Skip to content

Commit

Permalink
Azure Firewall NAT Rule Collection (#3745)
Browse files Browse the repository at this point in the history 
* NAT Rule Collections for Azure Firewall

* Update examples to include the new NAT Rule Collection

* Shorten the NAT RC Properties name and mark etag read-only

* Add NAT Rule Collection to Azure Firewall properties

* Fix all <<a Azure>> in helper messages
  • Loading branch information
@fanymanea @dsgouda
fanymanea authored and dsgouda committed Aug 30, 2018
1 parent 59a73c0 commit 9dcba8f
Show file tree
Hide file tree
Showing 5 changed files with 326 additions and 28 deletions.
138 changes: 134 additions & 4 deletions ...ification/network/resource-manager/Microsoft.Network/stable/2018-08-01/azureFirewall.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@
],
"responses":{
"200":{
"description":"Request successful. The operation returns a AzureFirewall resource.",
"description":"Request successful. The operation returns an AzureFirewall resource.",
"schema":{
"$ref":"#/definitions/AzureFirewall"
}
Expand Down Expand Up @@ -290,6 +290,7 @@
},
"etag":{
"type":"string",
"readOnly": true,
"description":"A unique read-only string that changes whenever the resource is updated."
}
},
Expand All @@ -307,14 +308,21 @@
"items":{
"$ref":"#/definitions/AzureFirewallApplicationRuleCollection"
},
"description":"Collection of application rule collections used by a Azure Firewall."
"description":"Collection of application rule collections used by Azure Firewall."
},
"natRuleCollections":{
"type":"array",
"items":{
"$ref":"#/definitions/AzureFirewallNatRuleCollection"
},
"description":"Collection of NAT rule collections used by Azure Firewall."
},
"networkRuleCollections":{
"type":"array",
"items":{
"$ref":"#/definitions/AzureFirewallNetworkRuleCollection"
},
"description":"Collection of network rule collections used by a Azure Firewall."
"description":"Collection of network rule collections used by Azure Firewall."
},
"ipConfigurations":{
"type":"array",
Expand Down Expand Up @@ -356,7 +364,7 @@
"items":{
"$ref":"#/definitions/AzureFirewall"
},
"description":"List of a Azure Firewalls in a resource group."
"description":"List of Azure Firewalls in a resource group."
},
"nextLink":{
"type":"string",
Expand Down Expand Up @@ -476,6 +484,128 @@
},
"description":"Properties of an application rule."
},
"AzureFirewallNatRuleCollectionProperties": {
"properties":{
"priority":{
"type":"integer",
"format":"int32",
"maximum":65000,
"exclusiveMaximum":false,
"minimum":100,
"exclusiveMinimum":false,
"description":"Priority of the NAT rule collection resource."
},
"action":{
"$ref":"#/definitions/AzureFirewallNatRCAction",
"description":"The action type of a NAT rule collection"
},
"rules":{
"type":"array",
"items":{
"$ref":"#/definitions/AzureFirewallNatRule"
},
"description":"Collection of rules used by a NAT rule collection."
},
"provisioningState":{
"description":"The provisioning state of the resource.",
"$ref":"#/definitions/ProvisioningState"
}
},
"description":"Properties of the NAT rule collection."
},
"AzureFirewallNatRuleCollection":{
"properties":{
"properties":{
"x-ms-client-flatten":true,
"$ref":"#/definitions/AzureFirewallNatRuleCollectionProperties"
},
"name":{
"type":"string",
"description":"Gets name of the resource that is unique within a resource group. This name can be used to access the resource."
},
"etag":{
"type":"string",
"readOnly":true,
"description":"Gets a unique read-only string that changes whenever the resource is updated."
}
},
"allOf":[
{
"$ref":"./network.json#/definitions/SubResource"
}
],
"description":"NAT rule collection resource"
},
"AzureFirewallNatRule":{
"properties":{
"name":{
"type":"string",
"description":"Name of the NAT rule."
},
"description":{
"type":"string",
"description":"Description of the rule."
},
"sourceAddresses":{
"type":"array",
"description":"List of source IP addresses for this rule.",
"items":{
"type":"string"
}
},
"destinationAddresses":{
"type":"array",
"description":"List of destination IP addresses for this rule.",
