You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/ip-services/configure-public-ip-firewall.md
+9-13Lines changed: 9 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,8 +7,7 @@ ms.author: mbender
7
7
ms.service: azure-virtual-network
8
8
ms.subservice: ip-services
9
9
ms.topic: how-to
10
-
ms.date: 08/24/2023
11
-
ms.custom: FY23 content-maintenance
10
+
ms.date: 01/07/2025
12
11
---
13
12
14
13
# Manage a public IP address by using Azure Firewall
@@ -31,7 +30,7 @@ In this section, you create an Azure firewall. Use the first IP address you crea
31
30
32
31
1. In the [Azure portal](https://portal.azure.com/), search for and select *Firewalls*.
33
32
34
-
2. On the **Firewalls page**, select **Create**.
33
+
2. On the **Azure Firewalls** page, select **+ Create**.
35
34
36
35
3. In **Create firewall**, enter or select the following information.
37
36
@@ -52,21 +51,18 @@ In this section, you create an Azure firewall. Use the first IP address you crea
52
51
| Address space | Enter **10.0.0.0/16**. |
53
52
| Subnet address space | Enter **10.0.0.0/26**. |
54
53
| Public IP address | Select **myStandardPublicIP-1** or your public IP. |
55
-
|Forced tunneling | Leave the default of **Disabled**.|
56
-
57
-
54
+
|**Firewall Management NIC**||
55
+
| Enable Firewall Management NIC | Uncheck the box. |
56
+
58
57
4. Select **Review + create**.
59
58
60
59
5. Select **Create**.
61
60
62
61
The following image shows the **Create firewall** page with the example information.
63
62
64
-
:::image type="content" source="./media/create-public-ip-firewall/create-azure-firewall.png" alt-text="Screenshot that shows the Create firewall page with the example information." lightbox="./media/create-public-ip-firewall/create-azure-firewall-lightbox.png":::
65
-
66
-
67
63
## Change the public IP address for a firewall
68
64
69
-
In this section, you change the public IP address associated with the firewall. A firewall must have at least one public IP address associated with its configuration. You can't update the IP address if the firewall's existing IP has any destination network address translation (DNAT) rules associated with it.
65
+
In this section, you change the public IP address associated with the firewall. A firewall must have at least one public IP address associated with its configuration. You can't update the IP address if the firewall's existing IP has any destination network address translation (DNAT) rules associated with it.
70
66
71
67
1. In the Azure portal, search for and select *Firewalls*.
72
68
@@ -76,12 +72,12 @@ In this section, you change the public IP address associated with the firewall.
76
72
77
73
4. In **Public IP configuration**, select **myStandardPublicIP-1**.
78
74
79
-
5. In the **Edit public IP configuration** window, select the**Public IP address** dropdown, and then select **myStandardPublicIP-2**.
75
+
5. In the **Edit public IP configuration** window, select **myStandardPublicIP-2** from the dropdown.
80
76
6. Select **Save**.
81
77
82
78
## Add a public IP configuration to a firewall
83
79
84
-
In this section, you add a public IP configuration to Azure Firewall. For more information about multiple IPs, see [Multiple public IP addresses](../../firewall/features.md#multiple-public-ip-addresses).
80
+
In this section, you add a public IP configuration to Azure Firewall. For more information about multiple IPs, see [Multiple public IP addresses](../../firewall/features.md#multiple-public-ip-addresses).
85
81
86
82
1. In the Azure portal, search for and select *Firewalls*.
87
83
@@ -105,7 +101,7 @@ In this section, you add a public IP configuration to Azure Firewall. For more i
105
101
This example is a simple deployment of Azure Firewall. For advanced configuration and setup, see [Tutorial: Deploy and configure Azure Firewall and policy by using the Azure portal](../../firewall/tutorial-firewall-deploy-portal-policy.md). When associated with multiple public IPs, Azure Firewall randomly selects the first source Public IP for outbound connectivity and only uses the next available Public IP after no more connections can be made from the current public IP due to SNAT port exhaustion. You can associate a [network address translation (NAT) gateway](/azure/nat-gateway/nat-overview) to a Firewall subnet to extend the scalability of source network address translation (SNAT). With this configuration, all outbound traffic uses the public IP address or addresses of the NAT gateway. For more information, see [Scale SNAT ports with Azure Virtual Network NAT](../../firewall/integrate-with-nat-gateway.md).
106
102
107
103
> [!NOTE]
108
-
> It is recommended to instead use [NAT Gateway](../../nat-gateway/nat-overview.md) to provide dynamic scalability of your outbound connectivity.
104
+
> It's recommended to instead use [NAT Gateway](../../nat-gateway/nat-overview.md) to provide dynamic scalability of your outbound connectivity.
109
105
> Protocols other than Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) in network filter rules are unsupported for SNAT to the public IP of the firewall.
110
106
> You can integrate an Azure firewall with the Standard SKU load balancer to protect backend pool resources. If you associate the firewall with a public load balancer, configure ingress traffic to be directed to the firewall public IP address. Configure egress via a user-defined route to the firewall public IP address. For more information and setup instructions, see [Integrate Azure Firewall with Azure Standard Load Balancer](../../firewall/integrate-lb.md).
0 commit comments