Azure Firewall should be deployed with a management public IP to support future feature set #4202
Comments
SvenAelterman
added
story
|
Does the Firewall Basic SKU support a management public IP? We are running our dev/test environments using the Firewall Basic SKU |
|
Actually, the Basic SKU requires it. It is also currently required for forced tunneling. |
|
@tamirkamara FYI re forced tunneling. Some of this exists - https://github.com/marrobi/AzureTRE/blob/397ab13d6e215e3902d8609175a4333f1c6825aa/core/terraform/network/network.tf#L142 |
|
@SvenAelterman what features require this? |
Not sure if they're already publicly announced. |
|
@SvenAelterman can you tick the first item off as already exists? And amend the issue title maybe? |
I should have known that, but I didn't. I wonder why the subnet already exists if it isn't used. |
SvenAelterman
changed the title
|
@SvenAelterman its needed so could use Basic SKU |
|
Great, that means most of the code is already there. Just need to remove any blockers for migration of an existing deployment. |
|
I believe this is the rest of it: #4238 |
|
That PR still puts conditions on when the I also don't see how existing deployments could be updated because there's no code that deallocates the FW during this process. (Or do we want customers to do this manually?) |
|
Why would be need to deallocate the firewall? |
Description
As a TRE Administrator
I need every firewall deployment to have a management public IP
So that I can use upcoming Azure Firewall features
Acceptance criteria
The text was updated successfully, but these errors were encountered: