|
| 1 | +--- |
| 2 | +title: 'Add or modify multiple Azure Firewall rules using Azure PowerShell' |
| 3 | +description: In this article, you learn how to add or modify multiple Azure Firewall rules using the Azure PowerShell. |
| 4 | +services: firewall |
| 5 | +author: vhorne |
| 6 | +ms.service: firewall |
| 7 | +ms.date: 02/23/2022 |
| 8 | +ms.author: victorh |
| 9 | +ms.topic: how-to |
| 10 | +--- |
| 11 | + |
| 12 | +# Add or modify multiple Azure Firewall rules using Azure PowerShell |
| 13 | + |
| 14 | +When you add new rules to Azure Firewall or Azure Firewall policy, you should use the following steps to reduce the total update time: |
| 15 | + |
| 16 | +1. Retrieve the Azure Firewall or Azure Firewall Policy object. |
| 17 | +1. Add all new rules and perform other desired modifications in the local object. You can add them to an existing rule collection or create new ones as needed. |
| 18 | +1. Push the Firewall or the Firewall Policy updates only when all modifications are done. |
| 19 | + |
| 20 | +The following example shows how to add multiple new DNAT rules to an existing firewall policy using Azure PowerShell. You should follow these same principles also when: |
| 21 | + |
| 22 | +- You update Application or Network rules. |
| 23 | +- You update a firewall managed with classic rules. |
| 24 | + |
| 25 | +Carefully review the following steps. You should first try it on a test policy to ensure it works as expected for your needs. |
| 26 | + |
| 27 | +## Connect to your Azure account and set the context to your subscription |
| 28 | + |
| 29 | +```azurepowershell |
| 30 | +Connect-AzAccount |
| 31 | +Set-AzContext -Subscription "<Subscritpion ID>" |
| 32 | +
|
| 33 | +``` |
| 34 | + |
| 35 | +## Create local objects of the firewall policy, rule collection group, and rule collection |
| 36 | + |
| 37 | +```azurepowershell |
| 38 | +$policy = Get-AzFirewallPolicy -Name "<Policy Name>" -ResourceGroupName "<Resource Group Name>" |
| 39 | +$natrulecollectiongroup = Get-AzFirewallPolicyRuleCollectionGroup -Name "<Rule Collection Group Name>" -ResourceGroupName "<Resource Group Name>" -AzureFirewallPolicyName "<Firewall Policy Name>" |
| 40 | +$existingrulecollection = $natrulecollectiongroup.Properties.RuleCollection | where {$_.Name -eq "<rule collection name"} |
| 41 | +``` |
| 42 | + |
| 43 | +## Define new rules to add |
| 44 | + |
| 45 | +```azurepowershell |
| 46 | +$newrule1 = New-AzFirewallPolicyNatRule -Name "dnat-rule1" -Protocol "TCP" -SourceAddress "<Source Address>" -DestinationAddress "<Destination>" -DestinationPort "<Destination Port>" -TranslatedAddress "<Translated Address>" -TranslatedPort "<Translated Port>" |
| 47 | +$newrule2 = New-AzFirewallPolicyNatRule -Name "dnat-rule1" -Protocol "TCP" -SourceAddress "<Source Address>" -DestinationAddress "<Destination>" -DestinationPort "<Destination Port>" -TranslatedAddress "<Translated Address>" -TranslatedPort "<Translated Port>" |
| 48 | +``` |
| 49 | + |
| 50 | +## Add the new rules to the local rule collection object |
| 51 | + |
| 52 | +```azurepowershell |
| 53 | +$existingrulecollection.Rules.Add($newrule1) |
| 54 | +$existingrulecollection.Rules.Add($newrule2) |
| 55 | +``` |
| 56 | + |
| 57 | +Use this step to add any more rules, or perform any modifications to existing rules in the same rule collection group. |
| 58 | + |
| 59 | +## Update the rule collection on Azure |
| 60 | + |
| 61 | +```azurepowershell |
| 62 | +Set-AzFirewallPolicyRuleCollectionGroup -Name " <Rule Collection Group Name> " -FirewallPolicyObject $policy -Priority 200 -RuleCollection $natrulecollectiongroup.Properties.rulecollection |
| 63 | +``` |
| 64 | + |
| 65 | +## Next steps |
| 66 | + |
| 67 | +- [Azure Firewall Policy rule sets](policy-rule-sets.md) |
0 commit comments