diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/azureFirewall.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/azureFirewall.json index 4623a3be5ed0..7f52f5cf6da0 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/azureFirewall.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/azureFirewall.json @@ -123,6 +123,9 @@ "x-ms-examples":{ "Get Azure Firewall":{ "$ref":"./examples/AzureFirewallGet.json" + }, + "Get Azure Firewall With Zones":{ + "$ref":"./examples/AzureFirewallGetWithZones.json" } } }, @@ -180,6 +183,9 @@ "x-ms-examples":{ "Create Azure Firewall":{ "$ref":"./examples/AzureFirewallPut.json" + }, + "Create Azure Firewall With Zones":{ + "$ref":"./examples/AzureFirewallPutWithZones.json" } }, "x-ms-long-running-operation": true, @@ -357,6 +363,13 @@ "$ref": "#/definitions/AzureFirewallPropertiesFormat", "description": "Properties of the azure firewall." }, + "zones":{ + "type":"array", + "items":{ + "type":"string" + }, + "description":"A list of availability zones denoting where the resource needs to come from." + }, "etag":{ "type":"string", "readOnly":true, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallFqdnTagsListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallFqdnTagsListBySubscription.json index 1671836a657e..f1eae4d01bb3 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallFqdnTagsListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallFqdnTagsListBySubscription.json @@ -13,6 +13,7 @@ "type":"Microsoft.Network/azureFirewallFqdnTags", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGet.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGet.json index ef078805abc2..bed97eb34bbb 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGet.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGet.json @@ -13,6 +13,7 @@ "type":"Microsoft.Network/azureFirewalls", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGetWithZones.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGetWithZones.json new file mode 100644 index 000000000000..93a55773b0d4 --- /dev/null +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallGetWithZones.json @@ -0,0 +1,136 @@ +{ + "parameters":{ + "api-version": "2019-04-01", + "subscriptionId":"subid", + "resourceGroupName":"rg1", + "azureFirewallName":"azurefirewall" + }, + "responses":{ + "200":{ + "body":{ + "name":"azurefirewall", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall", + "type":"Microsoft.Network/azureFirewalls", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "location":"West US 2", + "zones":["1","2","3"], + "tags":{ + "key1":"value1" + }, + "properties":{ + "provisioningState":"Succeeded", + "threatIntelMode": "Alert", + "ipConfigurations":[ + { + "name":"azureFirewallIpConfiguration", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallIpConfiguration", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "properties":{ + "provisioningState":"Succeeded", + "privateIPAddress":"10.0.0.0", + "subnet":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet" + }, + "publicIPAddress":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName" + } + } + } + ], + "applicationRuleCollections":[ + { + "name":"apprulecoll", + "properties":{ + "priority":110, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"rule1", + "description":"Deny inbound rule", + "protocols":[ + { + "protocolType":"Https", + "port":443 + } + ], + "targetFqdns":[ + "www.test.com" + ], + "sourceAddresses":[ + "216.58.216.164", + "10.0.0.0/24" + ] + } + ] + } + } + ], + "natRuleCollections":[ + { + "name":"natrulecoll", + "properties":{ + "priority":112, + "action":{ + "type":"Dnat" + }, + "rules":[ + { + "name":"DNAT-HTTPS-traffic", + "description":"D-NAT all outbound web traffic for inspection", + "sourceAddresses":[ + "*" + ], + "destinationAddresses":[ + "1.2.3.4" + ], + "destinationPorts":[ + "443" + ], + "protocols":[ + "TCP" + ], + "translatedAddress": "1.2.3.5", + "translatedPort": "8443" + } + ] + } + } + ], + "networkRuleCollections":[ + { + "name":"netrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"L4-traffic", + "description":"Block traffic based on source IPs and ports", + "sourceAddresses":[ + "192.168.1.1-192.168.1.12", + "10.1.4.12-10.1.4.255" + ], + "destinationPorts":[ + "443-444", + "8443" + ], + "destinationAddresses":[ + "*" + ], + "protocols":[ + "TCP" + ] + } + ] + } + } + ] + } + } + } + } +} diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListByResourceGroup.