You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-faq.md
+4-10Lines changed: 4 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: firewall
5
5
author: vhorne
6
6
ms.service: firewall
7
7
ms.topic: conceptual
8
-
ms.date: 03/31/2020
8
+
ms.date: 04/10/2020
9
9
ms.author: victorh
10
10
---
11
11
@@ -167,17 +167,11 @@ No. Azure Firewall doesn't need a subnet bigger than /26.
167
167
168
168
## How can I increase my firewall throughput?
169
169
170
-
Azure Firewall's initial throughput capacity is 2.5 - 3 Gbps and it scales out to 30 Gbps. It scales out based on CPU usage and throughput. Contact Support to increase your firewall's throughput capacity.
170
+
Azure Firewall's initial throughput capacity is 2.5 - 3 Gbps and it scales out to 30 Gbps. It scales out automatically based on CPU usage and throughput.
171
171
172
172
## How long does it take for Azure Firewall to scale out?
173
173
174
-
It takes from five to seven minutes for Azure Firewall to scale out. Contact Support to increase your firewall's initial throughput capacity if you have bursts that require a faster autoscale.
175
-
176
-
The following points should be taken into account when you test the firewall autoscale:
177
-
178
-
- Single TCP flow performance is limited to 1.4 Gbps. So, a performance test needs to establish multiple TCP flows.
179
-
- Performance tools must continuously establish new connections for them to connect with the scaled-up backend Firewall instances. If the test establishes connections once at the start, then those will only connect with the initial backend instances. Even though the firewall scales up, you won't see any increased performance because the connections are associated with the initial instances.
180
-
174
+
Azure Firewall gradually scales when average throughput or CPU consumption is at 60%. Scale out takes five to seven minutes. When performance testing, make sure you test for at least 10 to 15 minutes, and initiate new connections to take advantage of newly created Firewall nodes.
181
175
182
176
## Does Azure Firewall allow access to Active Directory by default?
## Why can a TCP ping and similar tools successfully connect to a target FQDN even when no rule on Azure Firewall allows that traffic?
209
203
210
-
A TCP ping is not actually connecting to the target FQDN. This happens because Azure Firewall's transparent proxy listens on port 80/443 for outbound traffic. The TCP ping establishes a connection with the firewall, which then drops the packet and logs the connection. This behavior doesn't have any security impact. However, to avoid confusion we're investigating potential changes to this behavior.
204
+
A TCP ping isn't actually connecting to the target FQDN. This happens because Azure Firewall's transparent proxy listens on port 80/443 for outbound traffic. The TCP ping establishes a connection with the firewall, which then drops the packet and logs the connection. This behavior doesn't have any security impact. However, to avoid confusion we're investigating potential changes to this behavior.
211
205
212
206
## Are there limits for the number of IP addresses supported by IP Groups?
0 commit comments