![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 86%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMO%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
The wide range in Azure Firewall Latency Probe values is expected and comes from how the metric is measured and how the Azure platform behaves, not from a constant change in firewall performance.
Key reasons for the disparity:
- What the metric actually measures
- The AZFW Latency Probe metric measures latency of Azure Firewall within the Azure platform, not end‑to‑end network latency.
- It uses periodic probes and reports the average latency in milliseconds for those probes at each 1‑minute interval.
- ICMP‑based probe behavior and normal spikes
- The current probe uses Microsoft’s Ping Mesh technology based on ICMP.
- ICMP traffic is treated differently (lower priority) than typical application TCP traffic across the Azure platform.
- Because of this, intermittent spikes are normal and are considered part of standard host network behavior, not necessarily a firewall issue.
- Documentation explicitly notes that latency spikes with ICMP probes are expected and should not be misinterpreted as a problem unless they are persistent.
- Normal baseline vs occasional outliers
- Typical Azure Firewall latency averages 1–10 ms, depending on SKU and deployment size.
- Most of the values around 1–1.33 ms represent the normal baseline in your environment.
- Occasional higher values (for example, 100+ ms or 300+ ms) are outliers caused by:
- transient network conditions in the Azure platform,
- temporary high CPU utilization on the firewall,
- temporary high throughput/traffic load.
- How to interpret the pattern
- Expect a chart that is mostly low values with occasional high spikes.
- Guidance is to:
- Set a baseline under light traffic.
- Treat latency as concerning if it regularly exceeds ~3× that baseline over time, not just in isolated points.
- Investigate further if high values are sustained or frequent, especially when correlated with high CPU, high throughput, or SNAT port pressure.
In summary, the 1–1.33 ms points are normal baseline latency, and the 100–300+ ms points are expected transient spikes from ICMP‑based probing and platform conditions. Only persistent or patterned elevation beyond roughly three times the baseline should be treated as a performance issue.
References: