Criar cloudFirewallRule

Espaço de nomes: microsoft.graph.networkaccess

Importante

As APIs na versão /beta no Microsoft Graph estão sujeitas a alterações. Não há suporte para o uso dessas APIs em aplicativos de produção. Para determinar se uma API está disponível na v1.0, use o seletor Versão.

Crie um novo objeto cloudFirewallRule numa cloudFirewallPolicy.

Esta API está disponível nas seguintes implementações de cloud nacionais.

Serviço global	US Government L4	US Government L5 (DOD)	China operada pela 21Vianet
✅	❌	❌	❌

Permissões

Escolha a permissão ou permissões marcadas como menos privilegiadas para esta API. Utilize uma permissão ou permissões com privilégios mais elevados apenas se a sua aplicação o exigir. Para obter detalhes sobre as permissões delegadas e de aplicação, veja Tipos de permissão. Para saber mais sobre estas permissões, veja a referência de permissões.

Tipo de permissão	Permissões com menos privilégios	Permissões com privilégios superiores
Delegado (conta corporativa ou de estudante)	NetworkAccess.ReadWrite.All	Indisponível.
Delegado (conta pessoal da Microsoft)	Sem suporte.	Sem suporte.
Application	NetworkAccess.ReadWrite.All	Indisponível.

Importante

Em cenários delegados com contas escolares ou profissionais, o utilizador com sessão iniciada tem de ter uma função de Microsoft Entra suportada ou uma função personalizada com uma permissão de função suportada. As seguintes funções com menos privilégios são suportadas para esta operação.

Administrador de Acesso Seguro Global
Administrador de Segurança

Solicitação HTTP

POST /networkAccess/cloudFirewallPolicies/{cloudFirewallPolicyId}/policyRules

Cabeçalhos de solicitação

Nome	Descrição
Autorização	{token} de portador. Obrigatório. Saiba mais sobre autenticação e autorização.
Content-Type	application/json. Obrigatório.

Corpo da solicitação

No corpo do pedido, forneça uma representação JSON do objeto cloudFirewallRule .

Pode especificar as seguintes propriedades ao criar uma cloudFirewallRule.

Propriedade	Tipo	Descrição
name	Cadeia de caracteres	Um nome a apresentar exclusivo para a regra. Obrigatório.
description	Cadeia de caracteres	Uma descrição da regra. Opcional.
prioridade	Int64	Um valor de prioridade exclusivo que determina a ordem de avaliação da regra. Obrigatório.
ação	microsoft.graph.networkaccess.cloudFirewallAction	A ação a tomar quando o tráfego corresponde à regra. Os valores possíveis são: `allow`, `block`, `unknownFutureValue`. Obrigatório.
settings	microsoft.graph.networkaccess.cloudFirewallRuleSettings	Definições de configuração para a regra. Obrigatório.
matchingConditions	microsoft.graph.networkaccess.cloudFirewallMatchingConditions	As condições que o tráfego tem de corresponder para que a regra seja aplicada. Obrigatório.

Resposta

Se for bem-sucedido, este método devolve um 201 Created código de resposta e um objeto cloudFirewallRule no corpo da resposta.

Exemplos

Solicitação

O exemplo seguinte mostra um pedido que cria uma regra para bloquear tráfego específico. As condições correspondentes utilizam a lógica AND entre propriedades (as origens E os destinos têm de corresponder), enquanto os itens dentro das coleções utilizam lógica OR (qualquer endereço ou porta pode corresponder).

