The following examples describe how Cloud Discovery & Visibility (CDV) imports Virtual WAN, Virtual Hub, Firewall, and Virtual Connection data into Address Manager from Microsoft Azure. In order to discover these items, you must set the Azure Virtual WANs, Hubs, and Firewalls option when configuring the job.
-
Virtual WANs: Imported as devices without an IP Address in a separate configuration of that Virtual WAN.
-
Virtual Hubs: Imported as IPv4 Blocks and network resources, including assigned IPv4 addresses.
-
Firewalls: Imported as devices with IPv4 Addresses. Only firewalls in Virtual WANs are imported.
-
Virtual Network Connections: Imported as converted UDLs (User-Defined Links) between a Virtual WAN device resource and an IPv4 Block of virtual networks. These UDLs have a Link Type Name of
CDV Device-Network Link.
When discovering these items in a specific resource group, CDV will get all Virtual WANs, Virtual Hubs, Firewalls, and Virtual Network Connections in that resource group. To discover Virtual Network Connections between a Virtual WAN in one resource group and a Virtual Network in another, you must run two additional, separate jobs in each resource group after the discovery job for the Virtual WAN completes.
Scheduled Discovery and Visibility jobs will detect changes to these items in the Azure network and make appropriate changes to resources in Address Manager. For example, if you add a new Virtual WAN to the Azure network, the visibility job will create a new separate configuration and device for it the next time it runs.
Imported Virtual WAN information
CDV imports Virtual WANs into Address Manager as a device without an IP Address in a separate Configuration for that Virtual WAN. The Virtual WAN includes the following information:
Name: A unique identifier for the Virtual WAN, based on its name in the Azure network.
Device Type: Microsoft Azure
Device Subtype: Virtual WAN
Availability Zone: The availability zone for the firewall.
Provisioning State: The provisioning state of the virtual hub.
CDV Device-Network Link: Lists the User-Defined Links (UDLs) between the Virtual WAN device and the Virtual Network IP block, and vice versa.
Branch-to-branch: If True, branch-to-branch traffic is allowed. If False, branch-to-branch traffic is not allowed.
Type: The type of Virtual WAN (Basic or Standard).
Imported Virtual Hub information
CDV imports Virtual Hubs as a series of IPv4 Blocks and network resources. The IPv4 Blocks include the following information:
Range: The assigned address range of the Virtual Hub.
Name: A unique identifier for the Virtual Hub. This name uses the following format:
<Region>/<Azure hub name>/Azure Private BlockRouting State: The routing state of the virtual hub.
Provisioning State: The provisioning state of the virtual hub.
Imported Firewall information
CDV imports the following Virtual Hub information into Address Manager:
Name: A unique identifier for the firewall. This name uses the following format:
AzureFirewall_<Azure hub name>Device Type: Microsoft Azure
Device Subtype: Firewall
IP Addresses: The IP address ranges covered by the firewall.
Availability Zone: The availability zone for the firewall.
Provisioning State: The provisioning state of the virtual hub.
Firewall Tier: The Firewall's tier (Basic, Standard, or Premium).