You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-known-issues.md
+11-4Lines changed: 11 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -2,11 +2,11 @@
2
2
title: Azure Firewall known issues and limitations
3
3
description: Learn about Azure Firewall known issues and limitations.
4
4
services: firewall
5
-
author: vhorne
5
+
author: duongau
6
6
ms.service: azure-firewall
7
7
ms.topic: concept-article
8
-
ms.date: 01/30/2025
9
-
ms.author: victorh
8
+
ms.date: 02/21/2025
9
+
ms.author: duau
10
10
---
11
11
12
12
# Azure Firewall known issues and limitations
@@ -15,6 +15,14 @@ This article lists the known issues for [Azure Firewall](overview.md) and is upd
15
15
16
16
For Azure Firewall limitations, see [Azure subscription and service limits, quotas, and constraints](../azure-resource-manager/management/azure-subscription-service-limits.md#azure-firewall-limits).
17
17
18
+
> [!IMPORTANT]
19
+
> ## Capacity constraint
20
+
> These regions are currently experiencing capacity constraint for Azure Firewall Standard and Premium SKU.
21
+
>
22
+
> | Region | Restriction | Recommendation |
23
+
> | -- | -- | -- |
24
+
> |Unavailable firewall deployments: </br>- **Physical zone 2** in **_North Europe_** </br>- **Physical zone 3** in **_South East Asia_** | You can’t deploy a new firewall with physical zone 2 in North Europe and physical zone 3 in South East Asia. Additionally, if you stop an existing firewall that is deployed in these zones, it can't be restarted. For more information, see [Physical and logical availability zones](../reliability/availability-zones-overview.md#physical-and-logical-availability-zones). | For new firewalls, deploy with the remaining availability zones or use a different region. To configure an existing firewall, see [How can I configure availability zones after deployment?](firewall-faq.yml#how-can-i-configure-availability-zones-after-deployment).
25
+
18
26
## Azure Firewall Standard
19
27
20
28
Azure Firewall Standard has the following known issues:
@@ -52,7 +60,6 @@ Azure Firewall Standard has the following known issues:
52
60
| Error encountered when creating more than 2,000 rule collections. | The maximal number of NAT/Application or Network rule collections is 2000 (Resource Manager limit). | This is a current limitation. |
53
61
|XFF header in HTTP/S|XFF headers are overwritten with the original source IP address as seen by the firewall. This is applicable for the following use cases:<br>- HTTP requests<br>- HTTPS requests with TLS termination|A fix is being investigated.|
54
62
|Can’t deploy Firewall with Availability Zones with a newly created Public IP address|When you deploy a Firewall with Availability Zones, you can’t use a newly created Public IP address.|First create a new zone redundant Public IP address, then assign this previously created IP address during the Firewall deployment.|
55
-
|Physical zone 2 in North Europe is unavailable for firewall deployments.|You can’t deploy a new firewall with physical zone 2. Additionally, if you stop an existing firewall that is deployed in physical zone 2, it can't be restarted. For more information, see [Physical and logical availability zones](../reliability/availability-zones-overview.md#physical-and-logical-availability-zones).|For new firewalls, deploy with the remaining availability zones or use a different region. To configure an existing firewall, see [How can I configure availability zones after deployment?](firewall-faq.yml#how-can-i-configure-availability-zones-after-deployment).
0 commit comments