Cannot delete Azure Firewall nor Firewall policy

Wing Chang 50 Reputation points
2024-03-04T06:30:42.54+00:00

Was trying out the Azure Firewall with my MPN subscription. Was not sure what the cost was so let it run for a couple of days. Now it's reached the spending limit and my MPN Azure service is disabled though the firewall isn't really "running".

So I tried to delete Azure Firewall resource but failed. It said there're firewall policy associated with the Firewall. However, when I tried to delete the firewall policy it also failed. It said the firewall policy is used by Firewall ?!!!

Please help.

Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
92 questions
0 comments No comments
{count} vote

Accepted answer
  1. GitaraniSharma-MSFT 49,651 Reputation points Microsoft Employee
    2024-03-04T10:54:23.1733333+00:00

    Hello @Wing Chang ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are unable to delete your Azure Firewall and Azure Firewall policy.

    To be able to delete an Azure Firewall or Azure Firewall policy, they need to be unassociated. If a policy is attached to an Azure Firewall, you need to disassociate/unlink them first and then try deleting them.

    Could you confirm if the Azure Firewall has been unlinked from the firewall policy?

    If no, then you have to unlink the Azure Firewall first and then try removing the Azure Firewall policy either via portal/PowerShell.

    You can follow the steps mentioned below to remove the firewall policy association.

    • Go to Firewall Manger (click on Azure Firewall Manager)

    User's image

    • On Azure Firewall Manager page click on Azure Firewall Policies

    User's image

    • Then select the Firewall policy you want to disassociate and click on Mange Associations

    User's image

    • Click on the appropriate option. In my case it was Remove Vnet Associations. Then click on confirm to remove the firewall association:

    User's image

    If the Azure firewall/Azure Firewall policy is in updating/failed state, before unlinking them, you can try a GET-PUT operation as below.

    To perform a GET operation:

    Azure Firewall command: az network firewall show --name firewallname --resource-group resourcegroupname

    Azure Firewall Policy command: az network firewall policy show --name policyname --resource-group resourcegroupname

    To perform a PUT operation:

    Azure Firewall command: az network firewall update --name firewallname --resource-group resourcegroupname

    Azure Firewall Policy command: az network firewall policy update --name policyname --resource-group resourcegroupname

    Refer: https://docs.microsoft.com/en-us/cli/azure/network/firewall?view=azure-cli-latest#az-network-firewall-show

    https://docs.microsoft.com/en-us/cli/azure/network/firewall/policy?view=azure-cli-latest#az-network-firewall-policy-show

    NOTE: You can use Azure CLI from the Azure portal CloudShell to perform these operations.

    Once the PUT operation is done, check if the Firewall/Firewall policy gets updated to "succeeded" state. Then you can try unlinking and deleting the Azure firewall policy, followed by the Azure Firewall.

    If the above doesn't help, then the only way to get this fixed would be via a support request. Please do provide an update, we will try and help you get a one-time free technical support.

    Additional references for you: https://learn.microsoft.com/en-us/answers/questions/727510/cannot-delete-azure-firewall-and-policy

    https://learn.microsoft.com/en-us/answers/questions/461159/firewall-policy-cannot-be-deleted-since-there-are

    Kindly let us know if the above helps or you need further assistance on this issue.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.