Comments on: Azure Firewall Policy Rules to CSV

By: Prasant Chettri

Prasant Chettri — Thu, 23 May 2024 03:24:12 +0000

1) I was trying to make the write to multiple collection in a nested look which was failing.
2) CSV IP range does require space after comma unlike the firewall rule which works without a space and update on its own

By: prashant

prashant — Mon, 20 May 2024 04:46:03 +0000

The import policy fails with 400 error

By: Prasant Chettri

Prasant Chettri — Mon, 06 May 2024 22:07:36 +0000

It looks like it may work for single Rule collection as it is building one rule collection and sub rules when I am parsing it.

I have one rule collection group for network.7 rule collection for management, monitor, services etc and rules under each rule collection based on the priority

By: Prasant Chettri

Prasant Chettri — Mon, 06 May 2024 17:04:01 +0000

Export works fine but the import script gives error building table. I added try fetch and it generates error right the foreach ($entry in $RulesfromCSV) when it is reading two sets of tables from excel for rule and rule collection and after that it breaks on all the following.
Has anyone had any luck with import. I am starting with basic network rules that uses IP and IPgroups both?
foreach ($entry in $RulesfromCSV)
{
$RuleParameter = @{
Name = $entry.Name;
protocols = $entry.protocols
SourceAddresses = $entry.SourceAddresses
DestinationAddresses = $entry.DestinationAddresses
SourceIPGroups = $entry.SourceIPGroups
DestinationIPGroups = $entry.DestinationIPGroups
ActionType = $entry.ActionType
DestinationPorts = $entry.DestinationPorts
}
try {
$rule = New-AzFirewallPolicyNetworkRule @RuleParameter -ErrorAction Stop
}
catch {
Write-Host “2 – Error creating rule table based on excel data”
}
$NetworkRuleCollection = @{
RuleCollectionName = $entry.RuleCollectionName
Priority = $entry.RulePriority
ActionType = $entry.ActionType
Rule = $rules += $rule
}
}

By: Prasant Chettri

Prasant Chettri — Mon, 06 May 2024 16:57:15 +0000

export works fine but import gives error building table. I added try fetch and it generates error right the foreach ($entry in $RulesfromCSV) when it is reading two sets of table from excel for rule and rule collection and after that it breaks on all the following.
Has anyone had any luck with import. I am starting with basic network rules that uses IP and IPgroups both

By: Pantelis Apostolidis

Pantelis Apostolidis — Tue, 23 Apr 2024 05:57:02 +0000

In reply to Larry Brandt. Thank you so much for sharing Larry!

By: Larry Brandt

Larry Brandt — Wed, 31 Jan 2024 22:10:46 +0000

Thanks for this script. I went ahead and poorly modified it to work for url logs as i was getting errors. its not pretty, but it works.

#Provide Input. Firewall Policy Name, Firewall Policy Resource Group & Firewall Policy Rule Collection Group Name
$fpname = “policyname”
$fprg = “resourcegroupname”
$fprcgname = “DefaultApplicationRuleCollectionGroup”
$sub = “subscriptionname”
$file = “./urlrules.csv”

Connect-AzAccount
Set-AzContext -subscription $sub
$fp = Get-AzFirewallPolicy -Name $fpname -ResourceGroupName $fprg
$rcg = Get-AzFirewallPolicyRuleCollectionGroup -Name $fprcgname -AzureFirewallPolicy $fp

$returnObj = @()
foreach ($rulecol in $rcg.Properties.RuleCollection) {

foreach ($rule in $rulecol.rules)
{
$combined = $null
foreach ($protocol in $rule.protocols)
{
if ($combined -ne $null)
{
$combined = $combined += “,”
}
$combined = $combined += ForEach-Object { $protocol.ProtocolType + ‘:’ + $protocol.Port }
}

$properties = [ordered]@{
RuleCollectionName = $rulecol.Name;
RulePriority = $rulecol.Priority;
ActionType = $rulecol.Action.Type;
RUleConnectionType = $rulecol.RuleCollectionType;
Name = $rule.Name;
SourceAddresses = $rule.SourceAddresses -join “, “;
protocols = $combined;
TargetFqdns = $rule.TargetFqdns -join “, “;
TerminateTLS = $rule.TerminateTLS -join “, “;

}
$obj = New-Object psobject -Property $properties
$returnObj += $obj

}
#$returnObj
$returnObj | Export-Csv $file -NoTypeInformation
}

By: Paul Arnold

Paul Arnold — Thu, 27 Apr 2023 20:53:55 +0000

This was very useful. I had to add the Connect-AzAccount and Set-AzContext to the beginning since we have multiple subscriptions.
I set the $fprcgname to my Rule Collection Group within my Policy and it extracted the rules without issue.
I have not tried the import function.
Thanks for sharing!

By: James

James — Wed, 22 Mar 2023 11:36:59 +0000

Unfortunately, only works with 1 Rule collection.
Script pastes all rules in 1 Rule collection.

I hope you can fix this, will be very useful.

By: Marek

Marek — Tue, 14 Feb 2023 06:57:31 +0000

i find your code. I have question.
This export ONLY DefaultNetworkRuleCollectionGroup.
If we have 10s on rule collection is there any way how to do this?