Clarify article applies to network rules only

Author: vhorne

articles/firewall/snat-private-range.md

@@ -5,13 +5,15 @@ services: firewall
 author: vhorne
 ms.service: firewall
 ms.topic: article
-ms.date: 01/09/2020
+ms.date: 03/16/2020
 ms.author: victorh
 ---
 
 # Azure Firewall SNAT private IP address ranges
 
-Azure Firewall doesn’t SNAT when the destination IP address is in a private IP address range per [IANA RFC 1918](https://tools.ietf.org/html/rfc1918). 
+Azure Firewall doesn't SNAT using Network rules when the destination IP address is in a private IP address range per [IANA RFC 1918](https://tools.ietf.org/html/rfc1918).
+
+Application rules are always applied regardless of the destination IP address.
 
 If your organization uses a public IP address range for private networks, Azure Firewall will SNAT the traffic to one of the firewall private IP addresses in AzureFirewallSubnet. However, you can configure Azure Firewall to **not** SNAT your public IP address range.
 
@@ -36,7 +38,7 @@ To configure an existing firewall, use the following Azure PowerShell commands:
 
 ```azurepowershell
 $azfw = Get-AzFirewall -ResourceGroupName "Firewall Resource Group name"
-$azfw.PrivateRange = @(“IANAPrivateRanges”,“IPRange1”, “IPRange2”)
+$azfw.PrivateRange = @("IANAPrivateRanges","IPRange1", "IPRange2")
 Set-AzFirewall -AzureFirewall $azfw
 ```