research-hub/azure-firewall-rules/AzurePlatform.jsonc

{ "AzureCloud": [ { "name": "AzurePortal_App", "priority": 1000, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "Azure_Portal", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "*.portal.azure.com", "*.portal.azure.net", "portal.azure.com", "portal.azure.net", "catalogartifact.azureedge.net", "afd-v2.hosting.portal.azure.net" ], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Azure_ARM_API", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": ["management.azure.com"], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Billing", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": ["service.bmx.azure.com"], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "Monitor_App", "priority": 500, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "Monitor", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "*.monitor.core.windows.net", "portal.loganalytics.io", "api.loganalytics.io" ], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Azure Monitor Agent", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "global.handler.control.monitor.azure.com", "{{vmRegionName}}.handler.control.monitor.azure.com", "{{logAnalyticsWorkspaceId}}.ods.opinsights.azure.com" ], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "AzureKMS_NW", "priority": 400, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "NetworkRule", "name": "AzureKMS_IP", "ipProtocols": ["TCP"], "sourceIpGroups": ["{{ipAddressPool}}"], "destinationIpGroups": [], "destinationAddresses": ["40.83.235.53", "20.118.99.224"], "destinationPorts": ["1688"] } ] }, { "name": "AzureVirtualIP_NW", "priority": 410, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "NetworkRule", "name": "AzureVirtualIP", "ipProtocols": ["TCP"], "sourceIpGroups": ["{{ipAddressPool}}"], "destinationIpGroups": [], "destinationAddresses": ["168.63.129.16"], "destinationPorts": ["*"] } ] } ], "AzureUSGovernment": [ { "name": "AzurePortal_App", "priority": 1000, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "AzurePortal_App", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "*.portal.azure.us", "portal.azure.us", "ext.core.security.azure.us", "hosting.azureportal.usgovcloudapi.net", "reactblade.azureportal.usgovcloudapi.net", "iam.hosting.azureportal.usgovcloudapi.net" ], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Azure_ARM_API", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": ["management.usgovcloudapi.net"], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Billing", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": ["service.bmx.azure.com"], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "Monitor_App", "priority": 500, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "ApplicationRule", "name": "Monitor", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": ["api.loganalytics.us", "portal.loganalytics.us"], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] }, { "ruleType": "ApplicationRule", "name": "Azure Monitor Agent", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "fqdnTags": [], "webCategories": [], "targetFqdns": [ "global.handler.control.monitor.azure.us", "{{vmRegionName}}.handler.control.monitor.azure.us", "{{logAnalyticsWorkspaceId}}.ods.opinsights.azure.us" ], "targetUrls": [], "terminateTLS": false, "destinationAddresses": [], "sourceIpGroups": ["{{ipAddressPool}}"] } ] }, { "name": "AzureKMS_NW", "priority": 1500, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Allow" }, "rules": [ { "ruleType": "NetworkRule", "name": "AzureKMS_IP", "ipProtocols": ["TCP"], "sourceIpGroups": ["{{ipAddressPool}}"], "destinationIpGroups": [], "destinationAddresses": ["52.126.105.2"], "destinationPorts": ["1688"] } ] } ] }

research-hub/azure-firewall-rules/AzurePlatform.jsonc (339 lines of code) (raw):