This blog provides step-by-step guidance on interacting with the Azure Firewall REST API and serves as Part I of our series. In this part, we will focus on the prerequisites, initial setup, and specific tasks such as creating an Azure Firewall instance, creating a firewall policy, associating policies, updating threat intelligence settings, and defining network and application rules.
This blog is written in collaboration with andrewmathu.
The REST API is essential for managing resources in Azure, providing a structured way to perform create, read, update, and delete (CRUD) operations. By using HTTP methods such as GET, POST, PUT, and DELETE, the REST API makes it straightforward for administrators to interact with Azure resources. It supports various data formats, including JSON and XML, ensuring flexibility in data exchange. This capability is particularly useful for automating workflows, streamlining deployments, and integrating with continuous deployment and integration processes.
Azure Firewall is a cloud-native, intelligent network firewall security service that provides top tier threat protection for your cloud workloads running in Azure. It is a fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability. The Azure Firewall REST API allows users to automate firewall configurations, retrieve policy details, and manage rules programmatically. This blog provides step-by-step guidance on interacting with the Azure Firewall REST API and serves as Part I of our series. In this part, we will focus on the prerequisites, initial setup, and specific tasks such as creating an Azure Firewall instance, creating a firewall policy, associating policies, updating threat intelligence settings, and defining network and application rules.
Getting Started
In this blog, we will use Bruno, a lightweight, offline and user-friendly API testing tool, to send REST API requests to Azure Resource Manager for managing Azure Firewall configurations. While other API testing tools such as Postman, PowerShell, Azure CLI, and Swagger can also be used to interact with Azure REST APIs, the fundamental principles remain the same, with only the interface differing.
Before diving into the API requests, we will first cover the prerequisites and initial setup. Then, we will demonstrate how to use Bruno to perform essential Azure Firewall operations such as creating a firewall instance, configuring policies, associating policies, updating threat intelligence settings, and defining firewall rules
Prerequisites:
- Link to download Bruno: Bruno API Client | Downloads.
- Bruno documentation: What is Bruno? – Bruno Docs
- Link to blog that covers how to prepare your identities: Azure REST APIs with Postman (2021) | Jon Gallant. Note: While this blog focuses on using Postman to send REST API commands, the steps can be adapted for other API testing tools, such as Bruno, which we are using in this blog.
Using the steps outlined in the blog, we can configure a collection for Bruno with the variables defined as below:
Bruno supports pre-request scripts for modifying requests, but unlike Postman, it lacks built-in request chaining for authentication. While it's possible to use fetch() to obtain an access token, Bruno does not ensure the request waits for the token before execution. Other tools such as PowerShell or Insomnia can automate token retrieval, but in our case, we manually fetch the token via a POST request and use it in the Authorization header for subsequent API calls. Since tokens expire after about 60 minutes, this process will need to be repeated periodically.
The access token that we obtain from our POST request is used in the collection to authenticate API requests to Azure Resource Manager. It is included in the Authorization header of each request to ensure that the API calls have the necessary permissions to interact with Azure Firewall.
Azure Firewall Configurations via REST API
With our prerequisites complete, we now proceed with some Azure Firewall configurations through REST API:
- Creating a new Azure Firewall instance.
- Creating a new Azure Firewall policy.
- Associating an Azure Firewall policy to an Azure Firewall instance.
- Updating Azure Firewall Threat Intelligence mode.
- Creating Rule Collections for Network and Application Rules.
- Listing our created resources.
Azure Firewall REST API offers a wide range of configuration and management capabilities beyond these tasks. The steps covered in this section represent just a subset of the available operations that can be performed programmatically, enabling automation and streamlined management of firewall resources.
- To get us started, we need to have a resource group, a virtual network and a public IP address for the firewall to be created. The resource group has been created with the help of API, as shown below:
- To create the Virtual Network and the Firewall public IP address, we have utilized the portal as shown below:
Creating a new Azure Firewall instance:
The following are the parameters required for Azure Firewall instance via REST API:
By using the PUT command and request body, we can create a firewall instance as shown below:
|
Method |
URL |
|
PUT |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{azureFirewallName}?api-version=2024-05-01 |
As we can confirm on the portal, that the firewall has now been created
Creating a new Azure Firewall policy:
The following are the parameters required for Azure Firewall Policy creation via REST API
By using the PUT command and request body, we can create a firewall policy as shown below:
|
HTTP Method |
URL |
|
PUT |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}?api-version=2024-05-01 |
Associating an Azure Firewall policy to an Azure Firewall instance:
To associate a Firewall Policy with an Azure Firewall instance, use the following parameters.
|
HTTP Method |
URL |
|
PUT |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/azureFirewalls/{{azureFirewallName}}?api-version=2024-05-01 |
As we can see below, the firewall policy has now been associated with the firewall AZFW-RestAPI
Updating Azure Firewall Threat Intelligence Mode:
Updating the threat intelligence mode for your Azure Firewall instance can be done similarly by using the parameters below
|
Method |
URL |
|
PUT |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/RestAPI-FirewallPolicy-Standard?api-version=2024-05-01 |
Creating Rule Collections for Network and Application Rules:
To create rule collection groups for network and application rules, use the following parameters.
By using the below Put Command we will be able to create Network and Application rule collection groups as shown below:
|
Method |
URL |
|
PUT |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups/{ruleCollectionGroupName}? api-version=2024-05-01 |
Listing Created Resources:
To list the resources you've created, you can use the following GET command. When sending a GET request, we no longer require the request body, only the URI parameters to pull the information for the resource we want.
|
HTTP Method |
URL |
|
GET |
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/firewallPolicies/{firewallPolicyName}/ruleCollectionGroups?api-version=2024-05-01 |
As we can see from the above screenshot, we are able to list the rule collections that we created using the GET command. Similarly, we can use the GET command to list or get details of any created resources using the respective URL.
Conclusion:
By utilizing the Azure REST API, you can efficiently create, update, and configure Azure Firewall and Firewall Policies, streamlining deployment and management processes. This guide has shown how to set up and manage firewall instances, create policies, rule collection groups, and view resources, ultimately automating and securing your cloud environment with Azure Firewall.
References:
Azure Firewalls - Create Or Update - REST API (Azure Firewall) | Microsoft Learn
Firewall Policies - REST API (Azure Virtual Networks) | Microsoft Learn
Getting Started with Azure DDoS Protection REST API: A Step-by-Step Guide | Microsoft Community Hub
Microsoft