From d55dbd518a73c9eec08f7f974510eb5577114f7b Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 5 Oct 2023 00:01:53 -0500 Subject: [PATCH 1/7] Add threat intel mode property for applicable firewall resources --- .../generateddocs/hubNetworking.bicep.md | 14 ++++++++++++++ .../modules/hubNetworking/hubNetworking.bicep | 10 ++++++++++ .../parameters/hubNetworking.parameters.all.json | 3 +++ .../parameters/hubNetworking.parameters.min.json | 3 +++ .../mc-hubNetworking.parameters.all.json | 3 +++ .../mc-hubNetworking.parameters.min.json | 3 +++ .../generateddocs/vwanConnectivity.bicep.md | 13 ++++++++++++- .../mc-vwanConnectivity.parameters.all.json | 3 +++ .../mc-vwanConnectivity.parameters.min.json | 3 +++ .../vwanConnectivity.parameters.all.json | 3 +++ .../vwanConnectivity.parameters.min.json | 3 +++ .../vwanConnectivity/samples/baseline.sample.bicep | 1 + .../vwanConnectivity/vwanConnectivity.bicep | 10 ++++++++++ 13 files changed, 71 insertions(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 6ed815b61..b131a097a 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,6 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parThreatIntelMode | No | Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -206,6 +207,16 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` +### parThreatIntelMode + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. + +- Default value: `Alert` + +- Allowed values: `Alert`, `Deny`, `Off` + ### parAzFirewallAvailabilityZones ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -451,6 +462,9 @@ outHubVirtualNetworkId | string | "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode":{ + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 8aed5b3b8..3ab4e24dc 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -99,6 +99,14 @@ param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLo ]) param parAzFirewallTier string = 'Standard' +@sys.description('The Azure Firewall threat Intelligence mode to enable.') +@allowed([ + 'Alert' + 'Deny' + 'Off' +]) +param parThreatIntelMode string = 'Alert' + @allowed([ '1' '2' @@ -672,6 +680,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: parThreatIntelMode } } @@ -738,6 +747,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = if (pa firewallPolicy: { id: resFirewallPolicies.id } + threatIntelMode: parThreatIntelMode } } diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index 8e0908b17..19134478b 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -87,6 +87,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json index d0ea43f5e..528e89638 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json @@ -54,6 +54,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json index 2abd81ea3..97f8d8b72 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json @@ -87,6 +87,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json index c16d37ab6..1c416d5fa 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json @@ -57,6 +57,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parAzFirewallAvailabilityZones": { "value": [] }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 0da985c3e..887816430 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,12 +9,13 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. +parThreatIntelMode | No | Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayName | No | Prefix Used for VPN Gateway. parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. parAzFirewallName | No | Azure Firewall Name. @@ -59,6 +60,16 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` +### parThreatIntelMode + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. + +- Default value: `Alert` + +- Allowed values: `Alert`, `Deny`, `Off` + ### parVirtualHubEnabled ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 271df5c9a..802c42888 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json index bfb71011b..2b7c1784d 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index bbcc8f3ea..cf88997bd 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -11,6 +11,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json index bdfe0344c..0eee8e894 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json @@ -8,6 +8,9 @@ "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep index ebff7adaa..29a2ca7ce 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep @@ -21,6 +21,7 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = { params: { parLocation: parLocation parAzFirewallTier: 'Standard' + parThreatIntelMode: 'Alert' parVirtualHubEnabled: true parVirtualWanHubs:[{ parVpnGatewayEnabled: true diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 26f109003..aed50957c 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -15,6 +15,14 @@ param parCompanyPrefix string = 'alz' ]) param parAzFirewallTier string = 'Standard' +@sys.description('The Azure Firewall threat Intelligence mode to enable.') +@allowed([ + 'Alert' + 'Deny' + 'Off' +]) +param parThreatIntelMode string = 'Alert' + @sys.description('Switch to enable/disable Virtual Hub deployment.') param parVirtualHubEnabled bool = true @@ -303,6 +311,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: parThreatIntelMode } } @@ -327,6 +336,7 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for ( firewallPolicy: { id: (parVirtualHubEnabled && hub.parAzFirewallEnabled) ? resFirewallPolicies.id : '' } + threatIntelMode: parThreatIntelMode } }] From 924b007b337a06cce8e91f7e12a23df133a48a85 Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Oct 2023 05:06:23 +0000 Subject: [PATCH 2/7] Generate Parameter Markdowns [oZakari/b0409faa] --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 6 +++--- .../generateddocs/vwanConnectivity.bicep.md | 9 ++++++--- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index b131a097a..67fd5a292 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,7 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parThreatIntelMode | No | Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. +parThreatIntelMode | No | The Azure Firewall threat Intelligence mode to enable. