import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Manages an Azure Firewall. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const example = new azure.core.ResourceGroup("example", { * name: "example-resources", * location: "West Europe", * }); * const exampleVirtualNetwork = new azure.network.VirtualNetwork("example", { * name: "testvnet", * addressSpaces: ["10.0.0.0/16"], * location: example.location, * resourceGroupName: example.name, * }); * const exampleSubnet = new azure.network.Subnet("example", { * name: "AzureFirewallSubnet", * resourceGroupName: example.name, * virtualNetworkName: exampleVirtualNetwork.name, * addressPrefixes: ["10.0.1.0/24"], * }); * const examplePublicIp = new azure.network.PublicIp("example", { * name: "testpip", * location: example.location, * resourceGroupName: example.name, * allocationMethod: "Static", * sku: "Standard", * }); * const exampleFirewall = new azure.network.Firewall("example", { * name: "testfirewall", * location: example.location, * resourceGroupName: example.name, * skuName: "AZFW_VNet", * skuTier: "Standard", * ipConfigurations: [{ * name: "configuration", * subnetId: exampleSubnet.id, * publicIpAddressId: examplePublicIp.id, * }], * }); * ``` * * ## API Providers * * * This resource uses the following Azure API Providers: * * * `Microsoft.Network` - 2025-01-01 * * ## Import * * Azure Firewalls can be imported using the `resource id`, e.g. * * ```sh * $ pulumi import azure:network/firewall:Firewall example /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/group1/providers/Microsoft.Network/azureFirewalls/testfirewall * ``` */ export declare class Firewall extends pulumi.CustomResource { /** * Get an existing Firewall resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: FirewallState, opts?: pulumi.CustomResourceOptions): Firewall; /** * Returns true if the given object is an instance of Firewall. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Firewall; /** * Whether DNS proxy is enabled. It will forward DNS requests to the DNS servers when set to `true`. It will be set to `true` if `dnsServers` provided with a not empty list. */ readonly dnsProxyEnabled: pulumi.Output; /** * A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution. */ readonly dnsServers: pulumi.Output; /** * The ID of the Firewall Policy applied to this Firewall. */ readonly firewallPolicyId: pulumi.Output; /** * An `ipConfiguration` block as documented below. */ readonly ipConfigurations: pulumi.Output; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ readonly location: pulumi.Output; /** * A `managementIpConfiguration` block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the `subnetId` in an existing block forces a new resource to be created. Changing this forces a new resource to be created. */ readonly managementIpConfiguration: pulumi.Output; /** * Specifies the name of the Firewall. Changing this forces a new resource to be created. */ readonly name: pulumi.Output; /** * A list of SNAT private CIDR IP ranges, or the special string `IANAPrivateRanges`, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918. */ readonly privateIpRanges: pulumi.Output; /** * The name of the resource group in which to create the resource. Changing this forces a new resource to be created. */ readonly resourceGroupName: pulumi.Output; /** * SKU name of the Firewall. Possible values are `AZFW_Hub` and `AZFW_VNet`. Changing this forces a new resource to be created. */ readonly skuName: pulumi.Output; /** * SKU tier of the Firewall. Possible values are `Premium`, `Standard` and `Basic`. */ readonly skuTier: pulumi.Output; /** * A mapping of tags to assign to the resource. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * The operation mode for threat intelligence-based filtering. Possible values are: `Off`, `Alert` and `Deny`. Defaults to `Alert`. */ readonly threatIntelMode: pulumi.Output; /** * A `virtualHub` block as documented below. */ readonly virtualHub: pulumi.Output; /** * Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created. * * > **Note:** Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). */ readonly zones: pulumi.Output; /** * Create a Firewall resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: FirewallArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Firewall resources. */ export interface FirewallState { /** * Whether DNS proxy is enabled. It will forward DNS requests to the DNS servers when set to `true`. It will be set to `true` if `dnsServers` provided with a not empty list. */ dnsProxyEnabled?: pulumi.Input; /** * A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution. */ dnsServers?: pulumi.Input[]>; /** * The ID of the Firewall Policy applied to this Firewall. */ firewallPolicyId?: pulumi.Input; /** * An `ipConfiguration` block as documented below. */ ipConfigurations?: pulumi.Input[]>; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * A `managementIpConfiguration` block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the `subnetId` in an existing block forces a new resource to be created. Changing this forces a new resource to be created. */ managementIpConfiguration?: pulumi.Input; /** * Specifies the name of the Firewall. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A list of SNAT private CIDR IP ranges, or the special string `IANAPrivateRanges`, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918. */ privateIpRanges?: pulumi.Input[]>; /** * The name of the resource group in which to create the resource. Changing this forces a new resource to be created. */ resourceGroupName?: pulumi.Input; /** * SKU name of the Firewall. Possible values are `AZFW_Hub` and `AZFW_VNet`. Changing this forces a new resource to be created. */ skuName?: pulumi.Input; /** * SKU tier of the Firewall. Possible values are `Premium`, `Standard` and `Basic`. */ skuTier?: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The operation mode for threat intelligence-based filtering. Possible values are: `Off`, `Alert` and `Deny`. Defaults to `Alert`. */ threatIntelMode?: pulumi.Input; /** * A `virtualHub` block as documented below. */ virtualHub?: pulumi.Input; /** * Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created. * * > **Note:** Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). */ zones?: pulumi.Input[]>; } /** * The set of arguments for constructing a Firewall resource. */ export interface FirewallArgs { /** * Whether DNS proxy is enabled. It will forward DNS requests to the DNS servers when set to `true`. It will be set to `true` if `dnsServers` provided with a not empty list. */ dnsProxyEnabled?: pulumi.Input; /** * A list of DNS servers that the Azure Firewall will direct DNS traffic to the for name resolution. */ dnsServers?: pulumi.Input[]>; /** * The ID of the Firewall Policy applied to this Firewall. */ firewallPolicyId?: pulumi.Input; /** * An `ipConfiguration` block as documented below. */ ipConfigurations?: pulumi.Input[]>; /** * Specifies the supported Azure location where the resource exists. Changing this forces a new resource to be created. */ location?: pulumi.Input; /** * A `managementIpConfiguration` block as documented below, which allows force-tunnelling of traffic to be performed by the firewall. Adding or removing this block or changing the `subnetId` in an existing block forces a new resource to be created. Changing this forces a new resource to be created. */ managementIpConfiguration?: pulumi.Input; /** * Specifies the name of the Firewall. Changing this forces a new resource to be created. */ name?: pulumi.Input; /** * A list of SNAT private CIDR IP ranges, or the special string `IANAPrivateRanges`, which indicates Azure Firewall does not SNAT when the destination IP address is a private range per IANA RFC 1918. */ privateIpRanges?: pulumi.Input[]>; /** * The name of the resource group in which to create the resource. Changing this forces a new resource to be created. */ resourceGroupName: pulumi.Input; /** * SKU name of the Firewall. Possible values are `AZFW_Hub` and `AZFW_VNet`. Changing this forces a new resource to be created. */ skuName: pulumi.Input; /** * SKU tier of the Firewall. Possible values are `Premium`, `Standard` and `Basic`. */ skuTier: pulumi.Input; /** * A mapping of tags to assign to the resource. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The operation mode for threat intelligence-based filtering. Possible values are: `Off`, `Alert` and `Deny`. Defaults to `Alert`. */ threatIntelMode?: pulumi.Input; /** * A `virtualHub` block as documented below. */ virtualHub?: pulumi.Input; /** * Specifies a list of Availability Zones in which this Azure Firewall should be located. Changing this forces a new Azure Firewall to be created. * * > **Note:** Availability Zones are [only supported in several regions at this time](https://docs.microsoft.com/azure/availability-zones/az-overview). */ zones?: pulumi.Input[]>; }