az palo-alto cloudngfw firewall
Note
This reference is part of the palo-alto-networks extension for the Azure CLI (version 2.51.0 or higher). The extension will automatically install the first time you run an az palo-alto cloudngfw firewall command. Learn more about extensions.
Manage cloudngfw firewall resource.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az palo-alto cloudngfw firewall create |
Create a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall delete |
Delete a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall list |
List FirewallResource resources by subscription ID. |
Extension | GA |
| az palo-alto cloudngfw firewall save-log-profile |
Save Log Profile for Firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall show |
Get a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall show-log-profile |
Get Log Profile for Firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall show-support-info |
Support info for firewall. |
Extension | GA |
| az palo-alto cloudngfw firewall status |
Manage cloudngfw firewall status resource. |
Extension | GA |
| az palo-alto cloudngfw firewall status default |
Manage cloudngfw firewall status default resource. |
Extension | GA |
| az palo-alto cloudngfw firewall status default show |
Get a FirewallStatusResource. |
Extension | GA |
| az palo-alto cloudngfw firewall status list |
List FirewallStatusResource resources by Firewalls. |
Extension | GA |
| az palo-alto cloudngfw firewall update |
Update a FirewallResource. |
Extension | GA |
| az palo-alto cloudngfw firewall wait |
Place the CLI in a waiting state until a condition is met. |
Extension | GA |
az palo-alto cloudngfw firewall create
Create a FirewallResource.
az palo-alto cloudngfw firewall create --dns-settings
--firewall-name
--marketplace-details
--network-profile
--plan-data
--resource-group
[--associated-rulestack]
[--front-end-settings]
[--identity]
[--is-panorama-managed {FALSE, TRUE}]
[--location]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--pan-etag]
[--panorama-config]
[--tags]Examples
Create a FirewallResource
az palo-alto cloudngfw firewall create --name MyCloudngfwFirewall -g MyResourceGroup --location eastus --associated-rulestack "{location:eastus,resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/PaloAltoNetworks.Cloudngfw/localRulestacks/MyLocalRulestacks}" --dns-settings "{enable-dns-proxy:DISABLED,enabled-dns-type:CUSTOM}" --is-panorama-managed FALSE --marketplace-details "{marketplace-subscription-status:Subscribed,offer-id:offer-id,publisher-id:publisher-id}" --network-profile "{egress-nat-ip:[],enable-egress-nat:DISABLED,network-type:VNET,public-ips:[{address:10.0.0.0/16,resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/publicIPAddresses/MypublicIP}],vnet-configuration:{ip-of-trust-subnet-for-udr:{address:10.0.0.0/16},trust-subnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/subnet1},un-trust-subnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/subnet1},vnet:{resource-id:/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/MyResourceGroup/providers/Microsoft.Network/virtualNetworks/MyVnet}}}" --panorama-config "{config-string:bas64EncodedString}" --plan-data "{billing-cycle:MONTHLY,plan-id:plan-id,usage-type:PAYG}"Required Parameters
DNS settings for Firewall Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Firewall resource name.
Marketplace details Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Network settings Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Billing plan information. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Associated Rulestack Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Frontend settings for Firewall Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
The managed service identities assigned to this resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Panorama Managed: Default is False. Default will be CloudSec managed.
The geo-location where the resource lives When not specified, the location of the resource group will be used.
Do not wait for the long-running operation to finish.
PanEtag info.
Panorama Configuration Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall delete
Delete a FirewallResource.
az palo-alto cloudngfw firewall delete [--firewall-name]
[--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--resource-group]
[--subscription]Examples
Delete a FirewallResource
az palo-alto cloudngfw firewall delete --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Do not wait for the long-running operation to finish.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall list
List FirewallResource resources by subscription ID.
az palo-alto cloudngfw firewall list [--max-items]
[--next-token]
[--resource-group]Examples
List FirewallResource resources by subscription ID
az palo-alto cloudngfw firewall list --resource-group MyResourceGroupOptional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall save-log-profile
Save Log Profile for Firewall.
az palo-alto cloudngfw firewall save-log-profile [--application-insights]
[--common-destination]
[--decrypt-destination]
[--firewall-name]
[--ids]
[--log-option {INDIVIDUAL_DESTINATION, SAME_DESTINATION}]
[--log-type {AUDIT, DECRYPTION, DLP, THREAT, TRAFFIC, WILDFIRE}]
[--resource-group]
[--subscription]
[--threat-destination]
[--traffic-destination]Examples
Save Log Profile for Firewall
az palo-alto cloudngfw firewall save-log-profile --resource-group MyResourceGroup -n MyCloudngfwFirewall --log-option "SAME_DESTINATION" --log-type "TRAFFIC"Optional Parameters
Application Insight details Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Common destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Decrypt destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Log option SAME/INDIVIDUAL.
One of possible log type.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Threat destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Traffic destination configurations Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall show
Get a FirewallResource.
az palo-alto cloudngfw firewall show [--firewall-name]
[--ids]
[--resource-group]
[--subscription]Examples
Get a FirewallResource
az palo-alto cloudngfw firewall show --name MyCloudngfwFirewall -g MyResourceGroupOptional Parameters
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall show-log-profile
Get Log Profile for Firewall.
az palo-alto cloudngfw firewall show-log-profile [--firewall-name]
[--ids]
[--resource-group]
[--subscription]Examples
Get Log Profile for Firewall
az palo-alto cloudngfw firewall show-log-profile --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall show-support-info
Support info for firewall.
az palo-alto cloudngfw firewall show-support-info [--email]
[--firewall-name]
[--ids]
[--resource-group]
[--subscription]Examples
Get support info for firewall.
az palo-alto cloudngfw firewall show-support-info --resource-group MyResourceGroup -n MyCloudngfwFirewallOptional Parameters
Email address on behalf of which this API called.
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall update
Update a FirewallResource.
az palo-alto cloudngfw firewall update [--add]
[--firewall-name]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--identity]
[--ids]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--resource-group]
[--set]
[--subscription]
[--tags]Examples
Update a FirewallResource
az palo-alto cloudngfw firewall update --name MyCloudngfwFirewall -g MyResourceGroup --tags "{tagName:value}"Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Firewall resource name.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
The managed service identities assigned to this resource. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Do not wait for the long-running operation to finish.
Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Resource tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az palo-alto cloudngfw firewall wait
Place the CLI in a waiting state until a condition is met.
az palo-alto cloudngfw firewall wait [--created]
[--custom]
[--deleted]
[--exists]
[--firewall-name]
[--ids]
[--interval]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
Firewall resource name.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for