Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Investigate if Basic Azure Firewall SKU can be used #2723

Closed
Tracked by #945
marrobi opened this issue Oct 11, 2022 · 6 comments · Fixed by #3107
Closed
Tracked by #945

Investigate if Basic Azure Firewall SKU can be used #2723

marrobi opened this issue Oct 11, 2022 · 6 comments · Fixed by #3107
Assignees

Comments

@marrobi
Copy link
Member

marrobi commented Oct 11, 2022

No description provided.

@tamirkamara
Copy link
Collaborator

Looks like there're a few requirements we need to meet:

  1. Use a management subnet (aka forced tunneling)
  2. Use Firewall Policy (migration from classic rules)

@marrobi
Copy link
Member Author

marrobi commented Jan 16, 2023

@tamirkamara think 1 could be covered by adding an additional address space for the shared service as we are now doing with workspace services.

@tamirkamara
Copy link
Collaborator

tamirkamara commented Jan 17, 2023

think 1 could be covered by adding an additional address space for the shared service as we are now doing with workspace services.

If we want things organized then this subnet should be in the core segment and not general-purpose TRE segment. @marrobi

@marrobi
Copy link
Member Author

marrobi commented Jan 20, 2023

As the core infra doesn't have TRE state wouldn't be able to add the additional address space to core vnet anyway.

I don't think we should be precious about the address space being in the core pieces, as firewall is actually a shared service.

@tamirkamara
Copy link
Collaborator

Not sure I understand what you meant, but it isn't possible today to get another address space in a shared service.

@tamirkamara
Copy link
Collaborator

At any case, I'm going to deal with this in an upcoming PR but must say I was surprised since one can't deallocated a Basic firewall like with the other SKUs. This means that for most non-24/7 deployments a Standard SKU is the cheapest option.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

Successfully merging a pull request may close this issue.

2 participants