Merge pull request #110501 from vhorne/fw-overview

PRMerger6 · web-flow · commit 2e4f9d54985b · 2020-04-07T07:04:31.000-07:00
update port range
diff --git a/includes/firewall-limits.md b/includes/firewall-limits.md
@@ -5,7 +5,7 @@
  author: vhorne
  ms.service: firewall
  ms.topic: include
- ms.date: 04/03/2020
+ ms.date: 04/07/2020
  ms.author: victorh
  ms.custom: include file
 ---
@@ -16,7 +16,7 @@
 |Rules|10,000. All rule types combined.|
 |Maximum DNAT rules|298<br>If a rule's protocol is configured for both TCP and UDP, it counts as two rules.|
 |Minimum AzureFirewallSubnet size |/26|
-|Port range in network and application rules|0-64,000. Work is in progress to relax this limitation.|
+|Port range in network and application rules|1 - 65535|
 |Public IP addresses|100 maximum (Currently, SNAT ports are added only for the first five public IP addresses.)|
 |IP Groups IP addresses|50 IP Groups or less: maximum 5000 individual IP addresses each per firewall instance.<br>51 - 100 IP Groups: 500 individual IP address each per firewall instance.<br><br>For more information see [IP Groups (preview) in Azure Firewall](../articles/firewall/ip-groups.md#ip-address-limits)
 |Route table|By default, AzureFirewallSubnet has a 0.0.0.0/0 route with the NextHopType value set to **Internet**.<br><br>Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override that with a 0.0.0.0/0 UDR with the **NextHopType** value set as **Internet** to maintain direct Internet connectivity. By default, Azure Firewall doesn't support forced tunneling to an on-premises network.<br><br>However, if your configuration requires forced tunneling to an on-premises network, Microsoft will support it on a case by case basis. Contact Support so that we can review your case. If accepted, we'll allow your subscription and ensure the required firewall Internet connectivity is maintained.|
