Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
Route Table "FirewallDefaultRoute" not working with "Indexed" Azure Policies
Stefan Rapp
1
Reputation point
Hi,
Probably there is an issue regarding the "AzureFirewallManagementSubnet" in combination with "indexed" Azure Custom Policies.
Currently I am using an Azure Policy Definition with the mode indexed. Indexed means "only evaluate resource types that support tags and location". Surprisingly, the policy reports a resource with a GUID of the resource type microsoft.network/routetables in the Azure Compliance. If I want to analyze the resource me in Detail over the Azure Compliance Center the message "Resource not found" apprears. If I am using Azure CLI there is the following output:
{
"disableBgpRoutePropagation": true,
"etag": "W/\"7c7f5191-f945-4e69-ad54-d13a2ea813be\"",
"id": "/subscriptions/2c3b3c57-d1ac-4fee-b76a-594051275804/resourceGroups/rg-example-vnethub-we-prod/providers/Microsoft.Network/routeTables/5cde1dd7-7e4f-49d9-a762-dad457c2bbf3",
"location": null,
"name": "5cde1dd7-7e4f-49d9-a762-dad457c2bbf3",
"provisioningState": "Succeeded",
"resourceGroup": "rg-example-test-we-prod",
"resourceGuid": "2d4804eb-1ac4-44ca-b264-fde226f7152f",
"routes": [
{
"addressPrefix": "0.0.0.0/0",
"etag": "W/\"6c7f5190-f945-4d69-ad54-d13a2ef813be\"",
"hasBgpOverride": false,
"id": "/subscriptions/39cfca0b-9e00-4f51-9289-9ab3fa21f0dd/resourceGroups/rg-example-test-we-prod/providers/Microsoft.Network/routeTables/5cde1dd7-7e4f-49d9-a762-dad457c2bbf3/routes/FirewallDefaultRoute",
"name": "FirewallDefaultRoute",
"nextHopIpAddress": null,
"nextHopType": "Internet",
"provisioningState": "Succeeded",
"resourceGroup": "rg-example-test-we-prod",
"type": "Microsoft.Network/routeTables/routes"
}
],
"subnets": null,
"tags": null,
"type": "Microsoft.Network/routeTables"
},
Why is the resource reported as non-complient, if "location": null, and mode is indexed in the Azure Policy? Could you please double-check this special Type of Route Table for the FirewallDefaultRoute on Azure and provide me Feedback? Thx!
Best,
Stefan
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT 17,176 Reputation points2021-11-03T17:38:47.257+00:00 @StefanRapp-8883 Thank you for reaching out to Microsoft Q&A.
Itseems like the route table does not have a location which is causing this issue. Our backend team will try to add the location for the same manually and see if that helps with this issue. Can you please reach out to me via AzCommunity [at] microsoft dot com with subject: "ATTN: Sai Kishor" include your Azure subscription ID and a link to this forum thread (for context).
Along with that please include the following details in the email: Location of the firewall, Location of routetable and routetable resource id.Once you send the email, please leave a comment here. Thank you!
Sign in to comment