search

Azure / ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs
MIT License
734 stars 490 forks source link

Add support for Firewall Policy SNAT parameter #739

Open fhpx opened 4 months ago

fhpx commented 4 months ago

Describe the feature end to end, including deployment scenario details under which the feature would occur.

The resource firewallPolicies does not currently support the parameter snat.

Why is this feature important. Describe why this would be important for your organization and others. Would this impact similar orgs in the same way?

Adding "Manually specified IP ranges" to SNAT Exceptions in Azure Portal works fine. But since this is a property of the Firewall Policy this configuration will be removed during redeployment of the hubNetworking-module.

Please provide the correlation id associated with your error or bug.

No response

Can you describe any alternatives that you have taken since this feature does not exist?

Only option I see as of now is to manually re-add configuration in portal, after hubNetworking as been deployed. Another option would be to deploy a Route Server, and auto-learn private ranges. But it is not desirable to introduce a new paid resource, and dynamic routing, to solve this minor issue.

Feature Implementation

No response

Check previous GitHub issues

Code of Conduct

oZakari commented 4 months ago

Hey @fhpx, looking at this property it should be something we can incorporate. Will add this to the backlog. Thanks for reaching out!