Add Azure Firewall as an option - Bicep code development

[yahanda]

Overview/Summary

https://learn.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop?tabs=azure the need for inspecting and filtering egress traffic from AVD, but isn't this function typically a part of platform landing zone and the 'network hub', so it is deployed as part of platform foundation (different subscriptions), rather than AVD landing zone

This PR fixes/adds/changes/removes

1. Add the following features to bicep codes
   1. create Azure Firewall Policy and create Rule Collections for Network Rules and Application Rules to control Host pool outbound access.
   2. create Azure Firewall subnet in the existing hub vNet.
   3. create Azure Firewall with the created policy in the hub vNet.
2. Add the following UI to ARM templates
   1. CheckBox to deploy Azure Firewall in Hub vNet or not.
   2. TextBox to enter Azure Firewall Subnet address prefix.

Breaking Changes

1. N/A

Testing Evidence

Tested from the linke here: https://portal.azure.com/#blade/Microsoft_Azure_CreateUIDef/CustomDeploymentBlade/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fyahanda%2Favdaccelerator-bicep-edits%2Fmain%2Fworkload%2Farm%2Fdeploy-baseline.json/uiFormDefinitionUri/https%3A%2F%2Fraw.githubusercontent.com%2Fyahanda%2Favdaccelerator-bicep-edits%2Fmain%2Fworkload%2Fportal-ui%2Fportal-ui-baseline.json

1. The portal displays a new firewall option.

2. The deployment was successful.

3. Firewall and related resources successfully deployed.

As part of this Pull Request I have

• [x] Read the Contribution Guide and ensured this PR is compliant with the guide
• [x] Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• [x] Checked for duplicate Pull Requests
• [x] Associated it with relevant GitHub Issues
• [x] (AVD LZA Team Only) Associated it with relevant ADO Items
• [x] Ensured my code/branch is up-to-date with the latest changes in the main branch
• [x] Performed testing and provided evidence.
• [x] Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Docs etc.)

[danycontre]

@yahanda thanks for your contribution, we will review it and update you.

@jensheerin will ping you to make sure Bicep and TF AzFW code is aligned.

cc: @moisesjgomez

[danycontre]

@yahanda please sync your fork/branch with Azure/main.

[yahanda]

@danycontre I just synced with the latest changes into my branch. Thanks.

[moisesjgomez]

@yahanda Thank you for your contribution! Reviewing the PR and will let you know of any further updates

[yahanda]

Hi @moisesjgomez, I have updated it based on your advice. I would like to ask you to review my branch.

• We can choose to deploy Fw to either Hub vNet or another existing vNet.
• In both cases, the vNet is peered with AVD vNet and UDR on AVD subnet points to the Fw. Then, the Fw can control outbound network access.

Testing evidence 1) deploy Fw to Hub vnet

2) deploy Fw to another existing vNet

[yahanda]

Hi @danycontre, this doesn't seem to be merged yet. Can it be reopened?

CC: @swathibhat1