Azure Firewall - Add option to toggle between rule count and actual rules

[MatthewTownsend]

When you run ARI and it detects a firewall, it will log counts of the different type of rules instead of the actual rules. I think it would be pretty valuable from an inventory standpoint to have the actual rules logged as well.

Under AzureFirewall.ps1:

                            'NAT Rules'                         = [int]$data.natRuleCollections.Count;
                        'Application Rules'                 = [int]$data.applicationRuleCollections.Count;
                        'Network Rules'                     = [int]$data.networkRuleCollections.Count;

I understand any given firewall could have a ton of rules, so maybe there could be a switch or parameter that can toggle between RuleCount or ActualRules, depending on the needs of the user running ARI. Thank you.

[Claudio-Merola]

Hello there @MatthewTownsend ,

Thanks for the feedback, I will begin working in the next improvements for the tool mid April and I believe we can think in a way to include this. We also need to fix the Load Balancer reports, since we have the exact same problem but in the other situation, we are actually bringing every single rule and this module is breaking the script for larger environments.

But since this is definably an issue we must address I will make sure to include Azure Firewall in the discussion.

Thanks

[github-actions]

This Issue is stale and may be automatically close soon.

[Claudio-Merola]

Hello there @MatthewTownsend

I just made considerable improvements in the Azure Firewall module. Can you download and try the latest version of the script and see how it goes?

Thanks