Skip to content

Commit 9dcba8f

Browse files
fanymaneadsgouda
fanymanea
authored and
dsgouda
committed
Azure Firewall NAT Rule Collection (#3745)
* NAT Rule Collections for Azure Firewall * Update examples to include the new NAT Rule Collection * Shorten the NAT RC Properties name and mark etag read-only * Add NAT Rule Collection to Azure Firewall properties * Fix all <<a Azure>> in helper messages
1 parent 59a73c0 commit 9dcba8f

File tree

5 files changed

+326
-28
lines changed

5 files changed

+326
-28
lines changed

specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/azureFirewall.json

Lines changed: 134 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@
111111
],
112112
"responses":{
113113
"200":{
114-
"description":"Request successful. The operation returns a AzureFirewall resource.",
114+
"description":"Request successful. The operation returns an AzureFirewall resource.",
115115
"schema":{
116116
"$ref":"#/definitions/AzureFirewall"
117117
}
@@ -290,6 +290,7 @@
290290
},
291291
"etag":{
292292
"type":"string",
293+
"readOnly": true,
293294
"description":"A unique read-only string that changes whenever the resource is updated."
294295
}
295296
},
@@ -307,14 +308,21 @@
307308
"items":{
308309
"$ref":"#/definitions/AzureFirewallApplicationRuleCollection"
309310
},
310-
"description":"Collection of application rule collections used by a Azure Firewall."
311+
"description":"Collection of application rule collections used by Azure Firewall."
312+
},
313+
"natRuleCollections":{
314+
"type":"array",
315+
"items":{
316+
"$ref":"#/definitions/AzureFirewallNatRuleCollection"
317+
},
318+
"description":"Collection of NAT rule collections used by Azure Firewall."
311319
},
312320
"networkRuleCollections":{
313321
"type":"array",
314322
"items":{
315323
"$ref":"#/definitions/AzureFirewallNetworkRuleCollection"
316324
},
317-
"description":"Collection of network rule collections used by a Azure Firewall."
325+
"description":"Collection of network rule collections used by Azure Firewall."
318326
},
319327
"ipConfigurations":{
320328
"type":"array",
@@ -356,7 +364,7 @@
356364
"items":{
357365
"$ref":"#/definitions/AzureFirewall"
358366
},
359-
"description":"List of a Azure Firewalls in a resource group."
367+
"description":"List of Azure Firewalls in a resource group."
360368
},
361369
"nextLink":{
362370
"type":"string",
@@ -476,6 +484,128 @@
476484
},
477485
"description":"Properties of an application rule."
478486
},
487+
"AzureFirewallNatRuleCollectionProperties": {
488+
"properties":{
489+
"priority":{
490+
"type":"integer",
491+
"format":"int32",
492+
"maximum":65000,
493+
"exclusiveMaximum":false,
494+
"minimum":100,
495+
"exclusiveMinimum":false,
496+
"description":"Priority of the NAT rule collection resource."
497+
},
498+
"action":{
499+
"$ref":"#/definitions/AzureFirewallNatRCAction",
500+
"description":"The action type of a NAT rule collection"
501+
},
502+
"rules":{
503+
"type":"array",
504+
"items":{
505+
"$ref":"#/definitions/AzureFirewallNatRule"
506+
},
507+
"description":"Collection of rules used by a NAT rule collection."
508+
},
509+
"provisioningState":{
510+
"description":"The provisioning state of the resource.",
511+
"$ref":"#/definitions/ProvisioningState"
512+
}
513+
},
514+
"description":"Properties of the NAT rule collection."
515+
},
516+
"AzureFirewallNatRuleCollection":{
517+
"properties":{
518+
"properties":{
519+
"x-ms-client-flatten":true,
520+
"$ref":"#/definitions/AzureFirewallNatRuleCollectionProperties"
521+
},
522+
"name":{
523+
"type":"string",
524+
"description":"Gets name of the resource that is unique within a resource group. This name can be used to access the resource."
525+
},
526+
"etag":{
527+
"type":"string",
528+
"readOnly":true,
529+
"description":"Gets a unique read-only string that changes whenever the resource is updated."
530+
}
531+
},
532+
"allOf":[
533+
{
534+
"$ref":"./network.json#/definitions/SubResource"
535+
}
536+
],
537+
"description":"NAT rule collection resource"
538+
},
539+
"AzureFirewallNatRule":{
540+
"properties":{
541+
"name":{
542+
"type":"string",
543+
"description":"Name of the NAT rule."
544+
},
545+
"description":{
546+
"type":"string",
547+
"description":"Description of the rule."
548+
},
549+
"sourceAddresses":{
550+
"type":"array",
551+
"description":"List of source IP addresses for this rule.",
552+
"items":{
553+
"type":"string"
554+
}
555+
},
556+
"destinationAddresses":{
557+
"type":"array",
558+
"description":"List of destination IP addresses for this rule.",
559+
"items":{
560+
"type":"string"
561+
}
562+
},
563+
"destinationPorts":{
564+
"type":"array",
565+
"description":"List of destination ports.",
566+
"items":{
567+
"type":"string"
568+
}
569+
},
570+
"protocols":{
571+
"type":"array",
572+
"items":{
573+
"$ref":"#/definitions/AzureFirewallNetworkRuleProtocol"
574+
},
575+
"description":"Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule."
576+
},
577+
"translatedAddress":{
578+
"type":"string",
579+
"description":"The translated address for this NAT rule."
580+
},
581+
"translatedPort":{
582+
"type":"string",
583+
"description":"The translated port for this NAT rule."
584+
}
585+
},
586+
"description":"Properties of a NAT rule."
587+
},
588+
"AzureFirewallNatRCAction":{
589+
"properties":{
590+
"type":{
591+
"description":"The type of action.",
592+
"$ref":"#/definitions/AzureFirewallNatRCActionType"
593+
}
594+
},
595+
"description":"AzureFirewall NAT Rule Collection Action."
596+
},
597+
"AzureFirewallNatRCActionType":{
598+
"type":"string",
599+
"description":"The action type of a NAT rule collection",
600+
"enum":[
601+
"Snat",
602+
"Dnat"
603+
],
604+
"x-ms-enum":{
605+
"name":"AzureFirewallNatRCActionType",
606+
"modelAsString":true
607+
}
608+
},
479609
"AzureFirewallNetworkRuleCollectionPropertiesFormat":{
480610
"properties":{
481611
"priority":{

specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallGet.json

Lines changed: 32 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,35 @@
6363
}
6464
}
6565
],
66+
"natRuleCollections":[
67+
{
68+
"name":"natrulecoll",
69+
"properties":{
70+
"priority":112,
71+
"action":"Dnat",
72+
"rules":[
73+
{
74+
"name":"DNAT-HTTPS-traffic",
75+
"description":"D-NAT all outbound web traffic for inspection",
76+
"sourceAddresses":[
77+
"*"
78+
],
79+
"destinationAddresses":[
80+
"1.2.3.4"
81+
],
82+
"destinationPorts":[
83+
"443"
84+
],
85+
"protocols":[
86+
"TCP"
87+
],
88+
"translatedAddress": "1.2.3.5",
89+
"translatedPort": "8443"
90+
}
91+
]
92+
}
93+
}
94+
],
6695
"networkRuleCollections":[
6796
{
6897
"name":"netrulecoll",
@@ -71,8 +100,8 @@
71100
"action":"Deny",
72101
"rules":[
73102
{
74-
"name":"D-NAT-web-traffic",
75-
"description":"D-NAT all outbound web traffic for inspection",
103+
"name":"L4-traffic",
104+
"description":"Block traffic based on source IPs and ports",
76105
"sourceAddresses":[
77106
"192.168.1.1-192.168.1.12",
78107
"10.1.4.12-10.1.4.255"
@@ -85,8 +114,7 @@
85114
"*"
86115
],
87116
"protocols":[
88-
"TCP",
89-
"ICMP"
117+
"TCP"
90118
]
91119
}
92120
]

specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallListByResourceGroup.json

Lines changed: 32 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,35 @@
6464
}
6565
}
6666
],
67+
"natRuleCollections":[
68+
{
69+
"name":"natrulecoll",
70+
"properties":{
71+
"priority":112,
72+
"action":"Dnat",
73+
"rules":[
74+
{
75+
"name":"DNAT-HTTPS-traffic",
76+
"description":"D-NAT all outbound web traffic for inspection",
77+
"sourceAddresses":[
78+
"*"
79+
],
80+
"destinationAddresses":[
81+
"1.2.3.4"
82+
],
83+
"destinationPorts":[
84+
"443"
85+
],
86+
"protocols":[
87+
"TCP"
88+
],
89+
"translatedAddress": "1.2.3.5",
90+
"translatedPort": "8443"
91+
}
92+
]
93+
}
94+
}
95+
],
6796
"networkRuleCollections":[
6897
{
6998
"name":"netrulecoll",
@@ -72,8 +101,8 @@
72101
"action":"Deny",
73102
"rules":[
74103
{
75-
"name":"D-NAT-web-traffic",
76-
"description":"D-NAT all outbound web traffic for inspection",
104+
"name":"L4-traffic",
105+
"description":"Block traffic based on source IPs and ports",
77106
"sourceAddresses":[
78107
"192.168.1.1-192.168.1.12",
79108
"10.1.4.12-10.1.4.255"
@@ -86,8 +115,7 @@
86115
"*"
87116
],
88117
"protocols":[
89-
"TCP",
90-
"ICMP"
118+
"TCP"
91119
]
92120
}
93121
]

specification/network/resource-manager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallListBySubscription.json

Lines changed: 32 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,35 @@
6363
}
6464
}
6565
],
66+
"natRuleCollections":[
67+
{
68+
"name":"natrulecoll",
69+
"properties":{
70+
"priority":112,
71+
"action":"Dnat",
72+
"rules":[
73+
{
74+
"name":"DNAT-HTTPS-traffic",
75+
"description":"D-NAT all outbound web traffic for inspection",
76+
"sourceAddresses":[
77+
"*"
78+
],
79+
"destinationAddresses":[
80+
"1.2.3.4"
81+
],
82+
"destinationPorts":[
83+
"443"
84+
],
85+
"protocols":[
86+
"TCP"
87+
],
88+
"translatedAddress": "1.2.3.5",
89+
"translatedPort": "8443"
90+
}
91+
]
92+
}
93+
}
94+
],
6695
"networkRuleCollections":[
6796
{
6897
"name":"netrulecoll",
@@ -71,8 +100,8 @@
71100
"action":"Deny",
72101
"rules":[
73102
{
74-
"name":"D-NAT-web-traffic",
75-
"description":"D-NAT all outbound web traffic for inspection",
103+
"name":"L4-traffic",
104+
"description":"Block traffic based on source IPs and ports",
76105
"sourceAddresses":[
77106
"192.168.1.1-192.168.1.12",
78107
"10.1.4.12-10.1.4.255"
@@ -85,8 +114,7 @@
85114
"*"
86115
],
87116
"protocols":[
88-
"TCP",
89-
"ICMP"
117+
"TCP"
90118
]
91119
}
92120
]

0 commit comments

Comments
 (0)