diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 0f68d217d..bab8c10d1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,6 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -206,6 +207,16 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` +### parAzFirewallIntelMode + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. + +- Default value: `Alert` + +- Allowed values: `Alert`, `Deny`, `Off` + ### parAzFirewallAvailabilityZones ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -451,6 +462,9 @@ outHubVirtualNetworkId | string | "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 6bc2e09e1..c3f4bb755 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -99,6 +99,14 @@ param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLo ]) param parAzFirewallTier string = 'Standard' +@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') +@allowed([ + 'Alert' + 'Deny' + 'Off' +]) +param parAzFirewallIntelMode string = 'Alert' + @allowed([ '1' '2' @@ -677,6 +685,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: 'Alert' } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled @@ -685,6 +694,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: parAzFirewallIntelMode } } diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index 87c8e8a14..15c61e4a5 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -87,6 +87,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json index d0ea43f5e..fcf545007 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json @@ -54,6 +54,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json index 60d9c6490..0d0bd5957 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json @@ -87,6 +87,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json index c16d37ab6..fe76ea4a1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json @@ -57,6 +57,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 3d59d18a4..c86a03b87 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,6 +9,7 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall @@ -59,6 +60,16 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` +### parAzFirewallIntelMode + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. + +- Default value: `Alert` + +- Allowed values: `Alert`, `Deny`, `Off` + ### parVirtualHubEnabled ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -278,6 +289,9 @@ outAzFwPrivateIps | array | "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 271df5c9a..d61076fee 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json index bfb71011b..653ed1b92 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index 82fe9a96d..34c82616c 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json index bdfe0344c..a9ee9ea2d 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json @@ -8,6 +8,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parAzFirewallIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep index 92e90247d..1b7bfb36b 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep @@ -21,6 +21,7 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = { params: { parLocation: parLocation parAzFirewallTier: 'Standard' + parAzFirewallIntelMode: 'Alert' parVirtualHubEnabled: true parVirtualWanHubs: [ { parVpnGatewayEnabled: true diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 012182361..84e683cae 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -15,6 +15,14 @@ param parCompanyPrefix string = 'alz' ]) param parAzFirewallTier string = 'Standard' +@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') +@allowed([ + 'Alert' + 'Deny' + 'Off' +]) +param parAzFirewallIntelMode string = 'Alert' + @sys.description('Switch to enable/disable Virtual Hub deployment.') param parVirtualHubEnabled bool = true @@ -296,6 +304,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: 'Alert' } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled @@ -304,6 +313,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: parAzFirewallIntelMode } }