diff --git a/auto_policy_testing/green/vnet/application_gateway.tf b/auto_policy_testing/green/vnet/application_gateway.tf
index c593a508..7dd4013b 100644
--- a/auto_policy_testing/green/vnet/application_gateway.tf
+++ b/auto_policy_testing/green/vnet/application_gateway.tf
@@ -1,3 +1,19 @@
+resource "azurerm_virtual_network" "this1" {
+  name                = "${module.naming.resource_prefix.vnet}1"
+  address_space       = ["10.0.0.0/16"]
+  location            = data.terraform_remote_state.common.outputs.location
+  resource_group_name = data.terraform_remote_state.common.outputs.resource_group
+  
+  tags = module.naming.default_tags
+}
+
+resource "azurerm_subnet" "this1" {
+  name                  = "${module.naming.resource_prefix.subnet}1"
+  resource_group_name   = data.terraform_remote_state.common.outputs.resource_group
+  virtual_network_name  = azurerm_virtual_network.this1.name
+  address_prefixes      = ["10.0.2.0/24"]
+}
+
 resource "azurerm_public_ip" "this" {
   name                = module.naming.resource_prefix.publicip
   location            = data.terraform_remote_state.common.outputs.location
diff --git a/auto_policy_testing/green/vnet/outputs.tf b/auto_policy_testing/green/vnet/outputs.tf
index deec2a42..50e6630c 100644
--- a/auto_policy_testing/green/vnet/outputs.tf
+++ b/auto_policy_testing/green/vnet/outputs.tf
@@ -1,5 +1,6 @@
 output "vnet" {
   value = {
-    vnet = azurerm_virtual_network.this.id
+    vnet = azurerm_virtual_network.this.id,
+    ecc-azure-176-asb_ddos_protection_enabled = azurerm_virtual_network.this1.id
   }
 }
\ No newline at end of file
diff --git a/auto_policy_testing/green/vnet/virtual_network.tf b/auto_policy_testing/green/vnet/virtual_network.tf
index 24bd3de2..e30d7335 100644
--- a/auto_policy_testing/green/vnet/virtual_network.tf
+++ b/auto_policy_testing/green/vnet/virtual_network.tf
@@ -15,14 +15,6 @@ resource "azurerm_subnet" "this" {
 
 }
 
-resource "azurerm_subnet" "this1" {
-  name                  = "${module.naming.resource_prefix.subnet}"
-  resource_group_name   = data.terraform_remote_state.common.outputs.resource_group
-  virtual_network_name  = azurerm_virtual_network.this.name
-  address_prefixes      = ["10.0.2.0/24"]
-
-}
-
 resource "azurerm_network_security_group" "this" {
   name                = module.naming.resource_prefix.networksecuritygroup
   location            = data.terraform_remote_state.common.outputs.location
diff --git a/auto_policy_testing/red/vnet/application_gateway.tf b/auto_policy_testing/red/vnet/application_gateway.tf
index a516ecfb..06024596 100644
--- a/auto_policy_testing/red/vnet/application_gateway.tf
+++ b/auto_policy_testing/red/vnet/application_gateway.tf
@@ -1,3 +1,19 @@
+resource "azurerm_virtual_network" "this1" {
+  name                = "${module.naming.resource_prefix.vnet}1"
+  address_space       = ["10.0.0.0/16"]
+  location            = data.terraform_remote_state.common.outputs.location
+  resource_group_name = data.terraform_remote_state.common.outputs.resource_group
+  
+  tags = module.naming.default_tags
+}
+
+resource "azurerm_subnet" "this1" {
+  name                  = "${module.naming.resource_prefix.subnet}1"
+  resource_group_name   = data.terraform_remote_state.common.outputs.resource_group
+  virtual_network_name  = azurerm_virtual_network.this1.name
+  address_prefixes      = ["10.0.2.0/24"]
+}
+
 resource "azurerm_public_ip" "this" {
   name                = "${random_string.this.result}_pip_red"
   location                        = data.terraform_remote_state.common.outputs.location
@@ -20,7 +36,7 @@ resource "azurerm_application_gateway" "this" {
   }
   gateway_ip_configuration {
     name      = "${random_string.this.result}_gtw_ip_conf_red"
-    subnet_id = azurerm_subnet.appgw.id
+    subnet_id = azurerm_subnet.this1.id
   }
 
   frontend_port {
diff --git a/auto_policy_testing/red/vnet/outputs.tf b/auto_policy_testing/red/vnet/outputs.tf
index deec2a42..50e6630c 100644
--- a/auto_policy_testing/red/vnet/outputs.tf
+++ b/auto_policy_testing/red/vnet/outputs.tf
@@ -1,5 +1,6 @@
 output "vnet" {
   value = {
-    vnet = azurerm_virtual_network.this.id
+    vnet = azurerm_virtual_network.this.id,
+    ecc-azure-176-asb_ddos_protection_enabled = azurerm_virtual_network.this1.id
   }
 }
\ No newline at end of file
diff --git a/auto_policy_testing/red/vnet/virtual_network.tf b/auto_policy_testing/red/vnet/virtual_network.tf
index 2dff528d..a10338fd 100644
--- a/auto_policy_testing/red/vnet/virtual_network.tf
+++ b/auto_policy_testing/red/vnet/virtual_network.tf
@@ -14,13 +14,6 @@ resource "azurerm_subnet" "this" {
   address_prefixes      = ["10.0.2.0/24"]
 }
 
-resource "azurerm_subnet" "appgw" {
-  name                  = "${module.naming.resource_prefix.subnet}-appgw"
-  resource_group_name   = data.terraform_remote_state.common.outputs.resource_group
-  virtual_network_name  = azurerm_virtual_network.this.name
-  address_prefixes      = ["10.0.4.0/24"]
-}
-
 resource "azurerm_network_interface" "this" {
   name                = "${module.naming.resource_prefix.networkinterface}-vnet"
   location            = data.terraform_remote_state.common.outputs.location