Closed MilesCameron-DMs closed 6 months ago
Hey @MilesCameron-DMs! This sounds like something that they VWAN product group may have to incorporate as it's specific to the resource provider.
Could you possibly share what 3rd party NVA you are utilizing? Also, were you able to configure this manually and if so, could you possibly export to ARM?
Agreed - it should be one for the vWAN product group - i thought it wise to post in here for anyone following ALZ that did want to use a third party appliance as a way to track it.
The NVA is Checkpoint but i see Fortinet is also supported:
It seems that when the third party appliance is installed, it populates this property but if you then run the vWAN code for ALZ, specifically the VWAN hub resource type, is removes this property. It would be worth testing as i didn't want to chance deploying, i have just done a whatif.
I can export the ARM if you like, it needs to use a later version of the API to support this property - let me know how i can share is with you if you need it.
Even if you we don't solve this via the code for now, it would be good to provide guidance for others looking to deploy an NVA in the vWAN hub.
Happy to help if you need anything further from me π
Thanks for the clarification @MilesCameron-DMs, I have created a spike for next sprint to investigate this and determine if there is anything we can do to help with incorporating into the VWAN module. Otherwise, we can at least update the documentation to give people a heads up. Will link to PR when we get it sorted out.
Thats great, thanks @oZakari
More than happy to help further if you need me π
Linking ADO work item AB#31398 which is just waiting to be picked up by someone.
β Successfully linked to Azure Boards work item(s):
Hi @MilesCameron-DMs, @marcosgm went through and validated in his test environment that you can manually install a 3rd party NVA after deploying the ALZ-Bicep VWAN module as you noted. He did confirm that re-running the module after the installation of the 3rd party NVA does not break the integration.
He also investigated and determined that there doesn't appear to be any Bicep/ARM for the NVAs within VWAN Hub . Instead, it appears the NVA type points to the VWAN Hub resource ID. As such, we won't be able to incorporate the 3rd party NVAs, as it involves calling for Marketplace solutions and configuring the purchase options for each NVA.
Describe the feature end to end, including deployment scenario details under which the feature would occur.
The current code supports Azure Firewall in the Virtual WAN hub but not other supported third parties.
I have changed our code to support another vendor, however i have found a property in the
Microsoft.Network/virtualHubs
API that is not configurable (or listed even!) at the moment - namelynetworkVirtualAppliances
Why is this feature important. Describe why this would be important for your organization and others. Would this impact similar orgs in the same way?
Any companies looking to use a third party NVA in the virtual WAN hub at this point will not be able to run the code as, from what i can see, it will remove the appliance.
I am looking for a way to test this at the moment without breaking our environment.
Please provide the correlation id associated with your error or bug.
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Can you describe any alternatives that you have taken since this feature does not exist?
I am looking at a workaround, possibly where the code ignores certain properties - i can see there is a bool for ignoring it but this means we cant change the tags or any properties so is not clean.
Feature Implementation
No response
Check previous GitHub issues
Code of Conduct