Ensure a site-to-site VPN functionality by making use of Azure Virtual WAN

MEDIUM

Description

Dedicated WAN link is not configured for Azure virtual WAN connectivity, this may lead to a lower level of infrastructural security.

Remediation

The Virtual WAN type cannot be changed in the console UI once it is created. To change from a Basic to Standard WAN, follow the steps below to create a new resource.

In Azure Console -

Open the Azure Portal and go to Virtual WANs.
Select Create.
Under Virtual WAN details, select Standard from the drop down.
Configure as needed.

In Terraform -

In the azurerm_virtual_wan resource, set type to Standard.

References:
https://learn.microsoft.com/en-us/azure/virtual-wan/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_wan#type

Policy Details

Rule Reference ID: AC_AZURE_0353

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_virtual_wan

Resource Category: Virtual Network

Resource Type: Virtual WAN

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0

Detections

Analytics