Merge pull request #11013 from saisujithreddym/vnetpolicynrp

VeryEarly · web-flow · commit c07c5fa5a845 · 2020-02-04T19:18:07.000+08:00
Firewall Policy support on vnet firewall
diff --git a/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs b/src/Network/Network/AzureFirewall/NewAzureFirewallCommand.cs
@@ -271,6 +271,7 @@ private PSAzureFirewall CreateAzureFirewall()
                     Name = this.Name,
                     ResourceGroupName = this.ResourceGroupName,
                     Location = this.Location,
+                    FirewallPolicy = FirewallPolicyId != null ? new MNM.SubResource(FirewallPolicyId) : null,
                     ApplicationRuleCollections = this.ApplicationRuleCollection?.ToList(),
                     NatRuleCollections = this.NatRuleCollection?.ToList(),
                     NetworkRuleCollections = this.NetworkRuleCollection?.ToList(),
diff --git a/src/Network/Network/ChangeLog.md b/src/Network/Network/ChangeLog.md
@@ -21,6 +21,8 @@
 ## Upcoming Release
 * Fixed FilterData example in Start-AzVirtualNetworkGatewayConnectionPacketCapture.md and Start-AzVirtualnetworkGatewayPacketCapture.md.
 * Added Packet Capture example for capture all inner and outer packets in Start-AzVirtualNetworkGatewayConnectionPacketCapture.md and Start-AzVirtualnetworkGatewayPacketCapture.md.
+* Support Azure Firewall Policy on VNet Firewalls
+    - No new cmdlets are added. Relaxing the restriction for firewall policy on VNet firewalls
 
 ## Version 2.3.0
 * New example added to Set-AzNetworkWatcherConfigFlowLog.md to demonstrate Traffic Analytics disable scenario.
diff --git a/src/Network/Network/help/New-AzFirewall.md b/src/Network/Network/help/New-AzFirewall.md
@@ -199,6 +199,18 @@ Threat Intel will also run in default mode - Alert - which means malicious traff
 
 To support "forced tunneling" scenarios, this firewall will use the subnet "AzureFirewallManagementSubnet" and the management public IP address for its management traffic
 
+### 13:  Create a Firewall with Firewall Policy attached to a virtual network
+```
+$rgName = "resourceGroupName"
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
+$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
+$fp = Get-AzFirewallPolicy -ResourceGroupName $rgName -Name "fp"
+New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetwork $vnet -PublicIpAddress $pip -FirewallPolicyId $fp
+```
+
+This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
+The rules and threat intelligence that will be applied to the firewall will be taken from the firewall policy
+
 ## PARAMETERS
 
 ### -ApplicationRuleCollection
