Merge pull request #292701 from mbender-ms/ip-config-fw

ip services | freshness |  configure-public-ip-firewall.md

Author: rmca14

articles/virtual-network/ip-services/configure-public-ip-firewall.md

@@ -7,8 +7,7 @@ ms.author: mbender
 ms.service: azure-virtual-network
 ms.subservice: ip-services
 ms.topic: how-to 
-ms.date: 08/24/2023
-ms.custom: FY23 content-maintenance
+ms.date: 01/07/2025
 ---
 
 # Manage a public IP address by using Azure Firewall
@@ -31,7 +30,7 @@ In this section, you create an Azure firewall. Use the first IP address you crea
 
 1. In the [Azure portal](https://portal.azure.com/), search for and select *Firewalls*.
 
-2. On the **Firewalls page**, select **Create**. 
+2. On the **Azure Firewalls** page, select **+ Create**. 
 
 3. In **Create firewall**, enter or select the following information.
 
@@ -52,21 +51,18 @@ In this section, you create an Azure firewall. Use the first IP address you crea
     | Address space | Enter **10.0.0.0/16**. |
     | Subnet address space | Enter **10.0.0.0/26**. |
     | Public IP address | Select **myStandardPublicIP-1** or your public IP. |
-    | Forced tunneling | Leave the default of **Disabled**. |
-    
- 
+    | **Firewall Management NIC** |   |
+    | Enable Firewall Management NIC | Uncheck the box. |
+
 4. Select **Review + create**.
 
 5. Select **Create**.
 
 The following image shows the **Create firewall** page with the example information.
 
-:::image type="content" source="./media/create-public-ip-firewall/create-azure-firewall.png" alt-text="Screenshot that shows the Create firewall page with the example information." lightbox="./media/create-public-ip-firewall/create-azure-firewall-lightbox.png":::
-
-
 ## Change the public IP address for a firewall
 
-In this section, you change the public IP address associated with the firewall. A firewall must have at least one public IP address associated with its configuration.  You can't update the IP address if the firewall's existing IP has any destination network address translation (DNAT) rules associated with it.
+In this section, you change the public IP address associated with the firewall. A firewall must have at least one public IP address associated with its configuration. You can't update the IP address if the firewall's existing IP has any destination network address translation (DNAT) rules associated with it.
 
 1. In the Azure portal, search for and select *Firewalls*.
 
@@ -76,12 +72,12 @@ In this section, you change the public IP address associated with the firewall.
 
 4. In **Public IP configuration**, select **myStandardPublicIP-1**.
 
-5. In the **Edit public IP configuration** window, select the **Public IP address** dropdown, and then select **myStandardPublicIP-2**.
+5. In the **Edit public IP configuration** window, select **myStandardPublicIP-2** from the dropdown.
 6. Select **Save**.
 
 ## Add a public IP configuration to a firewall
 
-In this section, you add a public IP configuration to Azure Firewall. For more information about multiple IPs, see [Multiple public IP addresses](../../firewall/features.md#multiple-public-ip-addresses).  
+In this section, you add a public IP configuration to Azure Firewall. For more information about multiple IPs, see [Multiple public IP addresses](../../firewall/features.md#multiple-public-ip-addresses). 
 
 1. In the Azure portal, search for and select *Firewalls*.
 
@@ -105,7 +101,7 @@ In this section, you add a public IP configuration to Azure Firewall. For more i
 This example is a simple deployment of Azure Firewall. For advanced configuration and setup, see [Tutorial: Deploy and configure Azure Firewall and policy by using the Azure portal](../../firewall/tutorial-firewall-deploy-portal-policy.md). When associated with multiple public IPs, Azure Firewall randomly selects the first source Public IP for outbound connectivity and only uses the next available Public IP after no more connections can be made from the current public IP due to SNAT port exhaustion. You can associate a [network address translation (NAT) gateway](/azure/nat-gateway/nat-overview) to a Firewall subnet to extend the scalability of source network address translation (SNAT). With this configuration, all outbound traffic uses the public IP address or addresses of the NAT gateway. For more information, see [Scale SNAT ports with Azure Virtual Network NAT](../../firewall/integrate-with-nat-gateway.md).
 
