Set-AzFirewallPolicyRuleCollectionGroup 保存多个Rule Collection

使用Azure Powershell 设置 Rule Collection Group, 首先需要创建 Firewall policy。

在创建完firewall policy后,通过Azure Portal页面添加 Rule Collection Group。

然后就可以使用 Set-AzFirewallPolicyRuleCollectionGroup命令在Firewall policy中添加Rule Collection Group了。

以下是一个简单例子,通过Azure Powershell在Rule Collection Group中添加Rule Collection和Rules。

$resourceGroup = "test_rg"

fprg = resourceGroup

targetfp = Get-AzFirewallPolicy -Name "testFWpolicy" -ResourceGroupName fprg //获取Firewall Policy对象

targetrcg = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicyName "vincentFWpolicy" -Name "network-segmentation-local" -ResourceGroupName resourceGroup //获取Rule Collection Group对象

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allowasdfajsdlflklkajlkfd"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection = @{

Name = "src-azure-network-rules-segmentation-allow"

Priority = "666"

ActionType = "Allow"

Rule = rules += rule

} //在第一个Rule Collection中添加Rule

$NetworkRuleCategoryCollection = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allow-all2"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection2 = @{

Name = "src-azure-network-rules-segmentation-allowasdfasdf2"

Priority = "888"

ActionType = "Allow"

Rule = rules += rule

} //在第二个Rule Collection中添加Rule

$NetworkRuleCategoryCollection2 = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection2

//将以上创建的两个Rule Collection加入Rule Collection Group对象

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection)

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection2)

//设置保存Rule Collection Group并使其生效

Set-AzFirewallPolicyRuleCollectionGroup -FirewallPolicyName testFWpolicy -Name targetrcg.Name -Priority 112 -ResourceGroupName test_rg -RuleCollection targetrcg.Properties.RuleCollection

需要注意的问题:

Set-AzFirewallPolicyRuleCollectionGroup这个命令执行的是Overwrite操作,它会保存命令中的多个Rule Collection。同时会覆盖掉之前的配置,如果保存之前在Rule Collection Group中存在其他的Rule Collection,那么这些没有在命令中被写入的Rule Collection就会被擦除。所以如果想一次在Rule Collection Group中设置多个Rule Collection。需要在参数中指定多个Rule Collection的数组。

参考文档:

Set-AzFirewallPolicyRuleCollectionGroup (Az.Network) | Microsoft Learn

相关推荐
codeの诱惑2 天前
Azure DevOps CI/CD 流水线中 Java 17 容器化部署 NullPointerException 解决方案
ci/cd·azure·devops
Leinwin3 天前
Azure Cobalt 100 VM:以卓越性能与能效优化云端工作负载
microsoft·azure
weixin_307779134 天前
在 Microsoft Azure 上部署 ClickHouse 数据仓库:托管服务与自行部署的全面指南
开发语言·数据库·数据仓库·云计算·azure
Leinwin8 天前
Azure Front Door 在中国区正式上线
microsoft·azure
Leinwin10 天前
微软发布Azure容器存储v2.0.0国际版
microsoft·azure
宝桥南山11 天前
Azure - 尝试创建并使用一下Azure AI Search
microsoft·微软·azure
宝桥南山17 天前
Azure - Azure需要MFA login了(2025-09-30之后)
microsoft·微软·azure
Leinwin23 天前
微软 Azure AI 视频翻译服务助力 JowoAI 实现短剧高效出海
人工智能·microsoft·azure
安娜的信息安全说23 天前
使用 Azure AD 实现认证与权限管理:原理解析与操作指南
microsoft·flask·azure
Leinwin24 天前
Bulutistan:融合本地与云端,借 Azure Arc 开启创新之旅
microsoft·azure