Deployment of Application Gateway without Firewall returns error code "ApplicationGatewayFirewallNotConfiguredForSelectedSku"

Question

Deployment of Application Gateway without Firewall returns error code "ApplicationGatewayFirewallNotConfiguredForSelectedSku"

Mathias8610 opened this issue a year ago · 2 comments

Thanks
First of all, thanks to all the people contributing to this project. It's simply great and makes my life so much easier.

Describe the bug
I have a working deployment for AKS. When I add Application Gateway without a firewall (appGWenableFirewall=false), I get the following error:

ERROR: {"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Mic
rosoft.Resources/deployments/main","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see
https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"ApplicationGatewayFirewallNotConfiguredForSelectedSku","message":"Application Gateway
/subscriptions/e24ab5c3-e409-43da-b98f-f35128733a3e/resourceGroups/az-appgwtest/providers/Microsoft.Network/applicationGateways/agw-az-appgwtest with the selected SKU
tier WAF_v2 must have a valid WAF policy or configuration","details":[]}]}}

To Reproduce
Steps to reproduce the behavior:

Create Resource Group

az group create -l SwitzerlandNorth -n az-appgwtest

Deploy template with in-line parameters

az deployment group create -g az-appgwtest --template-uri https://github.com/Azure/AKS-Construction/releases/download/0.10.3/main.json --parameters resourceName=az-appgwtest
agentVMSize=Standard_DS2_v2 nodePoolName=npwin1
osType=Windows osSKU=Windows2022
osDiskType=Managed osDiskSizeGB=32
custom_vnet=true enableTelemetry=false
ingressApplicationGateway=true appGWcount=1
appGWsku=WAF_v2 appGWenableFirewall=false
automationAccountScheduledStartStop=Weekday

Expected behavior
I expect the deployment of a AKS integrated Application Gateway without the firewall feature.

Answer 1 · 2024-01-15T13:02:08.000Z

Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.

Answer 2 · 2024-01-15T13:02:26.000Z

Can be ignored. It works with the appGWsku=Standard_v2. Maybe a Check would make it more "Dummy-Safe" but with the correct SKU it works fine.