Merge pull request #298189 from MicrosoftDocs/main

Merged by Learn.Build PR Management system

Author: learn-build-service-prod[bot]

articles/firewall/firewall-known-issues.md

@@ -5,7 +5,7 @@ services: firewall
 author: varunkalyana
 ms.service: azure-firewall
 ms.topic: concept-article
-ms.date: 04/11/2025
+ms.date: 04/13/2025
 ms.author: varunkalyana
 ---
 
@@ -32,7 +32,8 @@ Azure Firewall Standard has the following known issues:
 |---------|---------|---------|
 |DNAT support for private IP addresses limited to Standard and Premium versions|Support for DNAT on Azure Firewall private IP address is intended for enterprises, so is limited to the Standard and Premium Firewall versions.| None|
 |Network filtering rules for non-TCP/UDP protocols (for example ICMP) don't work for Internet bound traffic|Network filtering rules for non-TCP/UDP protocols don't work with SNAT to your public IP address. Non-TCP/UDP protocols are supported between spoke subnets and VNets.|Azure Firewall uses the Standard Load Balancer, [which doesn't support SNAT for IP protocols today](../load-balancer/outbound-rules.md#limitations). We're exploring options to support this scenario in a future release.|
-|When an Azure Firewall is deallocated and then allocated again, sometimes it may be assigned a new private IP address that differs from the previous one.| In such scenarios, the existing User Defined Routes (UDRs) configured with the old private IP address will need to be reconfigured to reflect the new private IP address.|A fix for this issue to retain the previously assigned private IP address is in our roadmap.|
+|When an Azure Firewall is deallocated and then allocated again, sometimes it may be assigned a new private IP address that differs from the previous one.| After the deallocation and application process of the Azure Firewall, a private IP address is assigned dynamically from the Azure Firewall subnet. When a new private IP address is assigned that is different from the previous one, it will cause routing issues. |The existing User Defined Routes (UDRs) configured with the old private IP address will need to be reconfigured to reflect the new private IP address. A fix is being investigated to retain the private IP address after the allocation process.|
+|Azure Firewall DNS proxy server configurations in the parent policy is not inherited by child policies.|Changes made to the Azure Firewall parent policy will result in DNS resolution failures for Fully Qualified Domain Name (FQDN) based rules within the child policies that are linked to the parent policy.| To avoid this issue, configure the DNS proxy settings directly on the child policies instead of relying on inheritance from the parent policy. A fix is being investigated to allow child policies to interhit DNS configurations from the parent policy.|
 |Missing PowerShell and CLI support for ICMP|Azure PowerShell and CLI don't support ICMP as a valid protocol in network rules.|It's still possible to use ICMP as a protocol via the portal and the REST API. We're working to add ICMP in PowerShell and CLI soon.|
 |FQDN tags require a protocol: port to be set|Application rules with FQDN tags require port: protocol definition.|You can use **https** as the port: protocol value. We're working to make this field optional when FQDN tags are used.|
 |Moving a firewall to a different resource group or subscription isn't supported|Moving a firewall to a different resource group or subscription isn't supported.|Supporting this functionality is on our road map. To move a firewall to a different resource group or subscription, you must delete the current instance and recreate it in the new resource group or subscription.|

articles/partner-solutions/neon/create-service-connection.md

@@ -13,7 +13,7 @@ In this guide, learn how to connect your app to a database within a Neon Serverl
 
 Service Connector is an Azure service designed to simplify the process of connecting Azure resources together. Service Connector manages your connection's network and authentication settings to simplify the operation.
 
-This guide shows step by step instructions to connect an app deployed to Azure App Service to a Neon Serverless Postgres resource. You can apply a similar method to create a connection from apps deployed to [Azure Container Apps](/azure/container-apps/quickstart-portal), [Azure Kubernetes Services (AKS)](/azure/aks/learn/quick-kubernetes-deploy-portal), or [Azure Spring Apps](/azure/spring-apps/enterprise/quickstart).
+This guide shows step by step instructions to connect an app deployed to Azure App Service to a Neon Serverless Postgres resource. You can apply a similar method to create a connection from apps deployed to [Azure Container Apps](/azure/container-apps/quickstart-portal), [Azure Kubernetes Services (AKS)](/azure/aks/learn/quick-kubernetes-deploy-portal).
 
 ## Prerequisites
 
@@ -25,7 +25,7 @@ This guide shows step by step instructions to connect an app deployed to Azure A
 
 Follow these steps to connect an app to Neon Serverless Postgres (Preview):
 
-1. Open the App Service, Container Apps, AKS, or Azure Spring Apps resource where your app is deployed. If using Azure Spring Apps, once you've opened your resource, navigate to the **Apps** menu, and select your app.
+1. Open the App Service, Container Apps, or AKS resource where your app is deployed.
 
 1. Open **Service Connector** from the left menu and select **Create**.