Skip to content

Commit 02f92f5

Browse files
ajtmsajtms
authored
Updated New-AzFirewallPolicyApplicationRule to only use HTTPS as the default Protocol for FqdnTag rules (#28027)
1 parent 5418017 commit 02f92f5

File tree

6 files changed

+132
-13
lines changed

6 files changed

+132
-13
lines changed

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.cs

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,5 +228,13 @@ public void TestAzureFirewallPolicyRCGyDraft()
228228
{
229229
TestRunner.RunTestScript("Test-AzureFirewallPolicyRCGDraft");
230230
}
231+
232+
[Fact]
233+
[Trait(Category.AcceptanceType, Category.CheckIn)]
234+
[Trait(Category.Owner, NrpTeamAlias.azurefirewall)]
235+
public void TestAzureFirewallPolicyApplicationRuleFqdnTagDefaultProtocol()
236+
{
237+
TestRunner.RunTestScript("Test-AzureFirewallPolicyApplicationRuleFqdnTagDefaultProtocol");
238+
}
231239
}
232240
}

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1599,7 +1599,7 @@ function Test-AzureFirewallPolicyExplicitProxyCRUD {
15991599
$resourceTypeParent = "Microsoft.Network/FirewallPolicies"
16001600
$location = "westus2"
16011601
$vnetName = Get-ResourceName
1602-
$pacFile ="https://packetcapturesdev.blob.core.windows.net/explicit-proxy/pacfile.pac?sp=r&st=2022-06-02T21:14:54Z&se=2022-07-15T05:14:54Z&spr=https&sv=2021-06-08&sr=b&sig=VqX7Jfqb0P2HhuoDFDCeGLHvtM65Tu8lpkV96kCWZn0%3D"
1602+
$pacFile = "fake_pacfile_url"
16031603

16041604
try {
16051605

@@ -2268,4 +2268,31 @@ function Test-AzureFirewallPolicyRCGDraft {
22682268
# Cleanup
22692269
Clean-ResourceGroup $rgname
22702270
}
2271+
}
2272+
2273+
<#
2274+
.SYNOPSIS
2275+
Tests function Test-AzureFirewallPolicyApplicationRuleFqdnTagDefaultProtocol.
2276+
#>
2277+
function Test-AzureFirewallPolicyApplicationRuleFqdnTagDefaultProtocol {
2278+
# Default protocol type
2279+
$expectedProtocolType = "Https"
2280+
$expectedProtocolPort = "443"
2281+
2282+
try {
2283+
$rule = New-AzFirewallPolicyApplicationRule -Name "App01" -SourceAddress "1.1.1.1" -FqdnTag "WindowsUpdate"
2284+
2285+
# Expected default value
2286+
Assert-AreEqual 1 $rule.Protocols.count
2287+
Assert-AreEqual $expectedProtocolType $rule.Protocols[0].ProtocolType
2288+
Assert-AreEqual $expectedProtocolPort $rule.Protocols[0].Port
2289+
2290+
# Manually setting the Protocol is not allowed
2291+
Assert-Throws { New-AzFirewallPolicyApplicationRule -Name "SingleCustomProtocolNotAllowedForFqdnTag" -SourceAddress "1.1.1.1" -FqdnTag "WindowsUpdate" -Protocol "http:80" }
2292+
Assert-Throws { New-AzFirewallPolicyApplicationRule -Name "MultipleCustomProtocolsNotAllowedForFqdnTag" -SourceAddress "1.1.1.1" -FqdnTag "WindowsUpdate" -Protocol "https:443", "http:80" }
2293+
Assert-Throws { New-AzFirewallPolicyApplicationRule -Name "ManuallySettingToTheDefaultProtocolNotAllowedEither" -SourceAddress "1.1.1.1" -FqdnTag "WindowsUpdate" -Protocol "https:443" }
2294+
}
2295+
finally {
2296+
# No cleanup required
2297+
}
22712298
}

src/Network/Network.Test/SessionRecords/Commands.Network.Test.ScenarioTests.AzureFirewallPolicyTests/TestAzureFirewallPolicyApplicationRuleFqdnTagDefaultProtocol.json

