today I’m going to show you how to create network rules for Azure Firewall with Powershell. Network rules allow you to control the traffic between your virtual networks and the internet based on source and destination IP addresses, ports and protocols. They are useful for scenarios where you need granular control over specific network flows.
To create network rules, you need to have an Azure Firewall resource already deployed in your subscription. You also need to have the Azure Powershell module installed on your machine. If you don’t have these prerequisites, you can check out this link for more information: https://docs.microsoft.com/en-us/azure/firewall/quickstart-create-firewall-powershell
The first step is to connect to your Azure account and select the subscription where your firewall is located. You can use the following commands:
Select-AzSubscription -SubscriptionId <your-subscription-id>
Next, you need to get the reference of your firewall object by using the Get-AzFirewall cmdlet. You can specify the name and resource group of your firewall as parameters. For example:
$firewall = Get-AzFirewall -Name “MyFirewall” -ResourceGroupName “MyResourceGroup”
Now you can create a network rule collection object by using the New-AzFirewallNetworkRuleCollection cmdlet. A network rule collection is a container for one or more network rules that share the same priority and action. You can specify the name, priority, action and rules of your collection as parameters. For example:
$collection = New-AzFirewallNetworkRuleCollection -Name “MyCollection” -Priority 100 -ActionType Allow -Rule $rule1,$rule2
The rule parameter is an array of network rule objects that you can create by using the New-AzFirewallNetworkRule cmdlet. A network rule object has a name, a description, a source address, a destination address, a protocol and a destination port as properties. You can specify these properties as parameters. For example:
$rule1 = New-AzFirewallNetworkRule -Name “AllowHTTP” -Description “Allow HTTP traffic from VNet1 to Internet” -SourceAddress “10.0.0.0/24” -DestinationAddress “*” -Protocol “TCP” -DestinationPort 80
$rule2 = New-AzFirewallNetworkRule -Name “AllowSSH” -Description “Allow SSH traffic from VNet2 to VNet3” -SourceAddress “10.1.0.0/24” -DestinationAddress “10.2.0.0/24” -Protocol “TCP” -DestinationPort 22
Finally, you can add the network rule collection to your firewall object by using the Set-AzFirewall cmdlet. You can specify the firewall object and the collection object as parameters. For example:
Set-AzFirewall -Firewall $firewall -NetworkRuleCollection $collection
That’s it! You have successfully created network rules for Azure Firewall with Powershell. You can verify the results by using the Get-AzFirewall cmdlet or by checking the Azure portal. I hope you found this blog post helpful and feel free to leave your comments or questions below.