Azure · lirenhe · Nov 27, 2019 · Nov 20, 2019 · Nov 20, 2019 · Nov 21, 2019
diff --git a/...on/network/resource-manager/Microsoft.Network/stable/2019-11-01/availableDelegations.json b/...on/network/resource-manager/Microsoft.Network/stable/2019-11-01/availableDelegations.json
@@ -169,7 +169,7 @@
           "items": {
             "type": "string"
           },
-          "description": "Describes the actions permitted to the service upon delegation."
+          "description": "The actions permitted to the service upon delegation."
         }
       },
       "description": "The serviceName of an AvailableDelegation indicates a possible delegation for a subnet."

diff --git a/...ification/network/resource-manager/Microsoft.Network/stable/2019-11-01/azureFirewall.json b/...ification/network/resource-manager/Microsoft.Network/stable/2019-11-01/azureFirewall.json
@@ -141,6 +141,9 @@
           },
           "Get Azure Firewall With Additional Properties": {
             "$ref": "./examples/AzureFirewallGetWithAdditionalProperties.json"
+          },
+          "Get Azure Firewall With IpGroups": {
+            "$ref": "./examples/AzureFirewallGetWithIpGroups.json"
           }
         }
       },
@@ -213,6 +216,9 @@
           },
           "Create Azure Firewall With Additional Properties": {
             "$ref": "./examples/AzureFirewallPutWithAdditionalProperties.json"
+          },
+          "Create Azure Firewall With IpGroups": {
+            "$ref": "./examples/AzureFirewallPutWithIpGroups.json"
           }
         },
         "x-ms-long-running-operation": true,
@@ -421,6 +427,21 @@
       },
       "description": "Public IP Address associated with azure firewall."
     },
+    "AzureFirewallIpGroups": {
+      "properties": {
+        "id": {
+          "type": "string",
+          "readOnly": true,
+          "description": "Resource ID."
+        },
+        "changeNumber": {
+          "type": "string",
+          "readOnly": true,
+          "description": "The iteration number."
+        }
+      },
+      "description": "IpGroups associated with azure firewall."
+    },
     "HubIPAddresses": {
       "properties": {
         "publicIPAddresses": {
@@ -437,6 +458,13 @@
       },
       "description": "IP addresses associated with azure firewall."
     },
+    "IpGroups": {
+      "type": "array",
+      "description": "List of IpGroups associated with azure firewall.",
+      "items": {
+        "$ref": "#/definitions/AzureFirewallIpGroups"
+      }
+    },
     "AzureFirewallPropertiesFormat": {
       "properties": {
         "applicationRuleCollections": {
@@ -489,6 +517,11 @@
           "description": "IP addresses associated with AzureFirewall.",
           "$ref": "#/definitions/HubIPAddresses"
         },
+        "ipGroups": {
+          "readOnly": true,
+          "description": "IpGroups associated with AzureFirewall.",
+          "$ref": "#/definitions/IpGroups"
+        },
         "sku": {
           "description": "The Azure Firewall Resource SKU.",
           "$ref": "#/definitions/AzureFirewallSku"

diff --git a/...twork/resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGet.json b/...twork/resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGet.json
@@ -168,6 +168,7 @@
               }
             }
           ],
+          "ipGroups": [],
           "additionalProperties": {}
         }
       }

