last sync: 2020-Jul-09 14:13:40 UTC

Azure Policy

Gateway subnets should not be configured with a network security group

Policy DisplayName Gateway subnets should not be configured with a network security group
Policy Id 35f9c03a-cc27-418e-9c0c-539ff999d010
Policy Category Network
Policy Description This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Fixed: deny
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab
Policy Rule
{
  "properties": {
    "displayName": "Gateway subnets should not be configured with a network security group",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.",
    "metadata": {
      "version": "1.0.0",
      "category": "Network"
    },
    "parameters": {
      
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Network/virtualNetworks/subnets"
          },
          {
            "field": "name",
            "equals": "GatewaySubnet"
          },
          {
            "field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id",
            "exists": "true"
          }
        ]
      },
      "then": {
        "effect": "deny"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "35f9c03a-cc27-418e-9c0c-539ff999d010"
}