Dtzemahweyl/Add new parameter -PrivateRange to New-AzFirewallPolicyIntrusionDetection

src/Network/Network.Test/Network.Test.csproj

@@ -14,7 +14,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Azure.Graph.RBAC" Version="3.4.0-preview" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="21.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="22.0.0" />
     <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
     <PackageReference Include="Microsoft.Azure.Management.KeyVault" Version="4.0.0-preview.1" />
     <PackageReference Include="Microsoft.Azure.Insights" Version="0.16.0-preview" />

src/Network/Network.Test/ScenarioTests/AzureFirewallPolicyTests.ps1

@@ -1436,7 +1436,7 @@ function Test-AzureFirewallPolicyPremiumFeatures {
         # Intrusion Detection Settings
         $bypass = New-AzFirewallPolicyIntrusionDetectionBypassTraffic -Name $bypassTestName -Protocol "TCP" -DestinationPort "80" -SourceAddress "10.0.0.0" -DestinationAddress "10.0.0.0"
         $sigOverride = New-AzFirewallPolicyIntrusionDetectionSignatureOverride -Id "123456798" -Mode "Deny"
-        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Alert" -SignatureOverride $sigOverride -BypassTraffic $bypass
+        $intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Alert" -SignatureOverride $sigOverride -BypassTraffic $bypass -PrivateRange @("10.0.0.0/8", "172.16.0.0/12")
 
         # Create AzureFirewallPolicy (with Intrusion Detection, TransportSecurity and Identity parameters)
         $azureFirewallPolicy = New-AzFirewallPolicy -Name $azureFirewallPolicyName -ResourceGroupName $rgname -Location $location -SkuTier $tier -IntrusionDetection $intrusionDetection  -UserAssignedIdentityId $identity.Id
@@ -1455,8 +1455,11 @@ function Test-AzureFirewallPolicyPremiumFeatures {
         Assert-AreEqual "Alert" $getAzureFirewallPolicy.IntrusionDetection.Mode
         Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides
         Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings
+        Write-Host $getAzureFirewallPolicy.IntrusionDetection.Configuration
+        Assert-NotNull $getAzureFirewallPolicy.IntrusionDetection.Configuration.PrivateRanges
         Assert-AreEqual "123456798" $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides[0].Id
         Assert-AreEqual "Deny" $getAzureFirewallPolicy.IntrusionDetection.Configuration.SignatureOverrides[0].Mode
+        Assert-AreEqual "10.0.0.0/8" $getAzureFirewallPolicy.IntrusionDetection.Configuration.PrivateRanges[0]
         Assert-AreEqual $bypassTestName $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].Name
         Assert-AreEqual "TCP" $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].Protocol
         Assert-AreEqual "80" $getAzureFirewallPolicy.IntrusionDetection.Configuration.BypassTrafficSettings[0].DestinationPorts[0]

src/Network/Network/AzureFirewallPolicy/IntrusionDetection/NewAzureFirewallPolicyIntrusionDetectionCommand.cs

@@ -55,6 +55,12 @@ public class NewAzureFirewallPolicyIntrusionDetectionCommand : NetworkBaseCmdlet
          )]
         public PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[] BypassTraffic { get; set; }
 
+        [Parameter(
+             Mandatory = false,
+             HelpMessage = "List of IDPS Private IP ranges."
+         )]
+        public string[] PrivateRange { get; set; }
+
         public override void Execute()
         {
             base.Execute();
@@ -64,12 +70,13 @@ public override void Execute()
                 Mode = this.Mode
             };
 
-            if (this.SignatureOverride?.Count() > 0 || this.BypassTraffic?.Count() > 0)
+            if (this.SignatureOverride?.Count() > 0 || this.BypassTraffic?.Count() > 0 || this.PrivateRange?.Count() > 0)
             {
                 intrusionDetection.Configuration = new PSAzureFirewallPolicyIntrusionDetectionConfiguration
                 {
                     SignatureOverrides = this.SignatureOverride?.ToList(),
-                    BypassTrafficSettings = this.BypassTraffic?.ToList()
+                    BypassTrafficSettings = this.BypassTraffic?.ToList(),
+                    PrivateRanges = this.PrivateRange?.ToList()
                 };
             }
 

src/Network/Network/ChangeLog.md

@@ -20,6 +20,8 @@
 
 ## Upcoming Release
 * Fixed `ArgumentNullException` in `Add-AzureRmRouteConfig` when `RouteTable.Routes` is null.
+* Updated `New-AzFirewallPolicyIntrusionDetection` cmdlet:
+    - Added parameter -PrivateRange
 
