You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/management-nic.md
+35-1Lines changed: 35 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -86,6 +86,40 @@ Now when you view the firewall in the Azure portal, you see the assigned Managem
86
86
> [!NOTE]
87
87
> If you remove all other IP address configurations on your firewall, the management IP address configuration is removed as well, and the firewall is deallocated. The public IP address assigned to the management IP address configuration can't be removed, but you can assign a different public IP address.
88
88
89
+
## Deploying a New Azure Firewall with Management NIC for Forced Tunneling
90
+
91
+
If you prefer to deploy a new Azure Firewall instead of the Stop/Start method, make sure to include a Management Subnet and Management NIC as part of your configuration.
92
+
93
+
**Important Note**
94
+
***Single Firewall per Virtual Network (VNET)**: Since two firewalls cannot exist within the same virtual network, it is recommended to delete the old firewall before starting the new deployment if you plan to reuse the same VNET.
95
+
***Pre-create Subnet**: Ensure the **AzureFirewallManagementSubnet** is created in advance to avoid deployment issues when using an existing VNET.
96
+
97
+
**Prerequisites**
98
+
* Create the **AzureFirewallManagementSubnet**:
99
+
* Minimum subnet size: /26
100
+
* Example: 10.0.1.0/26
101
+
102
+
**Deployment Steps**
103
+
1. Go to **Create a Resource** in the Azure Portal.
104
+
1. Search for **Firewall** and select **Create**.
105
+
1. On the Create a Firewall page, configure the following:
106
+
* **Subscription**: Select your subscription.
107
+
* **Resource Group**: Select or create a new resource group.
108
+
* **Name**: Enter a name for the firewall.
109
+
* **Region**: Choose your region.
110
+
* **Firewall SKU**: Select Basic, Standard, or Premium.
111
+
* **Virtual Network**: Create a new virtual network or use an existing one.
112
+
* Address space: e.g., 10.0.0.0/16
113
+
* Subnet for AzureFirewallSubnet: e.g., 10.0.0.0/26
114
+
* **Public IP Address**: Add new Public IP
115
+
* Name: e.g., FW-PIP
116
+
1. Firewall Management NIC
117
+
* Select **Enable Firewall Management NIC**
118
+
* Subnet for AzureFirewallManagementSubnet: e.g., 10.0.1.0/24
119
+
* Create Management public IP address: e.g., Mgmt-PIP
120
+
1. Select **Review + Create** to validate and deploy the firewall. This will take a few minutes to deploy.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments