Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FAST] Add basic NGFW enterprise stage #2410

Merged
merged 36 commits into from
Aug 1, 2024
Merged

[FAST] Add basic NGFW enterprise stage #2410

merged 36 commits into from
Aug 1, 2024

Conversation

LucaPrete
Copy link
Member

@LucaPrete LucaPrete commented Jul 6, 2024
edited
Loading

A few notes:

  • This is a separate L3 stage, so we don't duplicate code in networking stages
  • This is using network firewall policies in addition to legacy firewall rules deployed in stage 2. In the future, if and when we'll migrate to firewall policies, we'll be able create the policies in stage 2 and add the new rules we need to the same policy in this stage.
  • This PR doesn't take into account TLS inspection yet. It's complex and it would add many more pieces. To be added after this is merged, as a second step.

Checklist

I applicable, I acknowledge that I have:

  • Read the contributing guide
  • Ran terraform fmt on all modified files
  • Regenerated the relevant README.md files using tools/tfdoc.py
  • Made sure all relevant tests pass

@LucaPrete LucaPrete requested a review from juliocc July 6, 2024 13:11
Luca Prete added 2 commits July 26, 2024 14:40
@LucaPrete LucaPrete changed the title [FAST] Add optional NGFW enterprise support to networking stage (WIP) [FAST] Add basic NGFW enterprise stage Jul 29, 2024
@LucaPrete LucaPrete marked this pull request as ready for review July 29, 2024 21:48
ludoo
ludoo approved these changes Jul 31, 2024
View reviewed changes
Copy link
Collaborator

@ludoo ludoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving with a couple comments, we can discuss live if you want how/if to implement them (Julio also has comments)

fast/stages/3-network-security/variables.tf Outdated Show resolved Hide resolved
fast/stages/3-network-security/variables.tf Outdated Show resolved Hide resolved
fast/stages/3-network-security/main.tf Outdated Show resolved Hide resolved
fast/stages/3-network-security/main.tf Outdated Show resolved Hide resolved
juliocc
juliocc approved these changes Jul 31, 2024
View reviewed changes
Copy link
Collaborator

@juliocc juliocc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. The code is very clean and concise.

My only concern is the generous use of try as they tend to hide errors. Can you do a quick pass and remove those that are not necessary?

fast/stages/3-network-security/variables.tf Outdated Show resolved Hide resolved
fast/stages/3-network-security/main.tf Outdated Show resolved Hide resolved
fast/stages/3-network-security/main.tf Outdated Show resolved Hide resolved
@LucaPrete LucaPrete enabled auto-merge (squash) August 1, 2024 09:31
@LucaPrete LucaPrete merged commit 80f9ce6 into master Aug 1, 2024
17 checks passed
@LucaPrete LucaPrete deleted the ngfw branch August 1, 2024 09:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ludoo ludoo ludoo approved these changes

@juliocc juliocc juliocc approved these changes

@sruffilli sruffilli Awaiting requested review from sruffilli

@simonebruzzechesse simonebruzzechesse Awaiting requested review from simonebruzzechesse

Assignees
No one assigned
Labels
on:FAST
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@LucaPrete @ludoo @juliocc