Merge pull request #289094 from sujamiya/firewall1

changed date

Author: prmerger-automator[bot]

articles/firewall/monitor-firewall-reference.md

@@ -1,7 +1,7 @@
 ---
 title: Monitoring data reference for Azure Firewall
 description: This article contains important reference material you need when you monitor Azure Firewall by using Azure Monitor.
-ms.date: 08/08/2024
+ms.date: 10/26/2024
 ms.custom: horz-monitor
 ms.topic: reference
 author: vhorne
@@ -53,13 +53,30 @@ The *AZFW Latency Probe* metric measures the overall or average latency of Azure
 - Monitor and alert if there are any latency or performance issues, so IT teams can proactively engage.  
 - There might be various reasons that can cause high latency in Azure Firewall. For example, high CPU utilization, high throughput, or a possible networking issue.
 
-  This metric doesn't measure end-to-end latency of a given network path. In other words, this latency health probe doesn't measure how much latency Azure Firewall adds.
+**What the AZFW Latency Probe Metric Measures (and Doesn't):**
 
-- When the latency metric isn't functioning as expected, a value of 0 appears in the metrics dashboard.
-- As a reference, the average expected latency for a firewall is approximately 1 ms. This value might vary depending on deployment size and environment.
-- The latency probe is based on Microsoft's Ping Mesh technology. So, intermittent spikes in the latency metric are to be expected. These spikes are normal and don't signal an issue with the Azure Firewall. They're part of the standard host networking setup that supports the system.
+- What it measures: The latency of the Azure Firewall within the Azure platform
+- What it doesn't meaure: The metric does not capture end-to-end latency for the entire network path. Instead, it reflects the performance within the firewall, rather than how much latency Azure Firewall introduces into the network. 
+- Error reporting: If the latency metric isn't functioning correct, it reports a value of 0 in the metrics dashboard, indicating a probe failure or interruption.
 
-  As a result, if you experience consistent high latency that last longer than typical spikes, consider filing a Support ticket for assistance.
+**Factors that impact latency:**
+- High CPU utilization
+- High throughput or traffic load
+- Networking issues within the Azure platform
+
+**Latency Probes: From ICMP to TCP**
+The latency probe currently uses Microsoft's Ping Mesh technology, which is based on ICMP (Internet Control Message Protcol). ICMP is suitable for quick health checks, like ping requests, but it may not accurately represent real-world application traffic, which typically relis on TCP.However, ICMP probes prioritize differently across the Azure platform, which can result in variation across SKUs. To reduce these discrepancies, Azure Firewall plans to transition to TCP-based probes. 
+
+- Latency spikes: With ICMP probes, intermittent spikes are normal and are part of the host network's standard behavior. These should not be misinterpreted as firewall issues unless they are persistent.
+- Average latency: On average, the latency of Azure Firewall is expected to range from 1ms to 10 ms, dpending on the Firewall SKU and deployment size.
+
+**Best Practices for Monitoring Latency**
+- Set a baseline: Establish a latency baseline under light traffic conditions for accurate comparisons during normal or peak usage.
+- Monitor for patterns: Expect occasional latency spikes as part of normal operations. If high latency persists beyond these normal variations, it may indicate a deeper issue requiring investigation.
+- Recommended latency threshold: A recommended guideline is that latency should not exceed 3x the baseline. If this threshold is crossed, further investigation is recommended.
+- Check the rule limit: Ensure that the network rules are within the 20K rule limit. Exceeding this limit can affect performance. 
+- New application onboarding: Check for any newly onboarded applications that could be adding significant load or causing latency issues.
+- Support request: If you observe continuous latency degredation that does not align with expected behavior, consider filing a support ticket for further assistance. 
 
   :::image type="content" source="media/metrics/latency-probe.png" alt-text="Screenshot showing the Azure Firewall Latency Probe metric.":::