You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/firewall/firewall-faq.md
+7-3Lines changed: 7 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@ services: firewall
5
5
author: vhorne
6
6
ms.service: firewall
7
7
ms.topic: conceptual
8
-
ms.date: 03/20/2020
8
+
ms.date: 03/23/2020
9
9
ms.author: victorh
10
10
---
11
11
@@ -73,7 +73,7 @@ Azure Firewall is a managed service with multiple protection layers, including p
73
73
74
74
## How do I set up Azure Firewall with my service endpoints?
75
75
76
-
For secure access to PaaS services, we recommend service endpoints. You can choose to enable service endpoints in the Azure Firewall subnet and disable them on the connected spoke virtual networks. This way you benefit from both features-- service endpoint security and central logging for all traffic.
76
+
For secure access to PaaS services, we recommend service endpoints. You can choose to enable service endpoints in the Azure Firewall subnet and disable them on the connected spoke virtual networks. This way you benefit from both features: service endpoint security and central logging for all traffic.
77
77
78
78
## What is the pricing for Azure Firewall?
79
79
@@ -146,9 +146,13 @@ If you configure ***.contoso.com**, it allows *anyvalue*.contoso.com, but not co
146
146
147
147
Whenever a configuration change is applied, Azure Firewall attempts to update all its underlying backend instances. In rare cases, one of these backend instances may fail to update with the new configuration and the update process stops with a failed provisioning state. Your Azure Firewall is still operational, but the applied configuration may be in an inconsistent state, where some instances have the previous configuration where others have the updated rule set. If this happens, try updating your configuration one more time until the operation succeeds and your Firewall is in a *Succeeded* provisioning state.
148
148
149
-
###How does Azure Firewall handle planned maintenance and unplanned failures?
149
+
## How does Azure Firewall handle planned maintenance and unplanned failures?
150
150
Azure Firewall consists of several backend nodes in an active-active configuration. For any planned maintenance, we have connection draining logic to gracefully update nodes. Updates are planned during non-business hours for each of the Azure regions to further limit risk of disruption. For unplanned issues, we instantiate a new node to replace the failed node. Connectivity to the new node is typically reestablished within 10 seconds from the time of the failure.
151
151
152
+
## How does connection draining work?
153
+
154
+
For any planned maintenance, connection draining logic gracefully updates backend nodes. Azure Firewall waits 90 seconds for existing connections to close. If needed, clients can automatically re-establish connectivity to another backend node.
155
+
152
156
## Is there a character limit for a firewall name?
153
157
154
158
Yes. There's a 50 character limit for a firewall name.
0 commit comments