AzPolicyAdvertizer

last sync: 2023-Jun-19 17:45:01 UTC

Community Policy definition

Azure firewall policy should only allow user defined standard ports and FQDNs within application rules

Name Azure firewall policy should only allow user defined standard ports and FQDNs within application rules
Community-Policy GitHub
Id network_allow-azurefirewallpolicy-user-defined-standard-ports-fqdns-within-application-rules
Version n/a
details on versioning
Category undefined
Microsoft docs
Description Enforce usage of user defined standard ports and FQDNs (default deny wildcard '*'). This is a common requirement in many regulatory and industry compliance standards.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
Used RBAC Role none
Rule Aliases IF (6)
Alias Namespace ResourceType DefaultPath Modifiable
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*] false
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*] false
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*].ApplicationRule.protocols[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*].protocols[*] false
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*].ApplicationRule.protocols[*].port Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*].protocols[*].port false
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].FirewallPolicyFilterRuleCollection.rules[*].ApplicationRule.targetFqdns[*] Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].rules[*].targetFqdns[*] false
Microsoft.Network/firewallPolicies/ruleCollectionGroups/ruleCollections[*].priority Microsoft.Network firewallPolicies/ruleCollectionGroups properties.ruleCollections[*].priority false
Rule ResourceTypes
JSON