"items":{
"type":"string"
}
},
"destinationPorts":{
"type":"array",
"description":"List of destination ports.",
"items":{
"type":"string"
}
},
"protocols":{
"type":"array",
"items":{
"$ref":"#/definitions/AzureFirewallNetworkRuleProtocol"
},
"description":"Array of AzureFirewallNetworkRuleProtocols applicable to this NAT rule."
},
"translatedAddress":{
"type":"string",
"description":"The translated address for this NAT rule."
},
"translatedPort":{
"type":"string",
"description":"The translated port for this NAT rule."
}
},
"description":"Properties of a NAT rule."
},
"AzureFirewallNatRCAction":{
"properties":{
"type":{
"description":"The type of action.",
"$ref":"#/definitions/AzureFirewallNatRCActionType"
}
},
"description":"AzureFirewall NAT Rule Collection Action."
},
"AzureFirewallNatRCActionType":{
"type":"string",
"description":"The action type of a NAT rule collection",
"enum":[
"Snat",
"Dnat"
],
"x-ms-enum":{
"name":"AzureFirewallNatRCActionType",
"modelAsString":true
}
},
"AzureFirewallNetworkRuleCollectionPropertiesFormat":{
"properties":{
"priority":{
Expand Down
36 changes: 32 additions & 4 deletions ...twork/resource-manager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallGet.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,35 @@
}
}
],
"natRuleCollections":[
{
"name":"natrulecoll",
"properties":{
"priority":112,
"action":"Dnat",
"rules":[
{
"name":"DNAT-HTTPS-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"sourceAddresses":[
"*"
],
"destinationAddresses":[
"1.2.3.4"
],
"destinationPorts":[
"443"
],
"protocols":[
"TCP"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections":[
{
"name":"netrulecoll",
Expand All @@ -71,8 +100,8 @@
"action":"Deny",
"rules":[
{
"name":"D-NAT-web-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"name":"L4-traffic",
"description":"Block traffic based on source IPs and ports",
"sourceAddresses":[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
Expand All @@ -85,8 +114,7 @@
"*"
],
"protocols":[
"TCP",
"ICMP"
"TCP"
]
}
]
Expand Down
36 changes: 32 additions & 4 deletions ...anager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallListByResourceGroup.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,35 @@
}
}
],
"natRuleCollections":[
{
"name":"natrulecoll",
"properties":{
"priority":112,
"action":"Dnat",
"rules":[
{
"name":"DNAT-HTTPS-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"sourceAddresses":[
"*"
],
"destinationAddresses":[
"1.2.3.4"
],
"destinationPorts":[
"443"
],
"protocols":[
"TCP"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections":[
{
"name":"netrulecoll",
Expand All @@ -72,8 +101,8 @@
"action":"Deny",
"rules":[
{
"name":"D-NAT-web-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"name":"L4-traffic",
"description":"Block traffic based on source IPs and ports",
"sourceAddresses":[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
Expand All @@ -86,8 +115,7 @@
"*"
],
"protocols":[
"TCP",
"ICMP"
"TCP"
]
}
]
Expand Down
36 changes: 32 additions & 4 deletions ...manager/Microsoft.Network/stable/2018-08-01/examples/AzureFirewallListBySubscription.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,35 @@
}
}
],
"natRuleCollections":[
{
"name":"natrulecoll",
"properties":{
"priority":112,
"action":"Dnat",
"rules":[
{
"name":"DNAT-HTTPS-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"sourceAddresses":[
"*"
],
"destinationAddresses":[
"1.2.3.4"
],
"destinationPorts":[
"443"
],
"protocols":[
"TCP"
],
"translatedAddress": "1.2.3.5",
"translatedPort": "8443"
}
]
}
}
],
"networkRuleCollections":[
{
"name":"netrulecoll",
Expand All @@ -71,8 +100,8 @@
"action":"Deny",
"rules":[
{
"name":"D-NAT-web-traffic",
"description":"D-NAT all outbound web traffic for inspection",
"name":"L4-traffic",
"description":"Block traffic based on source IPs and ports",
"sourceAddresses":[
"192.168.1.1-192.168.1.12",
"10.1.4.12-10.1.4.255"
Expand All @@ -85,8 +114,7 @@
"*"
],
"protocols":[
"TCP",
"ICMP"
"TCP"
]
}
]
Expand Down
Loading

0 comments on commit 9dcba8f

Please sign in to comment.