1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
# pylint: disable=line-too-long,useless-suppression
# coding=utf-8
# --------------------------------------------------------------------------
# Copyright (c) Microsoft Corporation. All rights reserved.
# Licensed under the MIT License. See License.txt in the project root for license information.
# Code generated by Microsoft (R) AutoRest Code Generator.
# Changes may cause incorrect behavior and will be lost if the code is regenerated.
# --------------------------------------------------------------------------
from azure.identity import DefaultAzureCredential
from azure.mgmt.network import NetworkManagementClient
"""
# PREREQUISITES
pip install azure-identity
pip install azure-mgmt-network
# USAGE
python firewall_policy_put.py
Before run the sample, please set the values of the client ID, tenant ID and client secret
of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""
def main():
client = NetworkManagementClient(
credential=DefaultAzureCredential(),
subscription_id="subid",
)
response = client.firewall_policies.begin_create_or_update(
resource_group_name="rg1",
firewall_policy_name="firewallPolicy",
parameters={
"location": "West US",
"properties": {
"dnsSettings": {"enableProxy": True, "requireProxyForNetworkRules": False, "servers": ["30.3.4.5"]},
"explicitProxy": {
"enableExplicitProxy": True,
"enablePacFile": True,
"httpPort": 8087,
"httpsPort": 8087,
"pacFile": "https://tinawstorage.file.core.windows.net/?sv=2020-02-10&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-06-04T07:01:12Z&st=2021-06-03T23:01:12Z&sip=68.65.171.11&spr=https&sig=Plsa0RRVpGbY0IETZZOT6znOHcSro71LLTTbzquYPgs%3D",
"pacFilePort": 8087,
},
"insights": {
"isEnabled": True,
"logAnalyticsResources": {
"defaultWorkspaceId": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/defaultWorkspace"
},
"workspaces": [
{
"region": "westus",
"workspaceId": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace1"
},
},
{
"region": "eastus",
"workspaceId": {
"id": "/subscriptions/subid/resourcegroups/rg1/providers/microsoft.operationalinsights/workspaces/workspace2"
},
},
],
},
"retentionDays": 100,
},
"intrusionDetection": {
"configuration": {
"bypassTrafficSettings": [
{
"description": "Rule 1",
"destinationAddresses": ["5.6.7.8"],
"destinationPorts": ["*"],
"name": "bypassRule1",
"protocol": "TCP",
"sourceAddresses": ["1.2.3.4"],
}
],
"signatureOverrides": [{"id": "2525004", "mode": "Deny"}],
},
"mode": "Alert",
"profile": "Balanced",
},
"sku": {"tier": "Premium"},
"snat": {"privateRanges": ["IANAPrivateRanges"]},
"sql": {"allowSqlRedirect": True},
"threatIntelMode": "Alert",
"threatIntelWhitelist": {"fqdns": ["*.microsoft.com"], "ipAddresses": ["20.3.4.5"]},
"transportSecurity": {
"certificateAuthority": {"keyVaultSecretId": "https://kv/secret", "name": "clientcert"}
},
},
"tags": {"key1": "value1"},
},
).result()
print(response)
# x-ms-original-file: specification/network/resource-manager/Microsoft.Network/stable/2024-07-01/examples/FirewallPolicyPut.json
if __name__ == "__main__":
main()
|
