Azure Firewall does not define a firewall policy
Description
This policy verifies whether a firewall policy has been defined on the Azure platform. Not adhering to this policy could potentially expose a network to unauthorized access. This is dangerous because without a firewall policy, there aren't any rules that check the incoming and outgoing network traffic. As a result, this can potentially allow malicious users to access or disrupt services within the network. Hence, it is crucial to define a firewall policy to enhance security and protect the integrity of the network.
Code Example
hcl
resource "azurerm_firewall_policy" "example" {
name = "example"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
threat_intelligence_mode = "Alert"
}
resource "azurerm_firewall" "example" {
name = "example-firewall"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
+ firewall_policy_id = azurerm_firewall_policy.example.id
ip_configuration {
name = "configuration"
subnet_id = azurerm_subnet.example.id
public_ip_address_id = azurerm_public_ip.example.id
}
}Remediation
Terraform
- Resource: azurerm_firewall
- Arguments: firewall_policy_id
To fix this issue, you need to define and associate a firewall policy with your Azure Firewall.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0726 |
| Severity | MEDIUM |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AZURE_219 |