Add Option to select Firewall SKU (#793)

* Added Stream Analytics Custom Policies

* update to be consistent with eslz

* synch with azure main

* Added dataPolicies.json

* * updated policy definition for private endpoints
* removed policies from policies.json

* added databricks policies

* removed single policy definition files

* removed initiatives resource

* Add Option to select Firewall SKU

* added docs

* updated label for firewall sku

* updating azure firewall tier tooltip

docs/wiki/Whats-new.md

@@ -30,6 +30,24 @@ This article will be updated as and when changes are made to the above and anyth
 
 Here's what's changed in Enterprise Scale:
 
+### September 2021
+
+#### Docs
+
+- *No updates, yet.*
+
+#### Tooling
+
+- Added Option to select Azure Firewall SKU (https://github.com/Azure/Enterprise-Scale/pull/793)
+
+### Policy
+
+- *No updates, yet.*
+
+### Other
+
+- *No updates, yet.*
+
 ### August 2021
 
 #### Docs

eslzArm/eslz-portal.json

@@ -1463,6 +1463,32 @@
                                 ]
                             }
                         },
+                        {
+                            "name": "esAzFwSku",
+                            "type": "Microsoft.Common.DropDown",
+                            "label": "Select Azure Firewall tier",
+                            "defaultValue": "Standard",
+                            "multiselect": false,
+                            "selectAll": false,
+                            "filter": false,
+                            "multiLine": true,
+                            "visible": "[equals(steps('esConnectivityGoalState').esAzFw, 'Yes')]",
+                            "toolTip": "Select Azure Firewall tier",
+                            "constraints": {
+                                "allowedValues": [
+                                    {
+                                        "label": "Standard",
+                                        "description": "Standard Azure Firewall",
+                                        "value": "Standard"
+                                    },
+                                    {
+                                        "label": "Premium",
+                                        "description": "Premium Azure Firewall adds support for TLS inspection, IDPS, URL filtering and web categories.",
+                                        "value": "Premium"
+                                    }
+                                ]
+                            }
+                        },
                         {
                             "name": "esFwAz",
                             "type": "Microsoft.Common.DropDown",
@@ -2311,6 +2337,7 @@
                 "enableVmMonitoring": "[steps('lzGoalState').esVmMonitoring]",
                 "enableVmssMonitoring": "[steps('lzGoalState').esVmssMonitoring]",
                 "vpnOrErZones": "[steps('esConnectivityGoalState').esGwRegionalOrAz]",
+                "firewallSku": "[steps('esConnectivityGoalState').esAzFwSku]",
                 "firewallZones": "[steps('esConnectivityGoalState').esFwAz]",
                 "paToken": "[steps('lzDevOps').esPaToken]",
                 "principalId": "[steps('lzDevOps').spnSection.esServicePrincipal.objectId]",

eslzArm/eslzArm.json

@@ -503,6 +503,14 @@
             "type": "string",
             "defaultValue": ""
         },
+        "firewallSku": {
+            "type": "string",
+            "allowedValues": [
+                "Standard",
+                "Premium"
+            ],
+            "defaultValue": "Standard"
+        },
         "firewallZones": {
             "type": "array",
             "defaultValue": []
@@ -1442,6 +1450,9 @@
                     "subnetMaskForGw": {
                         "value": "[parameters('subnetMaskForGw')]"
                     },
+                    "firewallSku": {
+                        "value": "[parameters('firewallSku')]"
+                    },
                     "firewallZones": {
                         "value": "[parameters('firewallZones')]"
                     },
@@ -1575,6 +1586,9 @@
                     "enableAzFw": {
                         "value": "[parameters('enableAzFw')]"
                     },
+                    "firewallSku": {
+                        "value": "[parameters('firewallSku')]"
+                    },
                     "addressPrefix": {
                         "value": "[parameters('addressPrefix')]"
                     },
@@ -3141,6 +3155,9 @@
                     "subnetMaskForGw": {
                         "value": "[parameters('subnetMaskForGw')]"
                     },
+                    "firewallSku": {
+                        "value": "[parameters('firewallSku')]"
+                    },
                     "firewallZones": {
                         "value": "[parameters('firewallZones')]"
                     },
@@ -3278,6 +3295,9 @@
                     "enableAzFw": {
                         "value": "[parameters('enableAzFw')]"
                     },
+                    "firewallSku": {
+                        "value": "[parameters('firewallSku')]"
+                    },
                     "addressPrefix": {
                         "value": "[parameters('addressPrefix')]"
                     },

eslzArm/subscriptionTemplates/hubspoke-connectivity.json

@@ -111,6 +111,14 @@
                 "description": "Provide subnet for VPN/ER."
             }
         },
+        "firewallSku": {
+            "type": "string",
+            "allowedValues": [
+                "Standard",
+                "Premium"
+            ],
+            "defaultValue": "Standard"
+        },
         "firewallZones": {
             "type": "array",
             "defaultValue": []
@@ -410,6 +418,10 @@
                                                 "[concat('Microsoft.Network/virtualNetworks/', variables('hubName'))]"
                                             ],
                                             "properties": {
+                                                "sku": {
+                                                    "name": "AZFW_VNet",
+                                                    "tier": "[parameters('firewallSku')]"
+                                                },
                                                 "ipConfigurations": [
                                                     {
                                                         "name": "[variables('azFwIpName')]",

eslzArm/subscriptionTemplates/vwan-connectivity.json

@@ -41,6 +41,14 @@
             ],
             "defaultValue": "No"
         },
+        "firewallSku": {
+            "type": "string",
+            "allowedValues": [
+                "Standard",
+                "Premium"
+            ],
+            "defaultValue": "Standard"
+        },
         "enableVpnGw": {
             "type": "string",
             "allowedValues": [
@@ -198,7 +206,7 @@
                                             "properties": {
                                                 "sku": {
                                                     "Name": "AZFW_Hub",
-                                                    "Tier": "Standard"
+                                                    "Tier": "[parameters('firewallSku')]"
                                                 },
                                                 "hubIPAddresses": {
                                                     "publicIPs": {