Setting up azure firewall premium policies

Reshma Nair 120 Reputation points
2024-01-23T16:17:49.2633333+00:00

I am trying to implement Azure firewall premium for our existing infrastructure using terraform to enable the IDPS feature. But the main issue I am facing is the azure firewall policies(Dnat rules) which I created are not working or not getting attached to the azure firewall. They both exist as separate entities so that we cannot SSH or RDP to our host machines. But when I created the rules manually under Firewall settings -> Rules(classic) it just worked fine. My firewall and host machines are in completely different VNETs and I connected them via peering. I also created a route and associated it with my host machine subnet. It would be grateful if anyone can tell me what I missed or where I went wrong, so that the Dnat rules which I created under azure firewall policy is not working. I am not an expert in networking. Any leads would be helpful. Thanks in advance.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
544 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,035 questions
Azure Web Application Firewall
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 32,351 Reputation points Microsoft Employee
    2024-01-30T05:18:58.06+00:00

    @Reshma Nair

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

    Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue:

    • You are trying to deploy Azure firewall premium using Terraform.
    • However, Dnat rules created are not working or not getting attached to the azure firewal

    Solution: You informed there was a code regression and did not associate the Policy to the Firewall.

    Adding the below line fixed the issue.

    firewall_policy_id = azurerm_firewall_policy.azfw_policy.id
    

    Cheers,

    Kapil

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful