can a network that has no firewall availability zones be updated to use availablity zones with something like az network firewall update --zones {1,2,3}

sa550181 21 Reputation points
2021-02-22T14:57:28.273+00:00

Hello, We have several accounts that do no have a network firewall availability zone set. Can these be added from the cli ? was thinking something like az network firewall update --subscription sub# --zones {1,2,3} Someone on my team is suggesting this can't be done and that we would have to download the existing firewall as a json file, modify that file by adding in the section for availability zones, delete the current firewall rules and the redeploy with the modified json. This method would cause an outage during the deletion and redeploy. I'm looking for a way to minimize this outage.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
600 questions
0 comments
Accepted answer
  1. suvasara-MSFT 10,026 Reputation points
    2021-02-23T07:02:33.73+00:00

    @sa550181 , This is not possible right now from CLI or portal. Azure offers customers to select the availability zone regions during the deployment itself. Once after deployment the chances of migration to availability zone regions is zero. Azure Firewall will not store customer data or move across regions. The JSON template work around you were pointing to might cause production issues or can bring the Firewall permanently down. We recommend a clean deployment of either standard or premium Firewall of your interest with availability zones. Hope this helps!

    ----------

    Please do not forget to "Accept the answer" wherever the information provided helps you to help others in the community.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest