The application gateway has no firewall configured

ID

azure_application_gateway_firewall

Severity

low

Vendor

Azure

Resource

Network

Tags

reachable

Description

The application gateway has no firewall configured. It is recommendable configure the sku property to enable the firewall.

Learn more about this topic at Azure Application Gateway SKU

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create instance of Application Gateway by looking up virtual network and subnet
      azure_rm_appgateway:
        resource_group: myResourceGroup
        name: myAppGateway
        gateway_ip_configurations:
          - subnet:
              name: default
              virtual_network_name: my-vnet
            name: app_gateway_ip_config
        frontend_ip_configurations:
          - subnet:
              name: default
              virtual_network_name: my-vnet
            name: sample_gateway_frontend_ip_config
        frontend_ports:
          - port: 90
            name: ag_frontend_port
        backend_address_pools:
          - backend_addresses:
              - ip_address: 10.0.0.4
            name: test_backend_address_pool
        backend_http_settings_collection:
          - port: 80
            protocol: http
            cookie_based_affinity: enabled
            name: sample_appgateway_http_settings
        http_listeners:
          - frontend_ip_configuration: sample_gateway_frontend_ip_config
            frontend_port: ag_frontend_port
            name: sample_http_listener
        request_routing_rules:
          - rule_type: Basic
            backend_address_pool: test_backend_address_pool
            backend_http_settings: sample_appgateway_http_settings
            http_listener: sample_http_listener
            name: rule1

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create instance of Application Gateway by looking up virtual network and subnet
      azure_rm_appgateway:
        resource_group: myResourceGroup
        name: myAppGateway
        sku:
          name: standard_small
          tier: standard
          capacity: 2
        gateway_ip_configurations:
          - subnet:
              name: default
              virtual_network_name: my-vnet
            name: app_gateway_ip_config
        frontend_ip_configurations:
          - subnet:
              name: default
              virtual_network_name: my-vnet
            name: sample_gateway_frontend_ip_config
        frontend_ports:
          - port: 90
            name: ag_frontend_port
        backend_address_pools:
          - backend_addresses:
              - ip_address: 10.0.0.4
            name: test_backend_address_pool
        backend_http_settings_collection:
          - port: 80
            protocol: http
            cookie_based_affinity: enabled
            name: sample_appgateway_http_settings
        http_listeners:
          - frontend_ip_configuration: sample_gateway_frontend_ip_config
            frontend_port: ag_frontend_port
            name: sample_http_listener
        request_routing_rules:
          - rule_type: Basic
            backend_address_pool: test_backend_address_pool
            backend_http_settings: sample_appgateway_http_settings
            http_listener: sample_http_listener
            name: rule1