POST https://graph.microsoft.com/beta/networkAccess/cloudFirewallPolicies/80b58b7d-572f-4457-8944-c804fcf3b694/policyRules
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallRule",
  "name": "Block outbound to risky destinations",
  "description": "Block traffic to specific IPs on common ports",
  "priority": 100,
  "action": "block",
  "settings": {
    "status": "enabled"
  },
  "matchingConditions": {
    "sources": {
      "addresses": [
        {
          "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress",
          "values": ["192.168.1.1", "192.168.0.0/16", "172.16.0.0-172.16.255.255"]
        }
      ],
      "ports": ["80", "443", "445-447"]
    },
    "destinations": {
      "addresses": [
        {
          "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress",
          "values": ["10.0.0.1"]
        }
      ],
      "ports": ["80", "443", "445-447"],
      "protocols": "tcp"
    }
  }
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models.Networkaccess;

var requestBody = new CloudFirewallRule
{
	OdataType = "#microsoft.graph.networkaccess.cloudFirewallRule",
	Name = "Block outbound to risky destinations",
	Description = "Block traffic to specific IPs on common ports",
	Priority = 100L,
	Action = CloudFirewallAction.Block,
	Settings = new CloudFirewallRuleSettings
	{
		Status = SecurityRuleStatus.Enabled,
	},
	MatchingConditions = new CloudFirewallMatchingConditions
	{
		Sources = new CloudFirewallSourceMatching
		{
			Addresses = new List<CloudFirewallSourceAddress>
			{
				new CloudFirewallSourceIpAddress
				{
					OdataType = "#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress",
					Values = new List<string>
					{
						"192.168.1.1",
						"192.168.0.0/16",
						"172.16.0.0-172.16.255.255",
					},
				},
			},
			Ports = new List<string>
			{
				"80",
				"443",
				"445-447",
			},
		},
		Destinations = new CloudFirewallDestinationMatching
		{
			Addresses = new List<CloudFirewallDestinationAddress>
			{
				new CloudFirewallDestinationIpAddress
				{
					OdataType = "#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress",
					Values = new List<string>
					{
						"10.0.0.1",
					},
				},
			},
			Ports = new List<string>
			{
				"80",
				"443",
				"445-447",
			},
			Protocols = CloudFirewallProtocol.Tcp,
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.NetworkAccess.CloudFirewallPolicies["{cloudFirewallPolicy-id}"].PolicyRules.PostAsync(requestBody);

Importante

Os SDKs do Microsoft Graph usam a versão v1.0 da API por padrão e não oferecem suporte a todos os tipos, propriedades e APIs disponíveis na versão beta. Para obter detalhes sobre como acessar a API beta com o SDK, consulte Usar os SDKs do Microsoft Graph com a API beta.

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.



// Code snippets are only available for the latest major version. Current major version is $v0.*

// Dependencies
import (
	  "context"
	  msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
	  graphmodelsnetworkaccess "github.com/microsoftgraph/msgraph-beta-sdk-go/models/networkaccess"
	  //other-imports
)

requestBody := graphmodelsnetworkaccess.NewPolicyRule()
name := "Block outbound to risky destinations"
requestBody.SetName(&name) 
description := "Block traffic to specific IPs on common ports"
requestBody.SetDescription(&description) 
priority := int64(100)
requestBody.SetPriority(&priority) 
action := graphmodels.BLOCK_CLOUDFIREWALLACTION 
requestBody.SetAction(&action) 
settings := graphmodelsnetworkaccess.NewCloudFirewallRuleSettings()
status := graphmodels.ENABLED_SECURITYRULESTATUS 
settings.SetStatus(&status) 
requestBody.SetSettings(settings)
matchingConditions := graphmodelsnetworkaccess.NewCloudFirewallMatchingConditions()
sources := graphmodelsnetworkaccess.NewCloudFirewallSourceMatching()


cloudFirewallSourceAddress := graphmodelsnetworkaccess.NewCloudFirewallSourceIpAddress()
values := []string {
	"192.168.1.1",
	"192.168.0.0/16",
	"172.16.0.0-172.16.255.255",
}
cloudFirewallSourceAddress.SetValues(values)

addresses := []graphmodelsnetworkaccess.CloudFirewallSourceAddressable {
	cloudFirewallSourceAddress,
}
sources.SetAddresses(addresses)
ports := []string {
	"80",
	"443",
	"445-447",
}
sources.SetPorts(ports)
matchingConditions.SetSources(sources)
destinations := graphmodelsnetworkaccess.NewCloudFirewallDestinationMatching()


