Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Availability/ Settings
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
- Snyk IDSNYK-CC-00567
- creditSnyk Research Team
Description
Not using an active-active VPN gateway configuration might lead to connectivity downtime.
How to fix?
Set properties.activeActive to true.
Set active_active attribute to true. Note that an active-active gateway requires a HighPerformance or UltraPerformance SKU.
Example Configuration
resource "azurerm_virtual_network_gateway" "allow" {
name = "test567"
location = azurerm_resource_group.example567.location
resource_group_name = azurerm_resource_group.example567.name
type = "Vpn"
vpn_type = "RouteBased"
active_active = true
enable_bgp = false
sku = "HighPerformance"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.example567.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.example567.id
}
ip_configuration {
name = "vnetGatewayConfig1"
public_ip_address_id = azurerm_public_ip.example567a.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.example567.id
}
}