diff --git a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md index 451df77c4..6ed815b61 100644 --- a/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md +++ b/infra-as-code/bicep/modules/hubNetworking/generateddocs/hubNetworking.bicep.md @@ -30,6 +30,7 @@ parAzFirewallAvailabilityZones | No | Availability Zones to deploy the Azu parAzErGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzVpnGatewayAvailabilityZones | No | Availability Zones to deploy the VPN/ER PIP across. Region must support Availability Zones to use. If it does not then leave empty. Ensure that you select a zonal SKU for the ER/VPN Gateway if using Availability Zones for the PIP. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. +parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parHubRouteTableName | No | Name of Route table to create for the default route of Hub. parDisableBgpRoutePropagation | No | Switch to enable/disable BGP Propagation on route table. parPrivateDnsZonesEnabled | No | Switch to enable/disable Private DNS Zones deployment. @@ -237,6 +238,12 @@ Switch to enable/disable Azure Firewall DNS Proxy. - Default value: `True` +### parAzFirewallDnsServers + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Array of custom DNS servers used by Azure Firewall + ### parHubRouteTableName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -456,6 +463,9 @@ outHubVirtualNetworkId | string | "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parHubRouteTableName": { "value": "[format('{0}-hub-routetable', parameters('parCompanyPrefix'))]" }, diff --git a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep index 50477e066..8aed5b3b8 100644 --- a/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep +++ b/infra-as-code/bicep/modules/hubNetworking/hubNetworking.bicep @@ -126,6 +126,9 @@ param parAzVpnGatewayAvailabilityZones array = [] @sys.description('Switch to enable/disable Azure Firewall DNS Proxy.') param parAzFirewallDnsProxyEnabled bool = true +@sys.description('Array of custom DNS servers used by Azure Firewall') +param parAzFirewallDnsServers array = [] + @sys.description('Name of Route table to create for the default route of Hub.') param parHubRouteTableName string = '${parCompanyPrefix}-hub-routetable' @@ -664,6 +667,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled + servers: parAzFirewallDnsServers } sku: { tier: parAzFirewallTier diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json index 686de4bd2..8e0908b17 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.all.json @@ -63,6 +63,9 @@ "parAzBastionSku": { "value": "Standard" }, + "parAzBastionTunneling": { + "value": false + }, "parAzBastionNsgName": { "value": "nsg-AzureBastionSubnet" }, @@ -96,6 +99,9 @@ "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parHubRouteTableName": { "value": "alz-hub-routetable" }, diff --git a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json index dd5b18b0a..2abd81ea3 100644 --- a/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json +++ b/infra-as-code/bicep/modules/hubNetworking/parameters/mc-hubNetworking.parameters.all.json @@ -63,6 +63,9 @@ "parAzBastionSku": { "value": "Standard" }, + "parAzBastionTunneling": { + "value": false + }, "parAzBastionNsgName": { "value": "nsg-AzureBastionSubnet" }, @@ -96,6 +99,9 @@ "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parHubRouteTableName": { "value": "alz-hub-routetable" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md index c8572a086..7ace5b05c 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md +++ b/infra-as-code/bicep/modules/vwanConnectivity/generateddocs/vwanConnectivity.bicep.md @@ -11,6 +11,7 @@ parCompanyPrefix | No | Prefix value which will be prepended to all resour parAzFirewallTier | No | Azure Firewall Tier associated with the Firewall to deploy. parVirtualHubEnabled | No | Switch to enable/disable Virtual Hub deployment. parAzFirewallDnsProxyEnabled | No | Switch to enable/disable Azure Firewall DNS Proxy. +parAzFirewallDnsServers | No | Array of custom DNS servers used by Azure Firewall parVirtualWanName | No | Prefix Used for Virtual WAN. parVirtualWanHubName | No | Prefix Used for Virtual WAN Hub. parVirtualWanHubs | No | Array Used for multiple Virtual WAN Hubs deployment. Each object in the array represents an individual Virtual WAN Hub configuration. Add/remove additional objects in the array to meet the number of Virtual WAN Hubs required. - `parVpnGatewayEnabled` - Switch to enable/disable VPN Gateway deployment on the respective Virtual WAN Hub. - `parExpressRouteGatewayEnabled` - Switch to enable/disable ExpressRoute Gateway deployment on the respective Virtual WAN Hub. - `parAzFirewallEnabled` - Switch to enable/disable Azure Firewall deployment on the respective Virtual WAN Hub. - `parVirtualHubAddressPrefix` - The IP address range in CIDR notation for the vWAN virtual Hub to use. - `parHubLocation` - The Virtual WAN Hub location. - `parHubRoutingPreference` - The Virtual WAN Hub routing preference. The allowed values are `ASN`, `VpnGateway`, `ExpressRoute`. - `parVirtualRouterAutoScaleConfiguration` - The Virtual WAN Hub capacity. The value should be between 2 to 50. - `parVirtualHubRoutingIntentDestinations` - The Virtual WAN Hub routing intent destinations, leave empty if not wanting to enable routing intent. The allowed values are `Internet`, `PrivateTraffic`. @@ -74,6 +75,12 @@ Switch to enable/disable Azure Firewall DNS Proxy. - Default value: `True` +### parAzFirewallDnsServers + +![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) + +Array of custom DNS servers used by Azure Firewall + ### parVirtualWanName ![Parameter Setting](https://img.shields.io/badge/parameter-optional-green?style=flat-square) @@ -276,6 +283,9 @@ outPrivateDnsZonesNames | array | "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parVirtualWanName": { "value": "[format('{0}-vwan-{1}', parameters('parCompanyPrefix'), parameters('parLocation'))]" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json index 72c6d0917..271df5c9a 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/mc-vwanConnectivity.parameters.all.json @@ -17,6 +17,9 @@ "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parVirtualWanName": { "value": "alz-vwan-chinaeast2" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json index 669e63de0..bbcc8f3ea 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.all.json @@ -17,6 +17,9 @@ "parAzFirewallDnsProxyEnabled": { "value": true }, + "parAzFirewallDnsServers": { + "value": [] + }, "parVirtualWanName": { "value": "alz-vwan-eastus" }, diff --git a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep index 6a965843c..423998401 100644 --- a/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep +++ b/infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep @@ -21,6 +21,9 @@ param parVirtualHubEnabled bool = true @sys.description('Switch to enable/disable Azure Firewall DNS Proxy.') param parAzFirewallDnsProxyEnabled bool = true +@sys.description('Array of custom DNS servers used by Azure Firewall') +param parAzFirewallDnsServers array = [] + @sys.description('Prefix Used for Virtual WAN.') param parVirtualWanName string = '${parCompanyPrefix}-vwan-${parLocation}' @@ -292,6 +295,7 @@ resource resFirewallPolicies 'Microsoft.Network/firewallPolicies@2023-02-01' = i } : { dnsSettings: { enableProxy: parAzFirewallDnsProxyEnabled + servers: parAzFirewallDnsServers } sku: { tier: parAzFirewallTier