Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
741 questions
Template validation error of Palo Alto Firewall bicep resource, and how to troubleshoot further
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 55.00000000000001%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
Lasse Hastrup
0
Reputation points
Hi,
We have a Palo Alto firewall running in Azure using that is deployed using IaC. Nothing has changed in the code, but somehow we started receiving template validation errors as of march 20, 2025
We're using the following bicep resource, Bicep resource.
During deployment get the following error:
{"code":"DeploymentFailed","target":"/xyz/providers/Microsoft.Resources/deployments/xyz","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"InvalidTemplateDeployment","message":"The template deployment 'paloAltoFirewall-20250414T101744Z' is not valid according to the validation procedure. The tracking id is
'973d8632-41c2-4dc0-afd6-6cc0e2c0bee2'. See inner errors for details."}]}
Using the correlation Id to read logs using Get-AzLog i don't get any more details about this, so it's really hard for me to know what is going on, especially since we haven't changed anything related to the bicep resource.
How can I proceed in my troubleshooting from here? Can you improve the stdOut error messages upon such errors, as I imagine one of your linters is throwing an error that you will be able to read in the backend?
Note: We've attempted to upgrade to latest API-version as well; no luck.
Tracking ID: '973d8632-41c2-4dc0-afd6-6cc0e2c0bee2'
CorrelationId: 2938309d-0e08-441d-9320-eba5f43c8b53
Further information can be requested
Best regards,
Lasse
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota 3,835 Reputation points Microsoft External Staff2025-04-14T23:35:20.6533333+00:00 Hi @Lasse Hastrup,
- Could you please deploy this in a different region and let us know if you are still facing the issue?
- Please try deploying this using the portal.
- Could you please refer this doc: https://learn.microsoft.com/en-us/azure/azure-resource-manager/troubleshooting/error-invalid-template?tabs=bicep
-
Lasse Hastrup 0 Reputation points
2025-04-15T07:42:09.5533333+00:00 Hi @Rohith Vinnakota ,
Thanks for your reply.
It's an extensive and expensive process to deploy the entire network stack in a different region.
I would've hoped to receive some kind of hint from the tracking ID provided to narrow down my search.
I can attempt using the -whatIf, but if that doesn't work, im afraid i can't just deploy it in a different region.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 82%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Venkat V 1,390 Reputation points Microsoft External Staff2025-04-16T09:58:36.3833333+00:00 Hi @Lasse Hastrup
Could you please share the Bicep code you are using? Also, have you tried creating the resource using Infrastructure as Code (IaC) tools like Terraform and ARM?
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 79%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMJ%3C/text%3E%3C/svg%3E)
Madugula Jahnavi 330 Reputation points Microsoft External Staff2025-04-16T14:46:17.5633333+00:00 Hello Lasse Hastrup, Can you share the bicep code to look into the issue further? And also have you checked the deployment history? Kindly confirm here.
Sign in to comment
Sign in to answer