![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(243.2, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
578 questions
Hi @Yui Shimizu ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand you would like to understand more about the metric "Firewall Health State".
Please note the Firewall health indicates the SNAT port Availability of the Firewall.
Refer : https://learn.microsoft.com/en-us/azure/firewall/logs-and-metrics under Metrics Section.
To create an alert based on Metric,
You can refer : https://learn.microsoft.com/en-US/Azure/azure-monitor/alerts/tutorial-metric-alert
For Azure Firewall,
- Go to the metrics page under Azure Firewall
- Select the Firewall Health State Metric and click on "New Alert Rule".
-
- Configure the Alert Logic, granularity, and frequency of check per your requirement.
-
- Specify how you would like to be notified about the alert in the Actions
- https://learn.microsoft.com/en-US/Azure/azure-monitor/alerts/action-groups
- Configure other details such as Rule Name, Description and Severity from the Details Page
- Review and Create the Alert.
With respect to bringing down the status < 100%
- The only way to bring the status below 100% is to have a large number of connections passing through the Firewall.
- This should cause SNAT port exhaustion.
- You must have a heavy load on your environment making outbound connections using SNAT to simulate this.
P.S : Azure Firewall also supports configuring multiple Public IP Addresses, to prevent SNAT exhaustion
https://learn.microsoft.com/en-us/azure/firewall/deploy-multi-public-ip-powershell
I hope this helps.
Thanks,
Kapil.
----------------------------------------------------------------------------------------------------------------
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.