Azure firewall Subnet out of scope from Adress Space #731
Comments
|
May be related to my issue reported in #716 |
|
Hi @tcardosoMSFT, My Error message (one of many) |
|
Thanks. We have some known gaps in the cidr validation on the client side, and are looking to use new controls to capture this in the portal prior to submitting the deployment. |
|
There is some regex validation that has been done as part of the Data Management Landing Zones here - https://github.com/Azure/data-management-zone/blob/main/docs/reference/portal.dataManagementZone.json that would help here
|
krnese
added
engineering
|
@tulpy & @krnese In ESA we are currently only validating whether the address range is valid and large enough. We are not yet checking, whether there is any overlap etc. This is potentially something that can be done, but it will become quite complex. Let us evaluate how we can further enhance the experience for users, who are not that familiar with network address ranges. |
|
@tulpy, @krnese & @daltondhcp I worked on a rudimentary validation. See my analysis here as well as the linked PRs: Azure/data-management-zone#148 Let me know, whether this is something we also want to include in ESLZ. This will mitigate the issue reported above. |
ghost
locked as resolved and limited conversation to collaborators
Describe the bug
When deploy a azure firewall out of the address space pass of validate without issue.
the issue occur:
"message\\\": \\\"Subnet 'AzureFirewallSubnet' is not valid in virtual network 'example-hub-eastus'.
Steps to reproduce
1.deploy a hUb and Scope landing zone.
2. in network deploy a address space 10.0.0.1/18
3. Deploy a Azure firewall in the subnet out of the address space linke 10.100.0.1/24
the validate pass without issue. the deployment will failed in the virtual network deployment.
Screenshots
The text was updated successfully, but these errors were encountered: