Set-AzFirewallPolicyRuleCollectionGroup 保存多个Rule Collection

使用Azure Powershell 设置 Rule Collection Group, 首先需要创建 Firewall policy。

在创建完firewall policy后,通过Azure Portal页面添加 Rule Collection Group。

然后就可以使用 Set-AzFirewallPolicyRuleCollectionGroup命令在Firewall policy中添加Rule Collection Group了。

以下是一个简单例子,通过Azure Powershell在Rule Collection Group中添加Rule Collection和Rules。

$resourceGroup = "test_rg"

$fprg = $resourceGroup

$targetfp = Get-AzFirewallPolicy -Name "testFWpolicy" -ResourceGroupName $fprg //获取Firewall Policy对象

$targetrcg = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicyName "vincentFWpolicy" -Name "network-segmentation-local" -ResourceGroupName $resourceGroup //获取Rule Collection Group对象

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allowasdfajsdlflklkajlkfd"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection = @{

Name = "src-azure-network-rules-segmentation-allow"

Priority = "666"

ActionType = "Allow"

Rule = $rules += $rule

} //在第一个Rule Collection中添加Rule

$NetworkRuleCategoryCollection = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allow-all2"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection2 = @{

Name = "src-azure-network-rules-segmentation-allowasdfasdf2"

Priority = "888"

ActionType = "Allow"

Rule = $rules += $rule

} //在第二个Rule Collection中添加Rule

$NetworkRuleCategoryCollection2 = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection2

//将以上创建的两个Rule Collection加入Rule Collection Group对象

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection)

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection2)

//设置保存Rule Collection Group并使其生效

Set-AzFirewallPolicyRuleCollectionGroup -FirewallPolicyName testFWpolicy -Name $targetrcg.Name -Priority 112 -ResourceGroupName test_rg -RuleCollection $targetrcg.Properties.RuleCollection

需要注意的问题:

Set-AzFirewallPolicyRuleCollectionGroup这个命令执行的是Overwrite操作,它会保存命令中的多个Rule Collection。同时会覆盖掉之前的配置,如果保存之前在Rule Collection Group中存在其他的Rule Collection,那么这些没有在命令中被写入的Rule Collection就会被擦除。所以如果想一次在Rule Collection Group中设置多个Rule Collection。需要在参数中指定多个Rule Collection的数组。

参考文档:

Set-AzFirewallPolicyRuleCollectionGroup (Az.Network) | Microsoft Learn

相关推荐
徒步僧20 小时前
ThingsBoard规则链节点:Azure IoT Hub 节点详解
物联网·flask·azure
Elastic 中国社区官方博客3 天前
使用 Elastic AI Assistant for Search 和 Azure OpenAI 实现从 0 到 60 的转变
大数据·人工智能·elasticsearch·microsoft·搜索引擎·ai·azure
联蔚盘云7 天前
Azure Kubernetes Service (AKS)资源优化策略
kubernetes·azure
Hacker_LaoYi7 天前
Azure NSG网络安全组日志分析
web安全·flask·azure
Deepcong7 天前
使用Azure Kinect获取彩色三维点云,对彩色二维图像进行目标检测,依据得到的box区域,再找出对应的点云信息
目标检测·microsoft·azure·三维点云
葡萄皮Apple9 天前
[Azure PL300 Certified] 数据分析概论与定义
microsoft·数据分析·azure
Elastic 中国社区官方博客12 天前
开始使用 Elastic AI Assistant 进行可观察性和 Microsoft Azure OpenAI
大数据·人工智能·elasticsearch·microsoft·搜索引擎·全文检索·azure
jack@london24 天前
Azure 将文本转换为语音
microsoft·音频·azure
戴着眼镜看不清1 个月前
GPT避坑指南:如何辨别逆向、AZ、OpenAI官转
gpt·openai·azure·通义千问·api中转
界面开发小八哥1 个月前
界面控件DevExtreme中文教程 - 如何与Amazon S3和Azure Blob存储集成?
microsoft·azure·ui开发·用户界面·devextreme