diff --git a/...ce-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGetWithIpGroups.json b/...ce-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGetWithIpGroups.json
@@ -0,0 +1,189 @@
+{
+  "parameters": {
+    "api-version": "2019-11-01",
+    "subscriptionId": "subid",
+    "resourceGroupName": "rg1",
+    "azureFirewallName": "azurefirewall"
+  },
+  "responses": {
+    "200": {
+      "body": {
+        "name": "azurefirewall",
+        "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewall",
+        "type": "Microsoft.Network/azureFirewalls",
+        "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
+        "location": "West US",
+        "zones": [],
+        "tags": {
+          "key1": "value1"
+        },
+        "properties": {
+          "provisioningState": "Succeeded",
+          "sku": {
+            "name": "AZFW_VNet",
+            "tier": "Standard"
+          },
+          "threatIntelMode": "Alert",
+          "ipConfigurations": [
+            {
+              "name": "azureFirewallIpConfiguration",
+              "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/azureFirewalls/azurefirewallgw/ipConfigurations/azureFirewallIpConfiguration",
+              "etag": "w/\\00000000-0000-0000-0000-000000000000\\",
+              "properties": {
+                "provisioningState": "Succeeded",
+                "privateIPAddress": "10.0.0.0",
+                "subnet": {
+                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/virtualNetworks/vnet2/subnets/AzureFirewallSubnet"
+                },
+                "publicIPAddress": {
+                  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pipName"
+                }
+              }
+            }
+          ],
+          "applicationRuleCollections": [
+            {
+              "name": "apprulecoll",
+              "properties": {
+                "priority": 110,
+                "action": {
+                  "type": "Deny"
+                },
+                "rules": [
+                  {
+                    "name": "rule1",
+                    "description": "Deny inbound rule",
+                    "protocols": [
+                      {
+                        "protocolType": "Https",
+                        "port": 443
+                      }
+                    ],
+                    "targetFqdns": [
+                      "www.test.com"
+                    ],
+                    "sourceIpGroups": [
+                      "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups1"
+                    ]
+                  }
+                ]
+              }
+            }
+          ],
+          "natRuleCollections": [
+            {
+              "name": "natrulecoll",
+              "properties": {
+                "priority": 112,
+                "action": {
+                  "type": "Dnat"
+                },
+                "rules": [
+                  {
+                    "name": "DNAT-HTTPS-traffic",
+                    "description": "D-NAT all outbound web traffic for inspection",
+                    "sourceAddresses": [
+                      "*"
+                    ],
+                    "destinationAddresses": [
+                      "1.2.3.4"
+                    ],
+                    "destinationPorts": [
+                      "443"
+                    ],
+                    "protocols": [
+                      "TCP"
+                    ],
+                    "translatedAddress": "1.2.3.5",
+                    "translatedPort": "8443"
+                  },
+                  {
+                    "name": "DNAT-HTTP-traffic-With-FQDN",
+                    "description": "D-NAT all inbound web traffic for inspection",
+                    "sourceIpGroups": [
+                      "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups1"
+                    ],
+                    "destinationAddresses": [
+                      "1.2.3.4"
+                    ],
+                    "destinationPorts": [
+                      "80"
+                    ],
+                    "protocols": [
+                      "TCP"
+                    ],
+                    "translatedFqdn": "internalhttpserver",
+                    "translatedPort": "880"
+                  }
+                ]
+              }
+            }
+          ],
+          "networkRuleCollections": [
+            {
+              "name": "netrulecoll",
+              "properties": {
+                "priority": 112,
+                "action": {
+                  "type": "Deny"
+                },
+                "rules": [
+                  {
+                    "name": "L4-traffic",
+                    "description": "Block traffic based on source IPs and ports",
+                    "sourceAddresses": [
+                      "192.168.1.1-192.168.1.12",
+                      "10.1.4.12-10.1.4.255"
+                    ],
+                    "destinationPorts": [
+                      "443-444",
+                      "8443"
+                    ],
+                    "destinationIpGroups": [
+                      "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups2"
+                    ],
+                    "protocols": [
+                      "TCP"
+                    ]
+                  },
+                  {
+                    "name": "L4-traffic-with-FQDN",
+                    "description": "Block traffic based on source IPs and ports to amazon",
+                    "sourceIpGroups": [
+                      "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups3"
+                    ],
+                    "destinationPorts": [
+                      "443-444",
+                      "8443"
+                    ],
+                    "destinationFqdns": [
+                      "www.amazon.com"
+                    ],
+                    "protocols": [
+                      "TCP"
+                    ]
+                  }
+                ]
+              }
+            }
+          ],
+          "ipGroups": [
+            {
+              "id": "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups1",
+              "changeNumber": "5"
+            },
+            {
+              "id": "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups2",
+              "changeNumber": "4"
+            },
+            {
+              "id": "/subscriptions/subId/providers/Microsoft.Network/resourceGroup/myResourceGroup/ipGroups/ipGroups3",
+              "changeNumber": "1"
+            }
+          ],
+          "additionalProperties": {}
+        }
+      }
+    }
+  }
+}
diff --git a/...ource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGetWithZones.json b/...ource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallGetWithZones.json
@@ -172,6 +172,7 @@
               }
             }
           ],
+          "ipGroups": [],
           "additionalProperties": {}
         }
       }

diff --git a/...anager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallListByResourceGroup.json b/...anager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallListByResourceGroup.json
@@ -165,6 +165,7 @@
                   }
                 }
               ],
+              "ipGroups": [],
               "additionalProperties": {
                 "key1": "value1",
                 "key2": "value2"

diff --git a/...manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallListBySubscription.json b/...manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallListBySubscription.json
@@ -164,6 +164,7 @@
                   }
                 }
               ],
+              "ipGroups": [],
               "additionalProperties": {
                 "key1": "value1",
                 "key2": "value2"

diff --git a/...twork/resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallPut.json b/...twork/resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallPut.json
@@ -322,6 +322,7 @@
               }
             }
           ],
+          "ipGroups": [],
           "additionalProperties": {}
         }
       }

diff --git a/.../resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallPutInHub.json b/.../resource-manager/Microsoft.Network/stable/2019-11-01/examples/AzureFirewallPutInHub.json
@@ -94,6 +94,7 @@
             ],
             "privateIPAddress": "10.0.0.0"
           },
+          "ipGroups": [],
           "additionalProperties": {}
         }
       }

diff --git a/...icrosoft.Network/stable/2019-11-01/examples/AzureFirewallPutWithAdditionalProperties.json b/...icrosoft.Network/stable/2019-11-01/examples/AzureFirewallPutWithAdditionalProperties.json
@@ -156,6 +156,7 @@
             }
           }
         ],
+        "ipGroups": [],
         "additionalProperties": {
           "key1": "value1",
           "key2": "value2"
-Original file line number
+Diff line change
@@ Expand Up / @@ -168,6 +168,7 @@ @@
                   }
                 }
               ],
+              "ipGroups": [],
               "additionalProperties": {}
             }
           }
@@ Expand Down @@