 > [!NOTE]
-> It is recommended to instead use [NAT Gateway](../../nat-gateway/nat-overview.md) to provide dynamic scalability of your outbound connectivity.
+> It's recommended to instead use [NAT Gateway](../../nat-gateway/nat-overview.md) to provide dynamic scalability of your outbound connectivity.
 > Protocols other than Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) in network filter rules are unsupported for SNAT to the public IP of the firewall. 
 > You can integrate an Azure firewall with the Standard SKU load balancer to protect backend pool resources. If you associate the firewall with a public load balancer, configure ingress traffic to be directed to the firewall public IP address. Configure egress via a user-defined route to the firewall public IP address. For more information and setup instructions, see [Integrate Azure Firewall with Azure Standard Load Balancer](../../firewall/integrate-lb.md). 
 

articles/virtual-network/ip-services/configure-public-ip-load-balancer.md

@@ -7,8 +7,7 @@ ms.author: mbender
 ms.service: azure-virtual-network
 ms.subservice: ip-services
 ms.topic: how-to 
-ms.date: 08/24/2023
-ms.custom: template-how-to, engagement-fy23
+ms.date: 01/07/2025
 ---
 
 # Manage a public IP address with a load balancer
@@ -27,7 +26,7 @@ In this article, you learn how to:
 > [!div class="checklist"]
 > * Create a load balancer with an existing public IP address in your subscription. 
 > * Change the current public IP associated to a load balancer. 
-> * Change the frontend configuration of a load balancer from a public IP address to a public IP prefix.  
+> * Change the frontend configuration of a load balancer from a public IP address to a public IP prefix. 
 
 Finally, the article reviews unique aspects of using public IPs and public IP prefixes with a load balancer. 
 
@@ -54,13 +53,13 @@ In this section, you create a standard SKU load balancer. You select the IP addr
 
 4. Select **+ Create**.
 
-5. In the **Basics** tab of **Create Load balancer**, enter or select the following information:
+5. In the **Basics** tab of **Create Load balancer**, enter, or select the following information:
 
     | Setting | Value |
     | ------- | ----- |
     | **Project details** |   |
     | Subscription | Select your subscription. |
-    | Resource group | Select **Create new**. </br> Enter **myResourceGroupIP**. </br> Select **OK**. |
+    | Resource group | Select **Create new**.</br> Enter **myResourceGroupIP**.</br> Select **OK**. |
     | **Instance details** |   |
     | Name | Enter **myLoadBalancer**. |
     | Region | Select **(US) West US 2**. |
@@ -114,7 +113,7 @@ To change the IP, you associate a new public IP address previously created with
     :::image type="content" source="./media/configure-public-ip-load-balancer/verify-new-ip.png" alt-text="Screenshot of the load balancer Frontend I P configuration page showing the new public I P address.":::
 
 > [!NOTE]
-> This technique can be utilized when transitioning from a non-zonal frontend to a zone-redundant frontend in regions that support availability zones.  See [Load Balancer and Availability Zones](../../load-balancer/load-balancer-standard-availability-zones.md)
+> This technique can be utilized when transitioning from a non-zonal frontend to a zone-redundant frontend in regions that support availability zones. See [Load Balancer and Availability Zones](../../load-balancer/load-balancer-standard-availability-zones.md)
 
 ## Add public IP prefix
 
@@ -156,9 +155,9 @@ In this section, you change the frontend configuration used for outbound connect
 
 ## Caveats
 
-* Standard public load balancers can use standard SKU static IPv6 addresses as their frontend public IPs or public IP prefixes.  Every deployment must be dual-stack with both IPv4 and IPv6 frontends. NAT64 translation is unavailable. For more information, see [Deploy an IPv6 dual stack application in Azure - PowerShell](../../load-balancer/virtual-network-ipv4-ipv6-dual-stack-standard-load-balancer-powershell.md) (Basic public load balancers can use basic SKU dynamic IPv6 addresses as their frontend public IPs.).
+* Standard public load balancers can use standard SKU static IPv6 addresses as their frontend public IPs or public IP prefixes. Every deployment must be dual-stack with both IPv4 and IPv6 frontends. NAT64 translation is unavailable. For more information, see [Deploy an IPv6 dual stack application in Azure - PowerShell](../../load-balancer/virtual-network-ipv4-ipv6-dual-stack-standard-load-balancer-powershell.md) (Basic public load balancers can use basic SKU dynamic IPv6 addresses as their frontend public IPs.).
 
-* When multiple frontends are assigned to a public load balancer, there isn't a method to assign flows from particular backend instances to egress on a specific IP.  For more information, see [Multiple frontends for Azure Load Balancer](../../load-balancer/load-balancer-multivip-overview.md).
+* When multiple frontends are assigned to a public load balancer, there isn't a method to assign flows from particular backend instances to egress on a specific IP. For more information, see [Multiple frontends for Azure Load Balancer](../../load-balancer/load-balancer-multivip-overview.md).
 
 ## Next steps