Get-AzFirewall
取得 Azure 防火牆。
語法
Default (預設值)
Get-AzFirewall
[-Name <String>]
[-ResourceGroupName <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
Get-AzFirewall Cmdlet 會在資源群組中取得一或多個防火牆。
範例
範例 1:擷取資源群組中的所有防火牆
Get-AzFirewall -ResourceGroupName rgName
Name : azFw
ResourceGroupName : rgName
Location : westcentralus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/providers/Micros
oft.Network/azureFirewalls/azFw
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid :
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"Name": "AzureFirewallIpConfiguration",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/provi
ders/Microsoft.Network/azureFirewalls/azFw/azureFirewallIpConfigurations/AzureFirewallIp
Configuration",
"PrivateIPAddress": "x.x.x.x",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/virtualNetworks/vnetname/subnets/AzureFirewallSubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/publicIPAddresses/publicipname"
}
}
]
ApplicationRuleCollections : []
NatRuleCollections : []
NetworkRuleCollections : []
Zones : {}
Name : azFw1
ResourceGroupName : rgName
Location : westcentralus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/providers/Micros
oft.Network/azureFirewalls/azFw1
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid :
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"Name": "AzureFirewallIpConfiguration",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/provi
ders/Microsoft.Network/azureFirewalls/azFw1/azureFirewallIpConfigurations/AzureFirewallIp
Configuration",
"PrivateIPAddress": "x.x.x.x",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/virtualNetworks/vnetname/subnets/AzureFirewallSubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/publicIPAddresses/publicipname"
}
}
]
ApplicationRuleCollections : []
NatRuleCollections : []
NetworkRuleCollections : []
Zones : {}
此範例會擷取資源群組 “rgName” 中的所有防火牆。
範例 2:依名稱擷取防火牆
Get-AzFirewall -ResourceGroupName rgName -Name azFw
Name : azFw
ResourceGroupName : rgName
Location : westcentralus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/providers/Micros
oft.Network/azureFirewalls/azFw
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid :
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"Name": "AzureFirewallIpConfiguration",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/provi
ders/Microsoft.Network/azureFirewalls/azFw/azureFirewallIpConfigurations/AzureFirewallIp
Configuration",
"PrivateIPAddress": "x.x.x.x",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/virtualNetworks/vnetname/subnets/AzureFirewallSubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/publicIPAddresses/publicipname"
}
}
]
ApplicationRuleCollections : []
NatRuleCollections : []
NetworkRuleCollections : []
Zones : {}
此範例會擷取資源群組 “rgName” 中名為 “azFw” 的防火牆。
範例 3:擷取所有具有篩選功能的防火牆
Get-AzFirewall -Name azFw*
Name : azFw
ResourceGroupName : rgName
Location : westcentralus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/providers/Micros
oft.Network/azureFirewalls/azFw
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid :
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"Name": "AzureFirewallIpConfiguration",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/provi
ders/Microsoft.Network/azureFirewalls/azFw/azureFirewallIpConfigurations/AzureFirewallIp
Configuration",
"PrivateIPAddress": "x.x.x.x",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/virtualNetworks/vnetname/subnets/AzureFirewallSubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/publicIPAddresses/publicipname"
}
}
]
ApplicationRuleCollections : []
NatRuleCollections : []
NetworkRuleCollections : []
Zones : {}
Name : azFw1
ResourceGroupName : rgName
Location : westcentralus
Id : /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/providers/Micros
oft.Network/azureFirewalls/azFw1
Etag : W/"00000000-0000-0000-0000-000000000000"
ResourceGuid :
ProvisioningState : Succeeded
Tags :
IpConfigurations : [
{
"Name": "AzureFirewallIpConfiguration",
"Etag": "W/\"00000000-0000-0000-0000-000000000000\"",
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/provi
ders/Microsoft.Network/azureFirewalls/azFw1/azureFirewallIpConfigurations/AzureFirewallIp
Configuration",
"PrivateIPAddress": "x.x.x.x",
"Subnet": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/virtualNetworks/vnetname/subnets/AzureFirewallSubnet"
},
"PublicIpAddress": {
"Id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rgName/pro
viders/Microsoft.Network/publicIPAddresses/publicipname"
}
}
]
ApplicationRuleCollections : []
NatRuleCollections : []
NetworkRuleCollections : []
Zones : {}
此範例會擷取以 “azFw” 開頭的所有防火牆
範例 4:擷取防火牆,然後將應用程式規則集合新增至防火牆
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$appRule = New-AzFirewallApplicationRule -Name R1 -Protocol "http:80","https:443" -TargetFqdn "*google.com", "*microsoft.com" -SourceAddress "10.0.0.0"
$appRuleCollection = New-AzFirewallApplicationRuleCollection -Name "MyAppRuleCollection" -Priority 100 -Rule $appRule -ActionType "Allow"
$azFw.AddApplicationRuleCollection($appRuleCollection)
此範例會擷取防火牆,然後呼叫 AddApplicationRuleCollection 方法,將應用程式規則集合新增至防火牆。
範例 5:擷取防火牆,然後將網路規則集合新增至防火牆
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$netRule = New-AzFirewallNetworkRule -Name "all-udp-traffic" -Description "Rule for all UDP traffic" -Protocol "UDP" -SourceAddress "*" -DestinationAddress "*" -DestinationPort "*"
$netRuleCollection = New-AzFirewallNetworkRuleCollection -Name "MyNetworkRuleCollection" -Priority 100 -Rule $netRule -ActionType "Allow"
$azFw.AddNetworkRuleCollection($netRuleCollection)
此範例會擷取防火牆,然後呼叫 AddNetworkRuleCollection 方法,將網路規則集合新增至防火牆。
範例 6:擷取防火牆,然後從防火牆依名稱擷取應用程式規則集合
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$getAppRc=$azFw.GetApplicationRuleCollectionByName("MyAppRuleCollection")
此範例會擷取防火牆,然後依名稱取得規則集合,並在防火牆物件上呼叫方法 GetApplicationRuleCollectionByName。 方法 GetApplicationRuleCollectionByName 的規則集合名稱不區分大小寫。
範例 7:擷取防火牆,然後從防火牆依名稱擷取網路規則集合
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$getNetRc=$azFw.GetNetworkRuleCollectionByName("MyNetworkRuleCollection")
此範例會擷取防火牆,然後依名稱取得規則集合,並在防火牆物件上呼叫方法 GetNetworkRuleCollectionByName。 方法 GetNetworkRuleCollectionByName 的規則集合名稱不區分大小寫。
範例 8:擷取防火牆,然後從防火牆中依名稱移除應用程式規則集合
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$azFw.RemoveApplicationRuleCollectionByName("MyAppRuleCollection")
此範例會擷取防火牆,然後依名稱移除規則集合,並在防火牆物件上呼叫方法 RemoveApplicationRuleCollectionByName。 方法 RemoveApplicationRuleCollectionByName 的規則集合名稱不區分大小寫。
範例 9:擷取防火牆,然後從防火牆中依名稱移除網路規則集合
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$azFw.RemoveNetworkRuleCollectionByName("MyNetworkRuleCollection")
此範例會擷取防火牆,然後依名稱移除規則集合,並在防火牆物件上呼叫方法 RemoveNetworkRuleCollectionByName。 方法 RemoveNetworkRuleCollectionByName 的規則集合名稱不區分大小寫。
範例 10:擷取防火牆,然後配置防火牆
$vnet=Get-AzVirtualNetwork -Name "vnet" -ResourceGroupName "rgName"
$publicIp=Get-AzPublicIpAddress -Name "firewallpip" -ResourceGroupName "rgName"
$azFw=Get-AzFirewall -Name "azFw" -ResourceGroupName "rgName"
$azFw.Allocate($vnet, $publicIp)
此範例會擷取防火牆,並在防火牆上呼叫 Allocate ,以使用與防火牆相關聯的組態 (應用程式和網路規則集合) 來啟動防火牆服務。
參數
-DefaultProfile
用於與 azure 通訊的認證、帳戶、租用戶和訂用帳戶。
參數屬性
| 類型: | IAzureContextContainer |
| 預設值: | None |
| 支援萬用字元: | False |
| 不要顯示: | False |
| 別名: | AzContext, AzureRmContext, AzureCredential |
參數集
(All)
| Position: | Named |
| 必要: | False |
| 來自管線的值: | False |
| 來自管線按屬性名稱的值: | False |
| 來自剩餘引數的值: | False |
-Name
指定此 Cmdlet 取得的防火牆名稱。
參數屬性
| 類型: | String |
| 預設值: | None |
| 支援萬用字元: | True |
| 不要顯示: | False |
| 別名: | 資源名稱 |
參數集
(All)
| Position: | Named |
| 必要: | False |
| 來自管線的值: | False |
| 來自管線按屬性名稱的值: | True |
| 來自剩餘引數的值: | False |
-ResourceGroupName
指定防火牆所屬資源群組的名稱。
參數屬性
| 類型: | String |
| 預設值: | None |
| 支援萬用字元: | True |
| 不要顯示: | False |
參數集
(All)
| Position: | Named |
| 必要: | False |
| 來自管線的值: | False |
| 來自管線按屬性名稱的值: | True |
| 來自剩餘引數的值: | False |
CommonParameters
此 Cmdlet 支援常見參數:-Debug、-ErrorAction、-ErrorVariable、-InformationAction、-InformationVariable、-OutBuffer、-OutVariable、-PipelineVariable、-ProgressAction、-Verbose、-WarningAction 和 -WarningVariable。 如需詳細資訊,請參閱 about_CommonParameters。