Merge pull request #273744 from vhorne/fw-top-ten

prmerger-automator[bot] · web-flow · commit 083140bd0373 · 2024-04-29T20:56:23.000Z
updates for GH Issue 119820
diff --git a/articles/firewall/enable-top-ten-and-flow-trace.md b/articles/firewall/enable-top-ten-and-flow-trace.md
@@ -141,7 +141,7 @@ To check the status of the AzResourceProvider registration, you can run the Azur
 
 To disable the log, you can unregister it using the following command or select unregister in the previous portal example.
  
-`Get-AzProviderFeature -FeatureName "AFWEnableTcpConnectionLogging" -ProviderNamespace "Microsoft.Network"`
+`Unregister-AzProviderFeature -FeatureName AFWEnableTcpConnectionLogging -ProviderNamespace Microsoft.Network`
 
 
 ### Create a diagnostic setting and enable Resource Specific Table
diff --git a/includes/firewall-limits.md b/includes/firewall-limits.md
@@ -20,7 +20,7 @@
 |Minimum AzureFirewallSubnet size |/26|
 |Port range in network and application rules|1 - 65535|
 |Public IP addresses|250 maximum. All public IP addresses can be used in DNAT rules and they all contribute to available SNAT ports.|
-|IP addresses in IP Groups|Maximum of 200 IP Groups per firewall.<br>Maximum 5000 individual IP addresses or IP prefixes per each IP Group.
+|IP addresses in IP Groups|Maximum of 200 unique IP Groups per firewall.<br>Maximum 5000 individual IP addresses or IP prefixes per each IP Group.
 |Route table|By default, AzureFirewallSubnet has a 0.0.0.0/0 route with the NextHopType value set to **Internet**.<br><br>Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override that with a 0.0.0.0/0 UDR with the **NextHopType** value set as **Internet** to maintain direct Internet connectivity. By default, Azure Firewall doesn't support forced tunneling to an on-premises network.<br><br>However, if your configuration requires forced tunneling to an on-premises network, Microsoft will support it on a case by case basis. Contact Support so that we can review your case. If accepted, we'll allow your subscription and ensure the required firewall Internet connectivity is maintained.|
 |FQDNs in network rules|For good performance, do not exceed more than 1000 FQDNs across all network rules per firewall.|
 |TLS inspection timeout|120 seconds|
