FQDNs for this rule.

targetUrls

string[]

List of Urls for this rule condition.

terminateTLS

boolean

Terminate TLS connections for this rule.

webCategories

string[]

List of destination azure web categories.

CloudError

An error response from the service.

Name Type Description
error

CloudErrorBody

Cloud error body.

CloudErrorBody

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

details

CloudErrorBody[]

A list of additional details about the error.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

FirewallPolicyFilterRuleCollection

Firewall Policy Filter Rule Collection.

Name Type Description
action

FirewallPolicyFilterRuleCollectionAction

The action type of a Filter rule collection.

name

string

The name of the rule collection.

priority

integer

Priority of the Firewall Policy Rule Collection resource.

ruleCollectionType string:

FirewallPolicyFilterRuleCollection

The type of the rule collection.

rules FirewallPolicyRule[]:

List of rules included in a rule collection.

FirewallPolicyFilterRuleCollectionAction

Properties of the FirewallPolicyFilterRuleCollectionAction.

Name Type Description
type

FirewallPolicyFilterRuleCollectionActionType

The type of action.

FirewallPolicyFilterRuleCollectionActionType

The action type of a rule.

Name Type Description
Allow

string

Deny

string

FirewallPolicyHttpHeaderToInsert

name and value of HTTP/S header to insert

Name Type Description
headerName

string

Contains the name of the header

headerValue

string

Contains the value of the header

FirewallPolicyNatRuleCollection

Firewall Policy NAT Rule Collection.

Name Type Description
action

FirewallPolicyNatRuleCollectionAction

The action type of a Nat rule collection.

name

string

The name of the rule collection.

priority

integer

Priority of the Firewall Policy Rule Collection resource.

ruleCollectionType string:

FirewallPolicyNatRuleCollection

The type of the rule collection.

rules FirewallPolicyRule[]:

List of rules included in a rule collection.

FirewallPolicyNatRuleCollectionAction

Properties of the FirewallPolicyNatRuleCollectionAction.

Name Type Description
type

FirewallPolicyNatRuleCollectionActionType

The type of action.

FirewallPolicyNatRuleCollectionActionType

The action type of a rule.

Name Type Description
DNAT

string

FirewallPolicyRuleApplicationProtocol

Properties of the application rule protocol.

Name Type Description
port

integer

Port number for the protocol, cannot be greater than 64000.

protocolType

FirewallPolicyRuleApplicationProtocolType

Protocol type.

FirewallPolicyRuleApplicationProtocolType

The application protocol type of a Rule.

Name Type Description
Http

string

Https

string

FirewallPolicyRuleCollectionGroupDraft

Rule Collection Group resource.

Name Type Description
id

string

Resource ID.

name

string

The name of the resource that is unique within a resource group. This name can be used to access the resource.

properties.priority

integer

Priority of the Firewall Policy Rule Collection Group resource.

properties.ruleCollections FirewallPolicyRuleCollection[]:

Group of Firewall Policy rule collections.

properties.size

string

A read-only string that represents the size of the FirewallPolicyRuleCollectionGroupProperties in MB. (ex 1.2MB)

type

string

Rule Group type.

FirewallPolicyRuleNetworkProtocol

The Network protocol of a Rule.

Name Type Description
Any

string

ICMP

string

TCP

string

UDP

string

NatRule

Rule of type nat.

Name Type Description
description

string

Description of the rule.

destinationAddresses

string[]

List of destination IP addresses or Service Tags.

destinationPorts

string[]

List of destination ports.

ipProtocols

FirewallPolicyRuleNetworkProtocol[]

Array of FirewallPolicyRuleNetworkProtocols.

name

string

Name of the rule.

ruleType string:

NatRule

Rule Type.

sourceAddresses

string[]

List of source IP addresses for this rule.

sourceIpGroups

string[]

List of source IpGroups for this rule.

translatedAddress

string

The translated address for this NAT rule.

translatedFqdn

string

The translated FQDN for this NAT rule.

translatedPort

string

The translated port for this NAT rule.

NetworkRule

Rule of type network.

Name Type Description
description

string

Description of the rule.

destinationAddresses

string[]

List of destination IP addresses or Service Tags.

destinationFqdns

string[]

List of destination FQDNs.

destinationIpGroups

string[]

List of destination IpGroups for this rule.

destinationPorts

string[]

List of destination ports.

ipProtocols

FirewallPolicyRuleNetworkProtocol[]

Array of FirewallPolicyRuleNetworkProtocols.

name

string

Name of the rule.

ruleType string:

NetworkRule

Rule Type.

sourceAddresses

string[]

List of source IP addresses for this rule.

sourceIpGroups

string[]

List of source IpGroups for this rule.