 ## Version 4.16.0
 * Added support for retrieving the state of packet capture even when the provisioning state of the packet capture was failure

src/Network/Network/Models/AzureFirewallPolicy/PSAzureFirewallPolicyIntrusionDetectionConfiguration.cs

@@ -13,6 +13,7 @@
 // limitations under the License.
 //
 
+using System;
 using System.Collections.Generic;
 
 namespace Microsoft.Azure.Commands.Network.Models
@@ -22,5 +23,8 @@ public class PSAzureFirewallPolicyIntrusionDetectionConfiguration
         public List<PSAzureFirewallPolicyIntrusionDetectionSignatureOverride> SignatureOverrides { get; set; }
 
         public List<PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting> BypassTrafficSettings { get; set; }
+
+        public List<string> PrivateRanges { get; set; }
+
     }
 }

src/Network/Network/Network.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk" ToolsVersion="Current">
 
   <PropertyGroup>
     <PsModuleName>Network</PsModuleName>
@@ -14,7 +14,7 @@
 
   <ItemGroup>
     <PackageReference Include="AutoMapper" Version="6.2.2" />
-    <PackageReference Include="Microsoft.Azure.Management.Network" Version="21.0.0" />
+    <PackageReference Include="Microsoft.Azure.Management.Network" Version="22.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Network/Network/help/New-AzFirewallPolicyIntrusionDetection.md

@@ -15,7 +15,7 @@ Creates a new Azure Firewall Policy Intrusion Detection to associate with Firewa
 ```
 New-AzFirewallPolicyIntrusionDetection -Mode <String>
  [-SignatureOverride <PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]>]
- [-BypassTraffic <PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]>]
+ [-BypassTraffic <PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]>] [-PrivateRange <String[]>]
  [-DefaultProfile <IAzureContextContainer>] [-WhatIf] [-Confirm] [<CommonParameters>]
 ```
 
@@ -48,13 +48,21 @@ New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroup TestRg -SkuTie
 
 This example creates intrusion detection with bypass traffic setting
 
+### Example 4: Create firewall policy with intrusion detection configured with private ranges setting
+```powershell
+$intrusionDetection = New-AzFirewallPolicyIntrusionDetection -Mode "Deny" -PrivateRange @("167.220.204.0/24", "167.221.205.101/32")
+New-AzFirewallPolicy -Name fp1 -Location "westus2" -ResourceGroup TestRg -SkuTier "Premium" -IntrusionDetection $intrusionDetection
+```
+
+This example creates intrusion detection with bypass traffic setting
+
 ## PARAMETERS
 
 ### -BypassTraffic
 List of rules for traffic to bypass.
 
 ```yaml
-Type: PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]
+Type: Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicyIntrusionDetectionBypassTrafficSetting[]
 Parameter Sets: (All)
 Aliases:
 
@@ -69,7 +77,7 @@ Accept wildcard characters: False
 The credentials, account, tenant, and subscription used for communication with Azure.
 
 ```yaml
-Type: IAzureContextContainer
+Type: Microsoft.Azure.Commands.Common.Authentication.Abstractions.Core.IAzureContextContainer
 Parameter Sets: (All)
 Aliases: AzContext, AzureRmContext, AzureCredential
 
@@ -84,7 +92,7 @@ Accept wildcard characters: False
 Intrusion Detection general state.
 
 ```yaml
-Type: String
+Type: System.String
 Parameter Sets: (All)
 Aliases:
 Accepted values: Off, Alert, Deny
@@ -96,11 +104,26 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -PrivateRange
+List of IDPS Private IP ranges.
+
+```yaml
+Type: System.String[]
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -SignatureOverride
 List of specific signatures states.
 
 ```yaml
-Type: PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]
+Type: Microsoft.Azure.Commands.Network.Models.PSAzureFirewallPolicyIntrusionDetectionSignatureOverride[]
 Parameter Sets: (All)
 Aliases:
 
@@ -115,7 +138,7 @@ Accept wildcard characters: False
 Prompts you for confirmation before running the cmdlet.
 
 ```yaml
-Type: SwitchParameter
+Type: System.Management.Automation.SwitchParameter
 Parameter Sets: (All)
 Aliases: cf
 
@@ -131,7 +154,7 @@ Shows what would happen if the cmdlet runs.
 The cmdlet is not run.
 
 ```yaml
-Type: SwitchParameter
+Type: System.Management.Automation.SwitchParameter
 Parameter Sets: (All)
 Aliases: wi