PowerShell script to export/import the Azure Firewall Policy rules
Here’s a PowerShell script to export the Azure Firewall Policy rules from the East US region and import them to the West US region. The script assumes you have the necessary Azure modules installed and are authenticated.
powershellCopy code# Parameters for the source and destination
$eastSubscriptionId = "000-000-000-000"
$eastResourceGroupName = "east-rgname"
$eastFirewallPolicyName = "east-policyname"
$eastLocation = "East US"
$westSubscriptionId = "000-000-000-000"
$westResourceGroupName = "west-rgname"
$westFirewallPolicyName = "west-policyname"
$westLocation = "West US"
# Login to Azure
Connect-AzAccount
# Set the context to the source subscription
Set-AzContext -SubscriptionId $eastSubscriptionId
# Export the firewall policy from the East region
$eastFirewallPolicy = Get-AzFirewallPolicy -ResourceGroupName $eastResourceGroupName -Name $eastFirewallPolicyName
# Extract the rule collections
$networkRuleCollectionGroup = $eastFirewallPolicy.Properties.NetworkRuleCollections
$applicationRuleCollectionGroup = $eastFirewallPolicy.Properties.ApplicationRuleCollections
$dnatRuleCollectionGroup = $eastFirewallPolicy.Properties.DnatRuleCollections
# Set the context to the destination subscription
Set-AzContext -SubscriptionId $westSubscriptionId
# Create a new firewall policy in the West region
$westFirewallPolicy = New-AzFirewallPolicy -ResourceGroupName $westResourceGroupName -Name $westFirewallPolicyName -Location $westLocation -Sku AZFW_Hub -FirewallPolicyType "FirewallPolicy"
# Update the West firewall policy with the exported rule collections
$westFirewallPolicy.Properties.NetworkRuleCollections = $networkRuleCollectionGroup
$westFirewallPolicy.Properties.ApplicationRuleCollections = $applicationRuleCollectionGroup
$westFirewallPolicy.Properties.DnatRuleCollections = $dnatRuleCollectionGroup
# Apply the changes to the West firewall policy
Set-AzFirewallPolicy -InputObject $westFirewallPolicy
Write-Output "Firewall policy rules successfully exported from $eastLocation and imported to $westLocation."
Explanation:
- Set the parameters: The script defines parameters for the source (East US) and destination (West US) firewall policies.
- Login to Azure: Ensure you are authenticated to your Azure account.
- Set context to the source subscription: Use Set-AzContext to switch to the source subscription.
- Export the firewall policy: Retrieve the firewall policy and extract the rule collections.
- Set context to the destination subscription: Switch to the destination subscription.
- Create a new firewall policy: Create a new firewall policy in the destination region.
- Update the firewall policy: Assign the extracted rule collections to the new firewall policy.
- Apply the changes: Save the updated firewall policy to Azure.
Make sure you have the necessary permissions to access and modify Azure Firewall policies and that the Azure PowerShell module is installed and updated.