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
{
2+
"Entries": [
3+
{
4+
"RequestUri": "/subscriptions/f6cb8187-b300-4c2d-9b23-c00e7e98d799/providers/Microsoft.Network/azureFirewallFqdnTags?api-version=2024-07-01",
5+
"EncodedRequestUri": "L3N1YnNjcmlwdGlvbnMvZjZjYjgxODctYjMwMC00YzJkLTliMjMtYzAwZTdlOThkNzk5L3Byb3ZpZGVycy9NaWNyb3NvZnQuTmV0d29yay9henVyZUZpcmV3YWxsRnFkblRhZ3M/YXBpLXZlcnNpb249MjAyNC0wNy0wMQ==",
6+
"RequestMethod": "GET",
7+
"RequestHeaders": {
8+
"Accept-Language": [
9+
"en-US"
10+
],
11+
"x-ms-client-request-id": [
12+
"cb0a7b2a-65a4-4010-8bd6-d0097e4e3ded"
13+
],
14+
"User-Agent": [
15+
"FxVersion/8.0.1725.26602",
16+
"OSName/Windows",
17+
"OSVersion/Microsoft.Windows.10.0.26100",
18+
"Microsoft.Azure.Management.Network.NetworkManagementClient/27.0.0.0"
19+
]
20+
},
21+
"RequestBody": "",
22+
"ResponseHeaders": {
23+
"Cache-Control": [
24+
"no-cache"
25+
],
26+
"Pragma": [
27+
"no-cache"
28+
],
29+
"x-ms-request-id": [
30+
"9eadc3ba-9249-41b5-a978-1cd633c9b616"
31+
],
32+
"x-ms-correlation-request-id": [
33+
"f627eef2-e5c0-4245-b2c6-caadc6a85428"
34+
],
35+
"x-ms-arm-service-request-id": [
36+
"44f95411-c05d-415a-9ee2-f41d85087206"
37+
],
38+
"Strict-Transport-Security": [
39+
"max-age=31536000; includeSubDomains"
40+
],
41+
"x-ms-operation-identifier": [
42+
"tenantId=72f988bf-86f1-41af-91ab-2d7cd011db47,objectId=3dee0754-63ae-459a-8ca7-46bd9624aa60/westus/bef0fede-6617-476a-b5df-940a2ad4c85f"
43+
],
44+
"x-ms-ratelimit-remaining-subscription-reads": [
45+
"1099"
46+
],
47+
"x-ms-ratelimit-remaining-subscription-global-reads": [
48+
"16499"
49+
],
50+
"x-ms-routing-request-id": [
51+
"WESTUS:20250625T231232Z:f627eef2-e5c0-4245-b2c6-caadc6a85428"
52+
],
53+
"X-Content-Type-Options": [
54+
"nosniff"
55+
],
56+
"X-Cache": [
57+
"CONFIG_NOCACHE"
58+
],
59+
"X-MSEdge-Ref": [
60+
"Ref A: 3E8D091609954F46A4C35256B7C2768C Ref B: SJC211051205037 Ref C: 2025-06-25T23:12:31Z"
61+
],
62+
"Date": [
63+
"Wed, 25 Jun 2025 23:12:32 GMT"
64+
],
65+
"Content-Length": [
66+
"6148"
67+
],
68+
"Content-Type": [
69+
"application/json; charset=utf-8"
70+
],
71+
"Expires": [
72+
"-1"
73+
]
74+
},
75+
"ResponseBody": "{\r\n \"value\": [\r\n {\r\n \"name\": \"AppServiceEnvironment\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"AppServiceEnvironment\"\r\n }\r\n },\r\n {\r\n \"name\": \"AzureBackup\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"AzureBackup\"\r\n }\r\n },\r\n {\r\n \"name\": \"AzureKubernetesService\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"AzureKubernetesService\"\r\n }\r\n },\r\n {\r\n \"name\": \"HDInsight\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"HDInsight\"\r\n }\r\n },\r\n {\r\n \"name\": \"MicrosoftActiveProtectionService\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"MicrosoftActiveProtectionService\"\r\n }\r\n },\r\n {\r\n \"name\": \"MicrosoftIntune\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"MicrosoftIntune\"\r\n }\r\n },\r\n {\r\n \"name\": \"Windows365\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Windows365\"\r\n }\r\n },\r\n {\r\n \"name\": \"WindowsDiagnostics\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"WindowsDiagnostics\"\r\n }\r\n },\r\n {\r\n \"name\": \"WindowsUpdate\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"WindowsUpdate\"\r\n }\r\n },\r\n {\r\n \"name\": \"WindowsVirtualDesktop\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"WindowsVirtualDesktop\"\r\n }\r\n },\r\n {\r\n \"name\": \"citrixHdxPlusForWindows365\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"citrixHdxPlusForWindows365\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Exchange.Optimize\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Exchange.Optimize\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Exchange.Default.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Exchange.Default.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Exchange.Allow.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Exchange.Allow.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Skype.Allow.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Skype.Allow.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Skype.Default.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Skype.Default.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Skype.Default.NotRequired\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Skype.Default.NotRequired\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.SharePoint.Optimize\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.SharePoint.Optimize\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.SharePoint.Default.NotRequired\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.SharePoint.Default.NotRequired\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.SharePoint.Default.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.SharePoint.Default.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Common.Allow.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Common.Allow.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Common.Default.Required\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Common.Default.Required\"\r\n }\r\n },\r\n {\r\n \"name\": \"Office365.Common.Default.NotRequired\",\r\n \"id\": \"/subscriptions//resourceGroups//providers/Microsoft.Network/azureFirewallFqdnTags/\",\r\n \"type\": \"Microsoft.Network/azureFirewallFqdnTags\",\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \"fqdnTagName\": \"Office365.Common.Default.NotRequired\"\r\n }\r\n }\r\n ]\r\n}",
76+
"StatusCode": 200
77+
}
78+
],
79+
"Names": {},
80+
"Variables": {
81+
"SubscriptionId": "f6cb8187-b300-4c2d-9b23-c00e7e98d799"
82+
}
83+
}

0 commit comments

Comments
 (0)