Update of Azure Firewall Policies failes - faulted referenced firewalls

Julian Hüppauff 336 Microsoft Employee

Hi all,

I try to create a Firewall (vWAN Secured Hub) using an ARM Template (actually as part of a blueprint).
The initial deployment works like a charm. But when I try to update the blueprint assignment and thus triggering a new deployment I get the following error:

{
    "status": "Failed",
    "error": {
        "code": "FirewallPolicyUpdateFailed",
        "message": "Put on Firewall Policy [Firewall-Policy-Name] Failed with 1 faulted referenced firewalls"
    }
}

No changes are made to the template after the initial deployment

SaiKishor-MSFT 17,206 Reputation points

2021-12-27T08:23:07.843+00:00

@Julian Hüppauff Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with your Firewall policy Update.

To understand better, can you please explain further regarding what you tried to update un the ARM template that caused this error? Also can you post the error in more detail so we can understand the cause for the same? Thank you!
Julian Hüppauff 336 Reputation points Microsoft Employee

2022-01-10T14:55:21.523+00:00

I haven't changed the ARM template after the initial deployment. When I try to deploy the same arm template again it will fail.
First deployment is sucessful, deleting and resubmitting the template works as well only when the policy already exists it fails
Tomasz L 96 Reputation points

2022-02-15T21:23:02.63+00:00

I`m facing the same issue while using different tools. In my case it is deployment of Azure Firewall together with the firewall policy and ruleCollectionGroups from a bicep template. The first initial deployment to a clean subscription completes successfully. However the next one, with unchanged template and no changes in parameters results in a failure for the Microsoft.Network/firewallPolicies/ruleCollectionGroups resources with the same error that jhueppauff has. I would expect that to be idempotent and just complete successfully when the rules are already in place?

Accepted answer

Tomasz L 96 Reputation points

2022-02-16T21:18:54.623+00:00

It seems I found a possible solution - the issue seem to come from the fact that ARM deploys all the ruleCollectionGroups in parallel or at least not sequentially. When I set explicit dependency between ruleCollectionGroups (I have 2 currently) in my bicep template the error did not appear anymore across multiple redeployments.
I guess it is worth a try :)
Please sign in to rate this answer.

3 people found this answer helpful.
Jose Maria Gurria Celimendiz 6 Reputation points

2022-03-23T14:41:57.84+00:00

This resolved my issue too, thanks!
Sign in to comment

Share via

Update of Azure Firewall Policies failes - faulted referenced firewalls

0 additional answers