How to change default AppGwSslPolicyXXXXXXXX from Azure CLI

Question

How to change default AppGwSslPolicyXXXXXXXX from Azure CLI

Lyncheese 105

My subscription currently used "AppGwSslPolicy20150501" as the default policy when creating an Application Gateway
I need to change it to AppGwSslPolicy**20220101
**
This is needed because we have a custom policy which prevent App Gateway creation with TLS version lower or same as v1.1
Because of this policy, I cannot create the App Gateway at all

How to change the default AppGwSslPolicy from Azure CLI ?
So far, I see we can update it, but it is only for already created App Gateway

I want to avoid using REST API if possible and only use Azure CLI

KapilAnanth 49,851 Reputation points Moderator

2023-12-20T09:10:13.7366667+00:00
@Lyncheese

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to set the default TLS policy when creating an Application Gateway
AppGwSslPolicy20220101 using CLI.

Please note you cannot use Azure CLI to set a "default" TLS policy at subscription level.

Specifying a SSL Policy during App gateway creation itself is currently not feasible and is coming soon.

Refer : Default TLS policy

However, I see the default policy when a new App gateway is spun up is AppGwSslPolicy20220101

Which appears to match your requirement.

Is it not the case? Can you tell how you are confirming the default policy while deploying?

Cheers,

Kapil
Lyncheese 105 Reputation points

2023-12-21T01:05:22.56+00:00

@KapilAnanth-MSFT

I tried to create the App Gateway using Azure Portal
But as I said I keep getting error and prevent me from creating Application Gateway because of TLS version should be higher than v1.1
That is a custom company policy applied on the company Azure Account

So, I checked using the Azure CLI and login using company Azure Account and find this

As you can see, the default policy is still using 20150501

Is this related ?
If not then what should I do to mitigate this issue ?
KapilAnanth 49,851 Reputation points Moderator

2023-12-21T05:17:52.99+00:00
@Lyncheese

Thanks for the info.

I shall check internally regarding the default TLS version of the Application gateway deployed via Portal.

Meanwhile, you can consider using Azure Powershell to create an App gateway with the SSL policy defined.

See : Create an application gateway with a pre-defined TLS policy.

The entire script is available above.

New-AzApplicationGatewaySslPolicy creates a SSL Policy object.

You can use the above object while creating a new Application gateway

Hope this helps.

Please let me know if you are able to deploy the app gateway with a TLS policy as mentioned above.

Cheers,

Kapil
KapilAnanth 49,851 Reputation points Moderator

2023-12-26T07:03:25.55+00:00

@Lyncheese

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

Lyncheese 105

@KapilAnanth

Hi, Thanks for the response

Currently, I'm trying to use Azure Powershell
Unfortunately, I got another problem I need to debug


PS C:\Users\xxxxxxx> Connect-AzAccount
Connect-AzAccount : Method 'get_SerializationSettings' in type
'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly
'Microsoft.Azure.PowerShell.Clients.ResourceManager, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35' does not have an implementation.
At line:1 char:1
+ Connect-AzAccount
+ ~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Connect-AzAccount], TypeLoadException
    + FullyQualifiedErrorId : System.TypeLoadException,Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand

I need to debug this first and get back to you after try it

Lyncheese 105 Reputation points

2023-12-26T08:10:05.7666667+00:00

Testing
KapilAnanth 49,851 Reputation points Moderator

2023-12-27T04:43:35.3733333+00:00

@Lyncheese

Sure, please make sure you are using an updated version.

Cheers,

Kapil
Lyncheese 105 Reputation points

2023-12-27T04:45:59.18+00:00

@KapilAnanth

I already tried your suggestion.
It is not working out of the box right away but overall it is what I need for my question.

Thank you !

Answer accepted by question author

0 additional answers

Your answer

KapilAnanth 49,851 Reputation points Moderator

2023-12-20T09:10:13.7366667+00:00

@Lyncheese

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to set the default TLS policy when creating an Application Gateway
AppGwSslPolicy20220101 using CLI.

Please note you cannot use Azure CLI to set a "default" TLS policy at subscription level.

Specifying a SSL Policy during App gateway creation itself is currently not feasible and is coming soon.

Refer : Default TLS policy

However, I see the default policy when a new App gateway is spun up is AppGwSslPolicy20220101

Which appears to match your requirement.

Is it not the case? Can you tell how you are confirming the default policy while deploying?

Cheers,

Kapil
Lyncheese 105 Reputation points

2023-12-21T01:05:22.56+00:00

@KapilAnanth-MSFT

I tried to create the App Gateway using Azure Portal
But as I said I keep getting error and prevent me from creating Application Gateway because of TLS version should be higher than v1.1
That is a custom company policy applied on the company Azure Account

So, I checked using the Azure CLI and login using company Azure Account and find this

As you can see, the default policy is still using 20150501

Is this related ?
If not then what should I do to mitigate this issue ?
KapilAnanth 49,851 Reputation points Moderator

2023-12-21T05:17:52.99+00:00

@Lyncheese

Thanks for the info.

I shall check internally regarding the default TLS version of the Application gateway deployed via Portal.

Meanwhile, you can consider using Azure Powershell to create an App gateway with the SSL policy defined.

See : Create an application gateway with a pre-defined TLS policy.

The entire script is available above.

New-AzApplicationGatewaySslPolicy creates a SSL Policy object.

You can use the above object while creating a new Application gateway

Hope this helps.

Please let me know if you are able to deploy the app gateway with a TLS policy as mentioned above.

Cheers,

Kapil
KapilAnanth 49,851 Reputation points Moderator

2023-12-26T07:03:25.55+00:00

@Lyncheese

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.
Lyncheese 105 Reputation points

2023-12-26T08:07:52.7233333+00:00

@KapilAnanth

Hi, Thanks for the response

Currently, I'm trying to use Azure Powershell
Unfortunately, I got another problem I need to debug

PS C:\Users\xxxxxxx> Connect-AzAccount Connect-AzAccount : Method 'get_SerializationSettings' in type 'Microsoft.Azure.Management.Internal.Resources.ResourceManagementClient' from assembly 'Microsoft.Azure.PowerShell.Clients.ResourceManager, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' does not have an implementation. At line:1 char:1 + Connect-AzAccount + ~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Connect-AzAccount], TypeLoadException + FullyQualifiedErrorId : System.TypeLoadException,Microsoft.Azure.Commands.Profile.ConnectAzureRmAccountCommand

I need to debug this first and get back to you after try it
Lyncheese 105 Reputation points

2023-12-26T08:10:05.7666667+00:00

Testing
KapilAnanth 49,851 Reputation points Moderator

2023-12-27T04:43:35.3733333+00:00

@Lyncheese

Sure, please make sure you are using an updated version.

Cheers,

Kapil
Lyncheese 105 Reputation points

2023-12-27T04:45:59.18+00:00

@KapilAnanth

I already tried your suggestion.
It is not working out of the box right away but overall it is what I need for my question.

Thank you !

Answer 1

@Lyncheese

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to set the default TLS policy when creating an Application Gateway
AppGwSslPolicy20220101 using CLI.

Please note you cannot use Azure CLI to set a "default" TLS policy at subscription level.

Specifying a SSL Policy during App gateway creation itself is currently not feasible and is coming soon.
Refer : Default TLS policy

At the case, where a policy is blocking creation of App gateway with certain SSL Policy,

You can consider using Azure Powershell to create an App gateway with the SSL policy defined.
See : Create an application gateway with a pre-defined TLS policy.
A similar CLI Parameter is currently available, I have informed our Product Team about this.

The entire script is available above.

New-AzApplicationGatewaySslPolicy creates a SSL Policy object.
You can use the above object while creating a new Application gateway

Hope this helps.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

Share via

How to change default AppGwSslPolicyXXXXXXXX from Azure CLI

0 additional answers

Your answer