Upgrade Azure Firewall from Standard to Premium in vWAN Hub

Raviraj Velankar 86 Reputation points
2022-12-21T13:33:48.693+00:00

Hi,
I have following query
Need to upgrade Azure Firewall Standard in vWAN Hub to Azure FW Premium and enable TLS, IDPS inspection after upgrade.

if we use method such as FW upgrade using Terraform then what are the pre-requisites and precautions need to be considered apart from downtime

As per Azure documentation, Azure FW SNAT config need to be updated manually or need to be created manually. Does terraform script cover those steps as well ?

We faced issues after upgrade from Standard to Premium for SNAT rules and whether it affects any other config in vWAN Hub

What is the best method suggested with less impact to Production environment

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
600 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KapilAnanth-MSFT 39,461 Reputation points Microsoft Employee
    2022-12-22T06:14:14.437+00:00

    Hi @Raviraj Velankar ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you are planning to migrate Azure Standard Firewall to Premium.

    As for pre-requisites and precautions,

    • As long as you do the migration as a planned activity with a downtime, you should be good.
    • You can also create a dummy Firewall with vWAN, and then migrate it to Premium using terraform script to make sure the script works as expected

    For SNAT,

    • From the terraform reference, I can see there is a reference for private IP Ranges.
    • So, you should be able to configure SNAT using Terraform

    Ideally, the migration should not affect other configurations of the vHub.

    Please let us know should you require further information on this.

    Cheers,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.