![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 26%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,779 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 36%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGS%3C/text%3E%3C/svg%3E)
Hi Alex H
It looks like you're planning to swap out your Check Point firewall for a Sophos firewall in Azure and want to ensure a smooth transition of your public IP addresses.
Your migration plan is solid and well thought out. Here's a review of your steps along with some feedback and best practices:
- Stop the Check Point firewall VM: Yes, stopping this VM is a good practice. It's important to ensure there are no active connections or sessions using the public IP when you dissociate it.
- Stop the Sophos firewall VM: Why: It's best to stop the VM before changing NIC configurations to avoid any runtime issues or IP binding problems.
- Dissociate the public IP addresses from the Check Point firewall NIC: This is correct. You'll want to do this to free up the IPs for reassignment.
- You can do this via the Azure Portal or PowerShell:
-
$nic = Get-AzNetworkInterface -Name "<CheckpointNIC>" -ResourceGroupName "<CheckpointRG>"$nic.IpConfigurations[0].PublicIpAddress = $nullSet-AzNetworkInterface -NetworkInterface $nic
- Associate the public IP addresses to the Sophos firewall NIC: Ensure the IP is in the same region and the target NIC is properly configured to accept the IP.
- Start the Sophos firewall VM: You can start this after the IP addresses are assigned and verified.
- Associated public IP addresses will be available on the Sophos firewall: You should verify the IPs are functioning correctly once the Sophos firewall is up.
Overall, your steps look good but remember to check the NSG (Network Security Group) rules to ensure traffic is allowed as per your requirements on the new firewall.
Additional Recommendations:
- Backup Configuration: Always back up your firewall configurations before making changes.
- Testing: After reassociating the public IPs, run some tests to verify connectivity and firewall rules.
I hope this has been helpful!
Please don’t forget to close the thread by clicking "Accept the answer" and "Yes" wherever the information provided helps you, as this can be beneficial to other community members.