diff --git a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/firewallPolicy.json b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/firewallPolicy.json index d53f891fc889..283b62426541 100644 --- a/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/firewallPolicy.json +++ b/specification/network/resource-manager/Microsoft.Network/stable/2020-06-01/firewallPolicy.json @@ -566,10 +566,6 @@ "type": "string", "readOnly": true, "description": "A unique read-only string that changes whenever the resource is updated." - }, - "identity": { - "$ref": "./network.json#/definitions/ManagedServiceIdentity", - "description": "The identity of the firewall policy." } }, "allOf": [ @@ -623,14 +619,6 @@ "description": "ThreatIntel Whitelist for Firewall Policy.", "$ref": "#/definitions/FirewallPolicyThreatIntelWhitelist" }, - "intrusionSystem": { - "description": "The configuration for Intrusion system.", - "$ref": "#/definitions/FirewallPolicyIntrusionSystem" - }, - "transportSecurity": { - "description": "TLS Configuration definition.", - "$ref": "#/definitions/FirewallPolicyTransportSecurity" - }, "dnsSettings": { "description": "DNS Proxy Settings definition.", "$ref": "#/definitions/DnsSettings" @@ -638,76 +626,6 @@ }, "description": "Firewall Policy definition." }, - "FirewallPolicyTransportSecurity": { - "properties": { - "certificateAuthority": { - "$ref": "#/definitions/FirewallPolicyCertificateAuthority", - "description": "The CA used for intermediate CA generation." - }, - "excludedDomains": { - "type": "array", - "items": { - "type": "string" - }, - "description": "List of domains which are excluded from TLS termination." - }, - "trustedRootCertificates": { - "type": "array", - "items": { - "$ref": "#/definitions/FirewallPolicyTrustedRootCertificate", - "description": "A list of certificates which are to be trusted by the firewall." - }, - "description": "Certificates which are to be trusted by the firewall." - } - }, - "description": "Configuration needed to perform TLS termination & initiation." - }, - "FirewallPolicyTrustedRootCertificate": { - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/FirewallPolicyTrustedRootCertificatePropertiesFormat", - "description": "Properties of the trusted root authorities." - }, - "name": { - "type": "string", - "description": "Name of the trusted root certificate that is unique within a firewall policy." - } - }, - "description": "Trusted Root certificates of a firewall policy." - }, - "FirewallPolicyTrustedRootCertificatePropertiesFormat": { - "properties": { - "keyVaultSecretId": { - "type": "string", - "description": "Secret Id of (base-64 encoded unencrypted pfx) the public certificate data stored in KeyVault." - } - }, - "description": "Trusted Root certificates properties for tls." - }, - "FirewallPolicyCertificateAuthority": { - "properties": { - "properties": { - "x-ms-client-flatten": true, - "$ref": "#/definitions/FirewallPolicyCertificateAuthorityPropertiesFormat", - "description": "Properties of the certificate authority." - }, - "name": { - "type": "string", - "description": "Name of the CA certificate." - } - }, - "description": "Trusted Root certificates properties for tls." - }, - "FirewallPolicyCertificateAuthorityPropertiesFormat": { - "properties": { - "keyVaultSecretId": { - "type": "string", - "description": "Secret Id of (base-64 encoded unencrypted pfx) 'Secret' or 'Certificate' object stored in KeyVault." - } - }, - "description": "Trusted Root certificates properties for tls." - }, "FirewallPolicyRuleCollectionGroup": { "properties": { "properties": { @@ -900,13 +818,6 @@ }, "description": "Array of Application Protocols." }, - "targetUrls": { - "type": "array", - "description": "List of Urls for this rule condition.", - "items": { - "type": "string" - } - }, "targetFqdns": { "type": "array", "description": "List of FQDNs for this rule.", @@ -927,10 +838,6 @@ "items": { "type": "string" } - }, - "terminateTLS": { - "type": "boolean", - "description": "Terminate TLS connections for this rule." } }, "description": "Rule of type application." @@ -1166,144 +1073,6 @@ }, "description": "Response for ListFirewallPolicyRuleCollectionGroups API service call." }, - "FirewallPolicyIntrusionSystem": { - "description": "Configuration for Intrusion system mode and rules.", - "properties": { - "mode": { - "type": "string", - "description": "The operation mode for Intrusion system mode.", - "enum": [ - "Off", - "Alert", - "Deny" - ], - "x-ms-enum": { - "name": "FirewallPolicyIntrusionSystemMode", - "modelAsString": true - } - }, - "configuration": { - "description": "The intrusion system configuration properties.", - "$ref": "#/definitions/FirewallPolicyIntrusionSystemConfiguration" - } - } - }, - "FirewallPolicyIntrusionSystemConfiguration": { - "description": "The operation for configuring intrusion system.", - "properties": { - "rules": { - "type": "array", - "description": "List of specific rules states.", - "items": { - "$ref": "#/definitions/FirewallPolicyIntrusionSystemRuleSpecifications" - } - }, - "ignoredTraffic": { - "type": "array", - "description": "List of rules for traffic to ignore.", - "items": { - "$ref": "#/definitions/FirewallPolicyIntrusionSystemIgnoredTrafficSpecifications" - } - }, - "allowChildPolicyToIgnoreTraffic": { - "type": "boolean", - "description": "Boolean indicating whether child policies are allowed to have ignoredTraffic." - } - } - }, - "FirewallPolicyIntrusionSystemRuleSpecifications": { - "properties": { - "ruleId": { - "type": "string", - "description": "Rule id (sid)." - }, - "state": { - "$ref": "#/definitions/FirewallPolicyIntrusionSystemStateOptions", - "description": "The rule state." - } - }, - "description": "Intrusion system rules specification states." - }, - "FirewallPolicyIntrusionSystemStateOptions": { - "type": "string", - "description": "Possible rule state values.", - "enum": [ - "Off", - "Alert", - "Deny" - ], - "x-ms-enum": { - "name": "FirewallPolicyIntrusionSystemStateType", - "modelAsString": true - } - }, - "FirewallPolicyIntrusionSystemIgnoredTrafficSpecifications": { - "properties": { - "name": { - "type": "string", - "description": "Name of the ignored traffic rule." - }, - "description": { - "type": "string", - "description": "Description of the ignored traffic rule." - }, - "protocol": { - "type": "string", - "$ref": "#/definitions/FirewallPolicyIntrusionSystemIgnoredTrafficProtocol", - "description": "The FirewallPolicyIntrusionSystemIgnoredTrafficProtocol." - }, - "sourceAddresses": { - "type": "array", - "description": "List of source IP addresses or ranges for this rule.", - "items": { - "type": "string" - } - }, - "destinationAddresses": { - "type": "array", - "description": "List of destination IP addresses or ranges for this rule.", - "items": { - "type": "string" - } - }, - "destinationPorts": { - "type": "array", - "description": "List of destination ports or ranges.", - "items": { - "type": "string" - } - }, - "sourceIpGroups": { - "type": "array", - "description": "List of source IpGroups for this rule.", - "items": { - "type": "string" - } - }, - "destinationIpGroups": { - "type": "array", - "description": "List of destination IpGroups for this rule.", - "items": { - "type": "string" - } - } - }, - "description": "Intrusion system ignored traffic specification." - }, - "FirewallPolicyIntrusionSystemIgnoredTrafficProtocol": { - "type": "string", - "description": "Possible intrusion system ignored traffic protocols.", - "enum": [ - "TCP", - "UDP", - "ICMP", - "ANY" - ], - "x-ms-enum": { - "name": "FirewallPolicyIntrusionSystemProtocol", - "modelAsString": true - } - }, "FirewallPolicyThreatIntelWhitelist": { "description": "ThreatIntel Whitelist for Firewall Policy.", "x-ms-discriminator-value": "FirewallPolicyThreatIntelWhitelist",