last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Gateway subnets should not be configured with a network security group

Name Gateway subnets should not be configured with a network security group
Azure Portal
Id 35f9c03a-cc27-418e-9c0c-539ff999d010
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.
Mode All
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deny
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
HITRUST/HIPAA a169a624-5599-4385-a696-c8d643089fab Regulatory Compliance GA
JSON
{
  "displayName": "Gateway subnets should not be configured with a network security group",
  "policyType": "BuiltIn",
  "mode": "All",
  "description": "This policy denies if a gateway subnet is configured with a network security group. Assigning a network security group to a gateway subnet will cause the gateway to stop functioning.",
  "metadata": {
    "version": "1.0.0",
    "category": "Network"
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Network/virtualNetworks/subnets"
        },
        {
          "field": "name",
          "equals": "GatewaySubnet"
        },
        {
          "field": "Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id",
          "exists": "true"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}