@@ -859,6 +859,121 @@ function Test-AzureFirewallPolicyCRUDWithNatRuleTranslatedFQDN {
859859 Assert-AreEqual $natRule1TranslatedFqdn $natRule.TranslatedFqdn
860860 Assert-AreEqual $natRule1TranslatedPort $natRule.TranslatedPort
861861
862+ $testPipelineRg = Get-AzFirewallPolicyRuleCollectionGroup - Name $ruleGroupName - AzureFirewallPolicyName $getAzureFirewallPolicy.Name - ResourceGroupName $rgname
863+ $testPipelineRg | Set-AzFirewallPolicyRuleCollectionGroup - Priority $pipelineRcPriority
864+ $testPipelineRg = Get-AzFirewallPolicyRuleCollectionGroup - Name $ruleGroupName - AzureFirewallPolicyName $getAzureFirewallPolicy.Name - ResourceGroupName $rgname
865+ Assert-AreEqual $pipelineRcPriority $testPipelineRg.properties.Priority
866+
867+ $azureFirewallPolicyAsJob = New-AzFirewallPolicy - Name $azureFirewallPolicyAsJobName - ResourceGroupName $rgname - Location $location - AsJob
868+ $result = $azureFirewallPolicyAsJob | Wait-Job
869+ Assert-AreEqual " Completed" $result.State
870+ }
871+ finally {
872+ # Cleanup
873+ Clean - ResourceGroup $rgname
874+ }
875+ }
876+
877+ <#
878+ . SYNOPSIS
879+ Tests AzureFirewallPolicyWithWebCategories.
880+ #>
881+ function Test-AzureFirewallPolicyWithWebCategories {
882+ # Setup
883+ $rgname = Get-ResourceGroupName
884+ $azureFirewallPolicyName = Get-ResourceName
885+ $azureFirewallPolicyAsJobName = Get-ResourceName
886+ $resourceTypeParent = " Microsoft.Network/FirewallPolicies"
887+ $location = " westus2"
888+
889+ $ruleGroupName = Get-ResourceName
890+
891+ # AzureFirewallPolicyApplicationRuleCollection
892+ $appRcName = " appRc"
893+ $appRcPriority = 400
894+ $appRcActionType = " Allow"
895+
896+ $pipelineRcPriority = 154
897+
898+ # AzureFirewallPolicyApplicationRule 1
899+ $appRule1Name = " appRule"
900+ $appRule1Desc = " desc1"
901+ $appRule1WC1 = " DatingAndPersonals"
902+ $appRule1WC2 = " Tasteless"
903+ $appRule1Protocol1 = " http:80"
904+ $appRule1Port1 = 80
905+ $appRule1ProtocolType1 = " http"
906+ $appRule1Protocol2 = " https:443"
907+ $appRule1Port2 = 443
908+ $appRule1ProtocolType2 = " https"
909+ $appRule1SourceAddress1 = " 192.168.0.0/16"
910+
911+ try {
912+ # Create the resource group
913+ $resourceGroup = New-AzResourceGroup - Name $rgname - Location $location - Tags @ { testtag = " testval"
914+
915+ # Create AzureFirewallPolicy (with no rules, ThreatIntel is in Alert mode by default)
916+ $azureFirewallPolicy = New-AzFirewallPolicy - Name $azureFirewallPolicyName - ResourceGroupName $rgname - Location $location
917+
918+ # Get AzureFirewallPolicy
919+ $getAzureFirewallPolicy = Get-AzFirewallPolicy - Name $azureFirewallPolicyName - ResourceGroupName $rgname
920+
921+ # verification
922+ Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
923+ Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
924+ Assert-NotNull $getAzureFirewallPolicy.Location
925+ Assert-AreEqual (Normalize- Location $location ) $getAzureFirewallPolicy.Location
926+
927+
928+ # Create Application Rules
929+ $appRule = New-AzFirewallPolicyApplicationRule - Name $appRule1Name - Description $appRule1Desc - Protocol $appRule1Protocol1 , $appRule1Protocol2 - WebCategory $appRule1WC1 , $appRule1WC2 - SourceAddress $appRule1SourceAddress1
930+
931+ # Create Filter Rule with 2 application rules
932+ $appRc = New-AzFirewallPolicyFilterRuleCollection - Name $appRcName - Priority $appRcPriority - Rule $appRule - ActionType $appRcActionType
933+
934+ New-AzFirewallPolicyRuleCollectionGroup - Name $ruleGroupName - Priority 100 - RuleCollection $appRc - FirewallPolicyObject $azureFirewallPolicy
935+
936+ # Get AzureFirewallPolicy
937+ $getAzureFirewallPolicy = Get-AzFirewallPolicy - Name $azureFirewallPolicyName - ResourceGroupName $rgName
938+
939+ # verification
940+ Assert-AreEqual $rgName $getAzureFirewallPolicy.ResourceGroupName
941+ Assert-AreEqual $azureFirewallPolicyName $getAzureFirewallPolicy.Name
942+ Assert-NotNull $getAzureFirewallPolicy.Location
943+ Assert-AreEqual $location $getAzureFirewallPolicy.Location
944+
945+ # Check rule groups count
946+ Assert-AreEqual 1 @ ($getAzureFirewallPolicy.RuleCollectionGroups ).Count
947+
948+ $getRg = Get-AzFirewallPolicyRuleCollectionGroup - Name $ruleGroupName - AzureFirewallPolicy $getAzureFirewallPolicy
949+
950+ Assert-AreEqual 1 @ ($getRg.properties.ruleCollection ).Count
951+
952+ $filterRuleCollection1 = $getRg.Properties.GetRuleCollectionByName ($appRcName )
953+
954+ # Verify Filter Rule Collection1
955+ Assert-AreEqual $appRcName $filterRuleCollection1.Name
956+ Assert-AreEqual $appRcPriority $filterRuleCollection1.Priority
957+ Assert-AreEqual $appRcActionType $filterRuleCollection1.Action.Type
958+ Assert-AreEqual 1 $filterRuleCollection1.Rules.Count
959+
960+ $appRule = $filterRuleCollection1.GetRuleByName ($appRule1Name )
961+ # Verify application rule 1
962+ Assert-AreEqual $appRule1Name $appRule.Name
963+
964+ Assert-AreEqual 1 $appRule.SourceAddresses.Count
965+ Assert-AreEqual $appRule1SourceAddress1 $appRule.SourceAddresses [0 ]
966+
967+ Assert-AreEqual 2 $appRule.Protocols.Count
968+ Assert-AreEqual $appRule1ProtocolType1 $appRule.Protocols [0 ].ProtocolType
969+ Assert-AreEqual $appRule1ProtocolType2 $appRule.Protocols [1 ].ProtocolType
970+ Assert-AreEqual $appRule1Port1 $appRule.Protocols [0 ].Port
971+ Assert-AreEqual $appRule1Port2 $appRule.Protocols [1 ].Port
972+
973+ Assert-AreEqual 2 $appRule.WebCategories.Count
974+ Assert-AreEqual $appRule1WC1 $appRule.WebCategories [0 ]
975+ Assert-AreEqual $appRule1WC2 $appRule.WebCategories [1 ]
976+
862977
863978 $testPipelineRg = Get-AzFirewallPolicyRuleCollectionGroup - Name $ruleGroupName - AzureFirewallPolicyName $getAzureFirewallPolicy.Name - ResourceGroupName $rgname
864979 $testPipelineRg | Set-AzFirewallPolicyRuleCollectionGroup - Priority $pipelineRcPriority
0 commit comments