Is it possible to add a private ip to Azure firewall if it is not getting created automatically

Ananya Sarkar 311 Reputation points
2020-12-09T10:38:32.453+00:00

Hi,

We are trying to provision Azure FW from external kubernetes cluster through Infrastructure as code service. However after provisioning, the FW is getting created but its private ip is not getting generated.
Is there a way to add a private ip to azure FW from portal, when it is not generated automatically while provisioning?

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
600 questions
Accepted answer
  1. suvasara-MSFT 10,026 Reputation points
    2020-12-09T12:02:02.62+00:00

    @Ananya Sarkar , As mentioned by @GitaraniSharma-MSFT , you will not be able to edit the Private IP address of an Azure Firewall. The address will be automatically provisioned from the Azure Firewall Subnet address range.

    I tried this in two ways but failed:

    1. I gave a try to change the Azure Firewall Subnet range to custom private address range. But it failed with an error saying that you cannot modify the Azure Firewall subnet once created and in use.
    2. I even used PowerShell to "Get" the Firewall IP configurations and modified the Private IP address using these commands, 
      Get-AzFirewall -ResourceGroupName rgName -Name azFw  

$azfw.ipconfigurations   

$azfw.ipconfigurations.PrivateIPAddresstype()  

$azfw.ipconfigurations[0].PrivateIPAddress="custom Private IP"  

Set-AzFirewall -AzureFirewall $azFw
      All worked well and the Private IP has been added in the variable, but you cannot set it using Set command. Which proves that we cannot create/alter Private IP address of an Azure Firewall.

    But it's strange that there is no private IP being created on deployment. Could you please recheck whether your IAAS code satisfies all the requirements and steps for creating an Azure Firewall?

    Hope this helps!

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ananya Sarkar 311 Reputation points
    2020-12-10T15:21:38.757+00:00

    Thanks @suvasara-MSFT , I tried with the commands mentioned by you to add a private ip through powershell, but when I am running this query $azfw.ipconfigurations.PrivateIPAddresstype() for my FW, its giving this error (since the private ip of the FW is null):
    "InvalidOperation: You cannot call a method on a null-valued expression."

    You said it worked for you to, atleast add the private ip to the variable.
    Can you plz tell me how you did that and why its not working for me through powershell ?

    0 comments
  2. suvasara-MSFT 10,026 Reputation points
    2020-12-11T10:39:12.743+00:00

    @Ananya Sarkar , Apologies, my bad. Here is the command to find out variable type, 

    $azFw.ipconfigurations[0].PrivateIPAddress.Gettype()

    The commands will get executed successfully with no change in private IP.