Merge pull request #226700 from vhorne/fw-dnat-limits

update maximum dnat rules

Author: prmerger-automator[bot]

includes/firewall-limits.md

@@ -16,7 +16,7 @@
 |Rule limits|20,000 unique source/destinations in network rules <br><br> **Unique source/destinations in network** = sum of (unique source addresses * unique destination addresses for each rule)|
 |Total size of rules within a single Rule Collection Group| 1 MB for Firewall policies created before July 2022<br>2 MB for Firewall policies created after July 2022|
 |Number of Rule Collection Groups in a firewall policy|50 for Firewall policies created before July 2022<br>60 for Firewall policies created after July 2022|
-|Maximum DNAT rules|250 maximum unique destinations (public IP address, port, and protocol)<br><br> The DNAT limitation is due to the underlying platform.<br><br>For example, you can configure 500 UDP rules to the same destination IP address and port (one unique destination), while 500 rules to the same IP address but to 500 different ports exceeds the limit (500 unique destinations).|
+|Maximum DNAT rules|250 maximum [number of firewall public IP addresses + unique destinations (destination address, port, and protocol)]<br><br> The DNAT limitation is due to the underlying platform.<br><br>For example, you can configure 500 UDP rules to the same destination IP address and port (one unique destination), while 500 rules to the same IP address but to 500 different ports exceeds the limit (500 unique destinations).|
 |Minimum AzureFirewallSubnet size |/26|
 |Port range in network and application rules|1 - 65535|
 |Public IP addresses|250 maximum. All public IP addresses can be used in DNAT rules and they all contribute to available SNAT ports.|