cloudFirewallDestinationAddress := graphmodelsnetworkaccess.NewCloudFirewallDestinationIpAddress()
values := []string {
	"10.0.0.1",
}
cloudFirewallDestinationAddress.SetValues(values)

addresses := []graphmodelsnetworkaccess.CloudFirewallDestinationAddressable {
	cloudFirewallDestinationAddress,
}
destinations.SetAddresses(addresses)
ports := []string {
	"80",
	"443",
	"445-447",
}
destinations.SetPorts(ports)
protocols := graphmodels.TCP_CLOUDFIREWALLPROTOCOL 
destinations.SetProtocols(&protocols) 
matchingConditions.SetDestinations(destinations)
requestBody.SetMatchingConditions(matchingConditions)

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
policyRules, err := graphClient.NetworkAccess().CloudFirewallPolicies().ByCloudFirewallPolicyId("cloudFirewallPolicy-id").PolicyRules().Post(context.Background(), requestBody, nil)

Importante

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

com.microsoft.graph.beta.models.networkaccess.CloudFirewallRule policyRule = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallRule();
policyRule.setOdataType("#microsoft.graph.networkaccess.cloudFirewallRule");
policyRule.setName("Block outbound to risky destinations");
policyRule.setDescription("Block traffic to specific IPs on common ports");
policyRule.setPriority(100L);
policyRule.setAction(com.microsoft.graph.beta.models.networkaccess.CloudFirewallAction.Block);
com.microsoft.graph.beta.models.networkaccess.CloudFirewallRuleSettings settings = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallRuleSettings();
settings.setStatus(com.microsoft.graph.beta.models.networkaccess.SecurityRuleStatus.Enabled);
policyRule.setSettings(settings);
com.microsoft.graph.beta.models.networkaccess.CloudFirewallMatchingConditions matchingConditions = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallMatchingConditions();
com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceMatching sources = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceMatching();
LinkedList<com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceAddress> addresses = new LinkedList<com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceAddress>();
com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceIpAddress cloudFirewallSourceAddress = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallSourceIpAddress();
cloudFirewallSourceAddress.setOdataType("#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress");
LinkedList<String> values = new LinkedList<String>();
values.add("192.168.1.1");
values.add("192.168.0.0/16");
values.add("172.16.0.0-172.16.255.255");
cloudFirewallSourceAddress.setValues(values);
addresses.add(cloudFirewallSourceAddress);
sources.setAddresses(addresses);
LinkedList<String> ports = new LinkedList<String>();
ports.add("80");
ports.add("443");
ports.add("445-447");
sources.setPorts(ports);
matchingConditions.setSources(sources);
com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationMatching destinations = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationMatching();
LinkedList<com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationAddress> addresses1 = new LinkedList<com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationAddress>();
com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationIpAddress cloudFirewallDestinationAddress = new com.microsoft.graph.beta.models.networkaccess.CloudFirewallDestinationIpAddress();
cloudFirewallDestinationAddress.setOdataType("#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress");
LinkedList<String> values1 = new LinkedList<String>();
values1.add("10.0.0.1");
cloudFirewallDestinationAddress.setValues(values1);
addresses1.add(cloudFirewallDestinationAddress);
destinations.setAddresses(addresses1);
LinkedList<String> ports1 = new LinkedList<String>();
ports1.add("80");
ports1.add("443");
ports1.add("445-447");
destinations.setPorts(ports1);
destinations.setProtocols(EnumSet.of(com.microsoft.graph.beta.models.networkaccess.CloudFirewallProtocol.Tcp));
matchingConditions.setDestinations(destinations);
policyRule.setMatchingConditions(matchingConditions);
com.microsoft.graph.models.networkaccess.PolicyRule result = graphClient.networkAccess().cloudFirewallPolicies().byCloudFirewallPolicyId("{cloudFirewallPolicy-id}").policyRules().post(policyRule);

Importante

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


const options = {
	authProvider,
};

const client = Client.init(options);

const policyRule = {
  '@odata.type': '#microsoft.graph.networkaccess.cloudFirewallRule',
  name: 'Block outbound to risky destinations',
  description: 'Block traffic to specific IPs on common ports',
  priority: 100,
  action: 'block',
  settings: {
    status: 'enabled'
  },
  matchingConditions: {
    sources: {
      addresses: [
        {
          '@odata.type': '#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress',
          values: ['192.168.1.1', '192.168.0.0/16', '172.16.0.0-172.16.255.255']
        }
      ],
      ports: ['80', '443', '445-447']
    },
    destinations: {
      addresses: [
        {
          '@odata.type': '#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress',
          values: ['10.0.0.1']
        }
      ],
      ports: ['80', '443', '445-447'],
      protocols: 'tcp'
    }
  }
};

await client.api('/networkAccess/cloudFirewallPolicies/80b58b7d-572f-4457-8944-c804fcf3b694/policyRules')
	.version('beta')
	.post(policyRule);

Importante

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallRule;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallAction;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallRuleSettings;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\SecurityRuleStatus;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallMatchingConditions;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallSourceMatching;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallSourceAddress;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallSourceIpAddress;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallDestinationMatching;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallDestinationAddress;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallDestinationIpAddress;
use Microsoft\Graph\Beta\Generated\Models\Networkaccess\CloudFirewallProtocol;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new CloudFirewallRule();
$requestBody->setOdataType('#microsoft.graph.networkaccess.cloudFirewallRule');
$requestBody->setName('Block outbound to risky destinations');
$requestBody->setDescription('Block traffic to specific IPs on common ports');
$requestBody->setPriority(100);
$requestBody->setAction(new CloudFirewallAction('block'));
$settings = new CloudFirewallRuleSettings();
$settings->setStatus(new SecurityRuleStatus('enabled'));
$requestBody->setSettings($settings);
$matchingConditions = new CloudFirewallMatchingConditions();
$matchingConditionsSources = new CloudFirewallSourceMatching();
$addressesCloudFirewallSourceAddress1 = new CloudFirewallSourceIpAddress();
$addressesCloudFirewallSourceAddress1->setOdataType('#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress');
$addressesCloudFirewallSourceAddress1->setValues(['192.168.1.1', '192.168.0.0/16', '172.16.0.0-172.16.255.255', 	]);
$addressesArray []= $addressesCloudFirewallSourceAddress1;
$matchingConditionsSources->setAddresses($addressesArray);

$matchingConditionsSources->setPorts(['80', '443', '445-447', ]);
$matchingConditions->setSources($matchingConditionsSources);
$matchingConditionsDestinations = new CloudFirewallDestinationMatching();
$addressesCloudFirewallDestinationAddress1 = new CloudFirewallDestinationIpAddress();
$addressesCloudFirewallDestinationAddress1->setOdataType('#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress');
$addressesCloudFirewallDestinationAddress1->setValues(['10.0.0.1', ]);
$addressesArray []= $addressesCloudFirewallDestinationAddress1;
$matchingConditionsDestinations->setAddresses($addressesArray);

$matchingConditionsDestinations->setPorts(['80', '443', '445-447', ]);
$matchingConditionsDestinations->setProtocols(new CloudFirewallProtocol('tcp'));
$matchingConditions->setDestinations($matchingConditionsDestinations);
$requestBody->setMatchingConditions($matchingConditions);

$result = $graphServiceClient->networkAccess()->cloudFirewallPolicies()->byCloudFirewallPolicyId('cloudFirewallPolicy-id')->policyRules()->post($requestBody)->wait();

Importante

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.networkaccess.cloud_firewall_rule import CloudFirewallRule
from msgraph_beta.generated.models.cloud_firewall_action import CloudFirewallAction
from msgraph_beta.generated.models.networkaccess.cloud_firewall_rule_settings import CloudFirewallRuleSettings
from msgraph_beta.generated.models.security_rule_status import SecurityRuleStatus
from msgraph_beta.generated.models.networkaccess.cloud_firewall_matching_conditions import CloudFirewallMatchingConditions
from msgraph_beta.generated.models.networkaccess.cloud_firewall_source_matching import CloudFirewallSourceMatching
from msgraph_beta.generated.models.networkaccess.cloud_firewall_source_address import CloudFirewallSourceAddress
from msgraph_beta.generated.models.networkaccess.cloud_firewall_source_ip_address import CloudFirewallSourceIpAddress
from msgraph_beta.generated.models.networkaccess.cloud_firewall_destination_matching import CloudFirewallDestinationMatching
from msgraph_beta.generated.models.networkaccess.cloud_firewall_destination_address import CloudFirewallDestinationAddress
from msgraph_beta.generated.models.networkaccess.cloud_firewall_destination_ip_address import CloudFirewallDestinationIpAddress
from msgraph_beta.generated.models.cloud_firewall_protocol import CloudFirewallProtocol
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = CloudFirewallRule(
	odata_type = "#microsoft.graph.networkaccess.cloudFirewallRule",
	name = "Block outbound to risky destinations",
	description = "Block traffic to specific IPs on common ports",
	priority = 100,
	action = CloudFirewallAction.Block,
	settings = CloudFirewallRuleSettings(
		status = SecurityRuleStatus.Enabled,
	),
	matching_conditions = CloudFirewallMatchingConditions(
		sources = CloudFirewallSourceMatching(
			addresses = [
				CloudFirewallSourceIpAddress(
					odata_type = "#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress",
					values = [
						"192.168.1.1",
						"192.168.0.0/16",
						"172.16.0.0-172.16.255.255",
					],
				),
			],
			ports = [
				"80",
				"443",
				"445-447",
			],
		),
		destinations = CloudFirewallDestinationMatching(
			addresses = [
				CloudFirewallDestinationIpAddress(
					odata_type = "#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress",
					values = [
						"10.0.0.1",
					],
				),
			],
			ports = [
				"80",
				"443",
				"445-447",
			],
			protocols = CloudFirewallProtocol.Tcp,
		),
	),
)

result = await graph_client.network_access.cloud_firewall_policies.by_cloud_firewall_policy_id('cloudFirewallPolicy-id').policy_rules.post(request_body)

Importante

Para obter detalhes sobre como adicionar o SDK ao seu projeto e criar uma instância authProvider, consulte a documentação do SDK.

Resposta

O exemplo a seguir mostra a resposta.

Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallRule",
  "id": "406ebb24-e229-4011-8240-e11bbaa4f49d",
  "name": "Block outbound to risky destinations",
  "description": "Block traffic to specific IPs on common ports",
  "priority": 100,
  "action": "block",
  "settings": {
    "status": "enabled"
  },
  "matchingConditions": {
    "sources": {
      "addresses": [
        {
          "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallSourceIpAddress",
          "values": ["192.168.1.1", "192.168.0.0/16", "172.16.0.0-172.16.255.255"]
        }
      ],
      "ports": ["80", "443", "445-447"]
    },
    "destinations": {
      "addresses": [
        {
          "@odata.type": "#microsoft.graph.networkaccess.cloudFirewallDestinationIpAddress",
          "values": ["10.0.0.1"]
        }
      ],
      "ports": ["80", "443", "445-447"],
      "protocols": "tcp"
    }
  }
}

Comentários

Esta página foi útil?

Last updated on 2026-04-15

Compartilhar via

Criar cloudFirewallRule

Permissões

Solicitação HTTP

Cabeçalhos de solicitação

Corpo da solicitação

Resposta

Exemplos

Solicitação

Resposta

Comentários

Recursos adicionais