Set-AzFirewallPolicyRuleCollectionGroup 保存多个Rule Collection

使用Azure Powershell 设置 Rule Collection Group, 首先需要创建 Firewall policy。

在创建完firewall policy后,通过Azure Portal页面添加 Rule Collection Group。

然后就可以使用 Set-AzFirewallPolicyRuleCollectionGroup命令在Firewall policy中添加Rule Collection Group了。

以下是一个简单例子,通过Azure Powershell在Rule Collection Group中添加Rule Collection和Rules。

$resourceGroup = "test_rg"

$fprg = $resourceGroup

$targetfp = Get-AzFirewallPolicy -Name "testFWpolicy" -ResourceGroupName $fprg //获取Firewall Policy对象

$targetrcg = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicyName "vincentFWpolicy" -Name "network-segmentation-local" -ResourceGroupName $resourceGroup //获取Rule Collection Group对象

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allowasdfajsdlflklkajlkfd"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection = @{

Name = "src-azure-network-rules-segmentation-allow"

Priority = "666"

ActionType = "Allow"

Rule = $rules += $rule

} //在第一个Rule Collection中添加Rule

$NetworkRuleCategoryCollection = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allow-all2"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection2 = @{

Name = "src-azure-network-rules-segmentation-allowasdfasdf2"

Priority = "888"

ActionType = "Allow"

Rule = $rules += $rule

} //在第二个Rule Collection中添加Rule

$NetworkRuleCategoryCollection2 = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection2

//将以上创建的两个Rule Collection加入Rule Collection Group对象

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection)

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection2)

//设置保存Rule Collection Group并使其生效

Set-AzFirewallPolicyRuleCollectionGroup -FirewallPolicyName testFWpolicy -Name $targetrcg.Name -Priority 112 -ResourceGroupName test_rg -RuleCollection $targetrcg.Properties.RuleCollection

需要注意的问题:

Set-AzFirewallPolicyRuleCollectionGroup这个命令执行的是Overwrite操作,它会保存命令中的多个Rule Collection。同时会覆盖掉之前的配置,如果保存之前在Rule Collection Group中存在其他的Rule Collection,那么这些没有在命令中被写入的Rule Collection就会被擦除。所以如果想一次在Rule Collection Group中设置多个Rule Collection。需要在参数中指定多个Rule Collection的数组。

参考文档:

Set-AzFirewallPolicyRuleCollectionGroup (Az.Network) | Microsoft Learn

相关推荐
jack@london5 天前
Azure 将文本转换为语音
microsoft·音频·azure
戴着眼镜看不清9 天前
GPT避坑指南:如何辨别逆向、AZ、OpenAI官转
gpt·openai·azure·通义千问·api中转
界面开发小八哥19 天前
界面控件DevExtreme中文教程 - 如何与Amazon S3和Azure Blob存储集成?
microsoft·azure·ui开发·用户界面·devextreme
全云在线allcloudonline22 天前
Azure OpenAI 服务上线具有音频和语音功能的 GPT-4o-Realtime-Preview,免费申请试用
microsoft·azure
Ares-Wang23 天前
Asp.Net Core 发布 IIS、docker、Azure、文件夹、AAS、ASF、AWM等
docker·asp.net·azure
NineData1 个月前
Zilliz获Forrester报告全球第一;OB支持向量能力;Azure发布DiskANN;阿里云PG发布内置分析引擎
microsoft·阿里云·azure·aurora·zilliz·云数据库技术·rds mysql
Dlimeng1 个月前
在 Azure OpenAI 上利用 GPT-35-Turbo 和 GPT-4 开启 AI 创新之旅
人工智能·python·ai·语言模型·gpt-3·openai·azure
MicrosoftReactor1 个月前
技术速递|Java on Azure Tooling 8月更新 - Java 体验在 Azure 容器应用程序正式发布
java·容器·azure
Azure DevOps1 个月前
Azure DevOps Server:不能指派新增的用户
运维·microsoft·flask·azure·devops
Monee..1 个月前
【azure-openai】批量翻译demo【python】【gradio】
python·azure·gradio