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListByResourceGroup.json index 010540fc9b60..1971776f8d6e 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListByResourceGroup.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListByResourceGroup.json @@ -14,6 +14,7 @@ "type":"Microsoft.Network/azureFirewalls", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListBySubscription.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListBySubscription.json index f7fa80df8334..7387f843aaa2 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListBySubscription.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallListBySubscription.json @@ -13,6 +13,7 @@ "type":"Microsoft.Network/azureFirewalls", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPut.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPut.json index 504406760452..2906ce15b016 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPut.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPut.json @@ -8,6 +8,8 @@ "tags":{ "key1":"value1" }, + "location":"West US", + "zones":[], "properties":{ "threatIntelMode": "Alert", "ipConfigurations":[ @@ -126,6 +128,7 @@ "type":"Microsoft.Network/azureFirewalls", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, @@ -251,6 +254,7 @@ "type":"Microsoft.Network/azureFirewalls", "etag":"w/\\00000000-0000-0000-0000-000000000000\\", "location":"West US", + "zones":[], "tags":{ "key1":"value1" }, diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPutWithZones.json b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPutWithZones.json new file mode 100644 index 000000000000..5ea2c95f2252 --- /dev/null +++ b/specification/network/resource-manager/Microsoft.Network/stable/2019-04-01/examples/AzureFirewallPutWithZones.json @@ -0,0 +1,377 @@ +{ + "parameters":{ + "api-version": "2019-04-01", + "subscriptionId":"subid", + "resourceGroupName":"rg1", + "azureFirewallName":"azurefirewall", + "parameters":{ + "tags":{ + "key1":"value1" + }, + "location":"West US 2", + "zones":["1","2","3"], + "properties":{ + "threatIntelMode": "Alert", + "ipConfigurations":[ + { + "name":"azureFirewallIpConfiguration", + "properties":{ + "subnet":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet" + }, + "publicIPAddress":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName" + } + } + } + ], + "applicationRuleCollections":[ + { + "name":"apprulecoll", + "properties":{ + "priority":110, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"rule1", + "description":"Deny inbound rule", + "protocols":[ + { + "protocolType":"Https", + "port":443 + } + ], + "targetFqdns":[ + "www.test.com" + ], + "sourceAddresses":[ + "216.58.216.164", + "10.0.0.0/24" + ] + } + ] + } + } + ], + "natRuleCollections":[ + { + "name":"natrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Dnat" + }, + "rules":[ + { + "name":"DNAT-HTTPS-traffic", + "description":"D-NAT all outbound web traffic for inspection", + "sourceAddresses":[ + "*" + ], + "destinationAddresses":[ + "1.2.3.4" + ], + "destinationPorts":[ + "443" + ], + "protocols":[ + "TCP" + ], + "translatedAddress": "1.2.3.5", + "translatedPort": "8443" + } + ] + } + } + ], + "networkRuleCollections":[ + { + "name":"netrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"L4-traffic", + "description":"Block traffic based on source IPs and ports", + "sourceAddresses":[ + "192.168.1.1-192.168.1.12", + "10.1.4.12-10.1.4.255" + ], + "destinationPorts":[ + "443-444", + "8443" + ], + "destinationAddresses":[ + "*" + ], + "protocols":[ + "TCP" + ] + } + ] + } + } + ] + } + } + }, + "responses":{ + "200":{ + "body":{ + "name":"azurefirewall", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall", + "type":"Microsoft.Network/azureFirewalls", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "location":"West US 2", + "zones":["1","2","3"], + "tags":{ + "key1":"value1" + }, + "properties":{ + "provisioningState":"Succeeded", + "threatIntelMode": "Alert", + "ipConfigurations":[ + { + "name":"azureFirewallIpConfiguration", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "properties":{ + "provisioningState":"Succeeded", + "privateIPAddress":"10.0.0.0", + "subnet":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet" + }, + "publicIPAddress":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName" + } + } + } + ], + "applicationRuleCollections":[ + { + "name":"apprulecoll", + "properties":{ + "priority":110, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"rule1", + "description":"Deny inbound rule", + "protocols":[ + { + "protocolType":"Https", + "port":443 + } + ], + "targetFqdns":[ + "www.test.com" + ], + "sourceAddresses":[ + "216.58.216.164", + "10.0.0.0/24" + ] + } + ] + } + } + ], + "natRuleCollections":[ + { + "name":"natrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Dnat" + }, + "rules":[ + { + "name":"DNAT-HTTPS-traffic", + "description":"D-NAT all outbound web traffic for inspection", + "sourceAddresses":[ + "*" + ], + "destinationAddresses":[ + "1.2.3.4" + ], + "destinationPorts":[ + "443" + ], + "protocols":[ + "TCP" + ], + "translatedAddress": "1.2.3.5", + "translatedPort": "8443" + } + ] + } + } + ], + "networkRuleCollections":[ + { + "name":"netrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"L4-traffic", + "description":"Block traffic based on source IPs and ports", + "sourceAddresses":[ + "192.168.1.1-192.168.1.12", + "10.1.4.12-10.1.4.255" + ], + "destinationPorts":[ + "443-444", + "8443" + ], + "destinationAddresses":[ + "*" + ], + "protocols":[ + "TCP" + ] + } + ] + } + } + ] + } + } + }, + "201":{ + "body":{ + "name":"azurefirewall", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall", + "type":"Microsoft.Network/azureFirewalls", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "location":"West US 2", + "zones":["1","2","3"], + "tags":{ + "key1":"value1" + }, + "properties":{ + "provisioningState":"Succeeded", + "threatIntelMode": "Alert", + "ipConfigurations":[ + { + "name":"azureFirewallIpConfiguration", + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azfirewallgw/ipConfigurations/azureFirewallIpConfiguration", + "etag":"w/\\00000000-0000-0000-0000-000000000000\\", + "properties":{ + "provisioningState":"Succeeded", + "privateIPAddress":"10.0.0.0", + "subnet":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet" + }, + "publicIPAddress":{ + "id":"/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName" + } + } + } + ], + "applicationRuleCollections":[ + { + "name":"apprulecoll", + "properties":{ + "priority":110, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"rule1", + "description":"Deny inbound rule", + "protocols":[ + { + "protocolType":"Https", + "port":443 + } + ], + "targetFqdns":[ + "www.test.com" + ], + "sourceAddresses":[ + "216.58.216.164", + "10.0.0.0/24" + ] + } + ] + } + } + ], + "natRuleCollections":[ + { + "name":"natrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Dnat" + }, + "rules":[ + { + "name":"DNAT-HTTPS-traffic", + "description":"D-NAT all outbound web traffic for inspection", + "sourceAddresses":[ + "*" + ], + "destinationAddresses":[ + "1.2.3.4" + ], + "destinationPorts":[ + "443" + ], + "protocols":[ + "TCP" + ], + "translatedAddress": "1.2.3.5", + "translatedPort": "8443" + } + ] + } + } + ], + "networkRuleCollections":[ + { + "name":"netrulecoll", + "properties":{ + "priority":112, + "action":{ + "type": "Deny" + }, + "rules":[ + { + "name":"L4-traffic", + "description":"Block traffic based on source IPs and ports", + "sourceAddresses":[ + "192.168.1.1-192.168.1.12", + "10.1.4.12-10.1.4.255" + ], + "destinationPorts":[ + "443-444", + "8443" + ], + "destinationAddresses":[ + "*" + ], + "protocols":[ + "TCP" + ] + } + ] + } + } + ] + } + } + } + } +}