How to manage firewall public ips for secure virtual hub?

Matthijs de Beer 61 Reputation points
2022-09-06T08:52:14.513+00:00

Hi all,

I've created a virtual hub in my environment, and now I'm trying to make it a secure virtual hub by adding an Azure Firewall instance. For the firewall I want to use two public ips that I have created previously. From looking at the [documentation][1], is seems that I need to use the 'hubIPAddresses' property to specify the number of ips I want to use aswell as the public ip addresses. Using Bicep, I've created the following object:

hubIPAddresses: {
addresses: [
{
address: '

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
187 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
Azure Firewall Manager
Azure Firewall Manager
An Azure service that provides central network security policy and route management for globally distributed, software-defined perimeters.
83 questions
0 comments No comments
{count} votes

Accepted answer
  1. GitaraniSharma-MSFT 47,316 Reputation points Microsoft Employee
    2022-09-06T13:09:24.933+00:00

    Hello @Matthijs de Beer ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you would like to deploy a Secure virtual hub and use an existing Public IP address for the Azure Firewall instance.

    Currently, it is not possible to use/select an existing Public IP address for the Azure Firewall instance while deploying a secure virtual hub.

    Refer : https://learn.microsoft.com/en-us/azure/firewall-manager/secure-cloud-network
    https://learn.microsoft.com/en-us/azure/firewall-manager/quick-secure-virtual-hub-bicep?tabs=CLI

    You can see the same while going through the deployment process via Azure Portal. There is no option to choose an existing Public IP address.

    238253-image.png

    In case of secured virtual hub, the firewall public IP address is automatically created and you can get it after the deployment completes.

    As you mentioned, it is possible to deploy a normal Azure Firewall instance into a Vnet using an existing Public IP as shown below:

    238199-image.png

    Kindly let us know if the above helps or you need further assistance on this issue.

    ----------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful