Set-AzFirewallPolicyRuleCollectionGroup 保存多个Rule Collection

EE的逆袭2024-01-06 17:04

使用Azure Powershell 设置 Rule Collection Group, 首先需要创建 Firewall policy。

在创建完firewall policy后,通过Azure Portal页面添加 Rule Collection Group。

然后就可以使用 Set-AzFirewallPolicyRuleCollectionGroup命令在Firewall policy中添加Rule Collection Group了。

以下是一个简单例子,通过Azure Powershell在Rule Collection Group中添加Rule Collection和Rules。

$resourceGroup = "test_rg"

$fprg = $resourceGroup

$targetfp = Get-AzFirewallPolicy -Name "testFWpolicy" -ResourceGroupName $fprg //获取Firewall Policy对象

$targetrcg = Get-AzFirewallPolicyRuleCollectionGroup -AzureFirewallPolicyName "vincentFWpolicy" -Name "network-segmentation-local" -ResourceGroupName $resourceGroup //获取Rule Collection Group对象

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allowasdfajsdlflklkajlkfd"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection = @{

Name = "src-azure-network-rules-segmentation-allow"

Priority = "666"

ActionType = "Allow"

Rule = $rules += $rule

} //在第一个Rule Collection中添加Rule

$NetworkRuleCategoryCollection = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection

$rules = @()

$RuleParameter = @{

Name = "net-pde-to-external-prod-allow-all2"

Protocol = "Any"

sourceAddress = "*"

DestinationAddress = "*"

DestinationPort = "*"

}

$rule = New-AzFirewallPolicyNetworkRule @RuleParameter

$NetworkRuleCollection2 = @{

Name = "src-azure-network-rules-segmentation-allowasdfasdf2"

Priority = "888"

ActionType = "Allow"

Rule = $rules += $rule

} //在第二个Rule Collection中添加Rule

$NetworkRuleCategoryCollection2 = New-AzFirewallPolicyFilterRuleCollection @NetworkRuleCollection2

//将以上创建的两个Rule Collection加入Rule Collection Group对象

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection)

targetrcg.Properties.RuleCollection.Add(NetworkRuleCategoryCollection2)

//设置保存Rule Collection Group并使其生效

Set-AzFirewallPolicyRuleCollectionGroup -FirewallPolicyName testFWpolicy -Name $targetrcg.Name -Priority 112 -ResourceGroupName test_rg -RuleCollection $targetrcg.Properties.RuleCollection

需要注意的问题:

Set-AzFirewallPolicyRuleCollectionGroup这个命令执行的是Overwrite操作,它会保存命令中的多个Rule Collection。同时会覆盖掉之前的配置,如果保存之前在Rule Collection Group中存在其他的Rule Collection,那么这些没有在命令中被写入的Rule Collection就会被擦除。所以如果想一次在Rule Collection Group中设置多个Rule Collection。需要在参数中指定多个Rule Collection的数组。

参考文档:

Set-AzFirewallPolicyRuleCollectionGroup (Az.Network) | Microsoft Learn

相关推荐
weixin_307779135 小时前
Azure云生态系统详解:核心服务、混合架构与云原生概念
云原生·数据库架构·azure
發糞塗牆1 天前
【Azure 架构师学习笔记】- Azure Databricks (18) --Delta Live Table 架构
azure·azuredatabricks
發糞塗牆3 天前
【Azure 架构师学习笔记】- Azure Databricks (16) -- Delta Lake 和 ADLS整合
azure·azuredatabricks
發糞塗牆8 天前
【Azure 架构师学习笔记】- Azure Databricks (14) -- 搭建Medallion Architecture part 2
azure·azuredatabricks
Azure DevOps8 天前
Azure DevOps Service:连接到Microsoft Entra(AAD)
运维·microsoft·azure·devops
Azure DevOps8 天前
Azure DevOps Server 2022.2 补丁(Patch 3)
运维·microsoft·azure·devops
office大师姐10 天前
微软AI900认证备考全攻略:开启AI职业进阶之路
人工智能·microsoft·ai·自然语言处理·微软·azure
Azure DevOps10 天前
Azure DevOps Server用户使用GithubCopilot
运维·microsoft·azure·devops
發糞塗牆11 天前
【Azure 架构师学习笔记】- Azure Databricks (13) -- 搭建Medallion Architecture part 1
azure·azuredatabricks
Monee..11 天前
【azure openai】用tts实现语音对话【demo】
python·azure·语音助手
热门推荐
01如何在WPS和Word/Excel中直接使用DeepSeek功能02DeepSeek各版本说明与优缺点分析03本地部署DeepSeek教程(Mac版本)04从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑05如何本地部署AI智能体平台,带你手搓一个AI Agent06DeepSeek R1本地化部署 Ollama + Chatbox 打造最强 AI 工具07DeepSeek RAGFlow构建本地知识库系统08Windows 11 安装 Dify 完整指南 非docker环境09本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程10网络安全 - DDoS 攻击原理 + 实验