Dome9 – GSL Knowledge Base

Virtual network peering enables you to connect virtual networks in the same region and across regions (also known as Global VNet Peering) through the Azure backbone network. Once peered, the virtual networks are still managed as separate resources.
When a peering configuration is deleted on one virtual network, the other virtual network will report that peering is being disconnected.

gsl logic

VNet where peerings length() >0 should have peerings contain-all [peeringState=’Connected’]

Dome9 rules are powered by the Governance Specification Language (GSL). GSL allows our customers to write and run custom security and compliance checks that can be easily read

Learn more:
Compliance Engine
GSL Language

Remediation

Disconnected’ peering connection can only be deleted and configured again.

To configure the peering connection Navigate to the Azure Portal:
1. Click ‘Virtual Networks’, and select the virtual network you would like to delete and reconfigure.
2. Click ‘Peerings’.
3. Delete the peering with ‘Disconnected’ status
4. Click ‘Add’
5. Specify the ‘Name’ and ‘Virtual Network’ and click OK
6. Verify that peering state is ‘Initiated’
7. Repeat step 4-6 on the other Vnet and verify that the peering state is ‘Connected’

Related Links:
What is Azure Virtual Network?

Virtual Network

You can implement multiple virtual networks within each Azure subscription and Azure region. Each virtual network is isolated from other virtual networks. For each virtual network you can:
Specify a custom private IP address space using public and private (RFC 1918) addresses. Azure assigns resources in a virtual network a private IP address from the address space that you assign.
Segment the virtual network into one or more subnets and allocate a portion of the virtual network’s address space to each subnet.

Compliance Frameworks