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -211,7 +211,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. +The Azure Firewall threat Intelligence mode to enable. - Default value: `Alert` @@ -462,7 +462,7 @@ outHubVirtualNetworkId | string | "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode":{ + "parThreatIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 887816430..eec0ce646 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,13 +9,13 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parThreatIntelMode | No | Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. +parThreatIntelMode | No | The Azure Firewall threat Intelligence mode to enable. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayName | No | Prefix Used for VPN Gateway. parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. parAzFirewallName | No | Azure Firewall Name. @@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -Threat Intelligence Mode for Azure Firewall. If not specified, the default value is Alert. +The Azure Firewall threat Intelligence mode to enable. - Default value: `Alert` @@ -289,6 +289,9 @@ outAzFwPrivateIps | array | "parAzFirewallTier": { "value": "Standard" }, + "parThreatIntelMode": { + "value": "Alert" + }, "parVirtualHubEnabled": { "value": true }, From a3b8c7d70b77b55403e1f60636e73f7d5c28887b Mon Sep 17 00:00:00 2001 From: Jack Tracey <41163455+jtracey93@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:23:45 +0100 Subject: [PATCH 3/7] Apply suggestions from code review --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 1 - .../bicep/modules/vwanConnectivity/vwanConnectivity.bicep | 1 - 2 files changed, 2 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 5a66a95c6..0be4d581f 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -760,7 +760,6 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = if (pa firewallPolicy: { id: resFirewallPolicies.id } - threatIntelMode: parThreatIntelMode } } diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 199c48e2c..8ee75f9fe 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -337,7 +337,6 @@ resource resAzureFirewall 'Microsoft.Network/azureFirewalls@2023-02-01' = [for ( firewallPolicy: { id: (parVirtualHubEnabled && hub.parAzFirewallEnabled) ? resFirewallPolicies.id : '' } - threatIntelMode: parThreatIntelMode } }] From a2bd8a118d6562144b26b1000dfb6eea45575b7a Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 5 Oct 2023 09:51:58 -0500 Subject: [PATCH 4/7] Include firewall name convention for threat mode intelligence --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 6 +++--- .../bicep/modules/hubNetworking/hubNetworking.bicep | 4 ++-- .../parameters/hubNetworking.parameters.all.json | 2 +- .../parameters/hubNetworking.parameters.min.json | 2 +- .../parameters/mc-hubNetworking.parameters.all.json | 2 +- .../parameters/mc-hubNetworking.parameters.min.json | 2 +- .../generateddocs/vwanConnectivity.bicep.md | 8 ++++---- .../parameters/mc-vwanConnectivity.parameters.all.json | 2 +- .../parameters/mc-vwanConnectivity.parameters.min.json | 2 +- .../parameters/vwanConnectivity.parameters.all.json | 2 +- .../parameters/vwanConnectivity.parameters.min.json | 2 +- .../vwanConnectivity/samples/baseline.sample.bicep | 2 +- .../bicep/modules/vwanConnectivity/vwanConnectivity.bicep | 4 ++-- 13 files changed, 20 insertions(+), 20 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 80f41baef..d6106ac3a 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,7 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parThreatIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -207,7 +207,7 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` -### parThreatIntelMode +### parAzFirewallIntelMode ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -462,7 +462,7 @@ outHubVirtualNetworkId | string | "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 0be4d581f..99c3a33ca 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -105,7 +105,7 @@ param parAzFirewallTier string = 'Standard' 'Deny' 'Off' ]) -param parThreatIntelMode string = 'Alert' +param parAzFirewallIntelMode string = 'Alert' @allowed([ '1' @@ -693,7 +693,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } - threatIntelMode: parThreatIntelMode + threatIntelMode: parAzFirewallIntelMode } } diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index 1d0e6d1b5..15c61e4a5 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -87,7 +87,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json index 528e89638..fcf545007 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.min.json @@ -54,7 +54,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json index 50ba57111..0d0bd5957 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json @@ -87,7 +87,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json index 1c416d5fa..fe76ea4a1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.min.json @@ -57,7 +57,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parAzFirewallAvailabilityZones": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 0216128b8..3ccfe5684 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,13 +9,13 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parThreatIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayName | No | Prefix Used for VPN Gateway. parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. parAzFirewallName | No | Azure Firewall Name. @@ -60,7 +60,7 @@ Azure Firewall Tier associated with the Firewall to deploy. - Allowed values: `Basic`, `Standard`, `Premium` -### parThreatIntelMode +### parAzFirewallIntelMode ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -289,7 +289,7 @@ outAzFwPrivateIps | array | "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parVirtualHubEnabled": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 802c42888..d61076fee 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -11,7 +11,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parVirtualHubEnabled": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json index 2b7c1784d..653ed1b92 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.min.json @@ -11,7 +11,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parVirtualHubEnabled": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index 0e6dd78f6..34c82616c 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -11,7 +11,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parVirtualHubEnabled": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json index 0eee8e894..a9ee9ea2d 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.min.json @@ -8,7 +8,7 @@ "parAzFirewallTier": { "value": "Standard" }, - "parThreatIntelMode": { + "parAzFirewallIntelMode": { "value": "Alert" }, "parVirtualHubEnabled": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep index 5c841372a..1b7bfb36b 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/samples/baseline.sample.bicep @@ -21,7 +21,7 @@ module minimum_vwan_conn '../vwanConnectivity.bicep' = { params: { parLocation: parLocation parAzFirewallTier: 'Standard' - parThreatIntelMode: 'Alert' + parAzFirewallIntelMode: 'Alert' parVirtualHubEnabled: true parVirtualWanHubs: [ { parVpnGatewayEnabled: true diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 8ee75f9fe..100ce4bcb 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -21,7 +21,7 @@ param parAzFirewallTier string = 'Standard' 'Deny' 'Off' ]) -param parThreatIntelMode string = 'Alert' +param parAzFirewallIntelMode string = 'Alert' @sys.description('Switch to enable/disable Virtual Hub deployment.') param parVirtualHubEnabled bool = true @@ -312,7 +312,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } - threatIntelMode: parThreatIntelMode + threatIntelMode: parAzFirewallIntelMode } } From e0d2187ec94842e39b36bfbc326225785a6dc895 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 5 Oct 2023 10:08:48 -0500 Subject: [PATCH 5/7] Updates to threat mode for firewall tiers --- infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep | 3 ++- .../bicep/modules/vwanConnectivity/vwanConnectivity.bicep | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 99c3a33ca..c3f4bb755 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -99,7 +99,7 @@ param parAzFirewallPoliciesName string = '${parCompanyPrefix}-azfwpolicy-${parLo ]) param parAzFirewallTier string = 'Standard' -@sys.description('The Azure Firewall threat Intelligence mode to enable.') +@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') @allowed([ 'Alert' 'Deny' @@ -685,6 +685,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: 'Alert' } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 100ce4bcb..84e683cae 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -15,7 +15,7 @@ param parCompanyPrefix string = 'alz' ]) param parAzFirewallTier string = 'Standard' -@sys.description('The Azure Firewall threat Intelligence mode to enable.') +@sys.description('The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert.') @allowed([ 'Alert' 'Deny' @@ -304,6 +304,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i sku: { tier: parAzFirewallTier } + threatIntelMode: 'Alert' } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled From 179e7a2f86e46e69e4c7fda2044938664c6a932a Mon Sep 17 00:00:00 2001 From: github-actions <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:20:21 +0000 Subject: [PATCH 6/7] Generate Parameter Markdowns [oZakari/8dbc3dac] --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 4 ++-- .../generateddocs/vwanConnectivity.bicep.md | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index d6106ac3a..bab8c10d1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,7 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -211,7 +211,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall threat Intelligence mode to enable. +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. - Default value: `Alert` diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 3ccfe5684..c86a03b87 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,13 +9,13 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. -parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. +parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. parVpnGatewayName | No | Prefix Used for VPN Gateway. parExpressRouteGatewayName | No | Prefix Used for ExpressRoute Gateway. parAzFirewallName | No | Azure Firewall Name. @@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall threat Intelligence mode to enable. +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. - Default value: `Alert` From 4b352fdcddcbbabc7dec7376a51abf1b18c962d5 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 5 Oct 2023 10:25:19 -0500 Subject: [PATCH 7/7] Manually change threat mode docs --- .../hubNetworking/generateddocs/hubNetworking.bicep.md | 4 ++-- .../vwanConnectivity/generateddocs/vwanConnectivity.bicep.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index d6106ac3a..bab8c10d1 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -26,7 +26,7 @@ parAzFirewallEnabled | No | Switch to enable/disable Azure Firewall deploy parAzFirewallName | No | Azure Firewall Name. parAzFirewallPoliciesName | No | Azure Firewall Policies Name. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azure Firewall across. Region must support Availability Zones to use. If it does not then leave empty. parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. @@ -211,7 +211,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall threat Intelligence mode to enable. +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. - Default value: `Alert` diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index 3ccfe5684..fb850107a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -9,7 +9,7 @@ Parameter name | Required | Description parLocation | No | Region in which the resource group was created. parCompanyPrefix | No | Prefix value which will be prepended to all resource names. parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. -parAzFirewallIntelMode | No | The Azure Firewall threat Intelligence mode to enable. +parAzFirewallIntelMode | No | The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall @@ -64,7 +64,7 @@ Azure Firewall Tier associated with the Firewall to deploy. ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) -The Azure Firewall threat Intelligence mode to enable. +The Azure Firewall Threat Intelligence Mode. If not set, the default value is Alert. - Default value: `Alert`