Azure Firewall scale in issue

Question

Hello Team,

We are having issue with Azure firewall premium where AZFW scale out as throughput hits > 2gbps. throughput is moving from 2gbps to 6 gbps for few minutes and then came back to < 1.5 gbps. After that Scale in may starts.
But after few minutes/hrs if throughput hits again over 2gbps then what is the exact action taken by AZFW.? Does is perform scale out action or it continues with scale in operation which is on-going?
In this case, we are loosing session and connections for a long time. Also want to know about session persistence and TCP reset is enabled or not by default in AZFW.

Thank you !!

Answer 1

@Pratik Shinde

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you would like to know more about Azure Firewall Scaling, Session Persistence and TCP Reset.

Breaking the average throughput changes,

2 Gbps to 6 Gbps - Scale Out

6 Gbps to 1.5 Gbps - Scale In

1.5 Gbps to 2 Gbps - Scale Out

It should take about 10 to 15 minutes to inorder to notice the effective scale out.

For a scale in, it should take about 1.5 minutes.

P.S:

• The above calculations (numbers) hold for Standard AzFW.
• For Premium AzFW, the initial Max bandwidth is upto 18 Gbps and scale out should start only at 10.8 average bandwidth (i.e, 60%)
• 

Wrt Session Persistence and TCP Reset,

Refer : How does Azure Firewall handle VM instance shutdowns during Virtual Machine Scale Set scale in (scale down) or fleet software upgrades?

Hope this helps.

Thanks,

Kapil

---

Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.