Here is an updated PowerShell script to backup the configuration of an Azure Firewall and make it exportable, including all rule collections, DNAT rules, network rules, and application rules:
# Variables $firewallName = "<firewall-name>" $resourceGroup = "<resource-group-name>" $backupPath = "<backup-path>" $backupFileName = "<backup-file-name>" # Authenticate to Azure Connect-AzAccount # Get the firewall object $firewall = Get-AzFirewall -Name $firewallName -ResourceGroupName $resourceGroup # Backup the firewall configuration $ruleCollections = Get-AzFirewallNetworkRuleCollection -Firewall $firewall $dnatRules = Get-AzFirewallDNATRule -Firewall $firewall $networkRules = Get-AzFirewallNetworkRule -Firewall $firewall $appRules = Get-AzFirewallApplicationRule -Firewall $firewall $firewallConfig = @{ Firewall = $firewall <p style="margin-left: 36pt;">RuleCollections = $ruleCollections</p> <p style="margin-left: 36pt;">DNATRules = $dnatRules</p> <p style="margin-left: 36pt;">NetworkRules = $networkRules</p> <p style="margin-left: 36pt;">ApplicationRules = $appRules }</p> # Export the configuration to a file $backupFilePath = Join-Path -Path $backupPath -ChildPath $backupFileName $firewallConfig | Export-Clixml -Path $backupFilePath Write-Host "Azure Firewall configuration backup saved to: $backupFilePath"
This script is similar to the previous script but includes additional commands to back up all rule collections, DNAT rules, network rules, and application rules associated with the firewall. First, the script retrieves the firewall object and then retrieves all the relevant rules using the Get-AzFirewallNetworkRuleCollection, Get-AzFirewallDNATRule, Get-AzFirewallNetworkRule, and Get-AzFirewallApplicationRule cmdlets. It then stores all the retrieved rules and the firewall object into a hash table called $firewallConfig.
The $firewallConfig hash table can then be exported to an XML file using the Export-Clixml cmdlet, just like in the previous script. To restore the backup to another Azure Firewall, you can use the Import-Clixml cmdlet to import the configuration from the XML file and then apply it to the firewall using the appropriate Set-AzFirewall* cmdlets for each type of rule.
Thanks,
John O’Neill Sr. rMVP