AZ firewall parent policy

Question

Is it possible to defined two secured hub with individual policy first and introduced and link parent policy after a year once we identified the common policies or parent policy has to be created and right the beginning of the firewall deployment and cannot be introduced later?

Answer 1

@prasantc

Thank you for reaching out.

I understand you have a question about secured virtual hub and azure firewall policy

Is it possible to defined two secured hub with individual policy first and introduced and link parent policy after a year once we identified the common policies or parent policy has to be created and right the beginning of the firewall deployment and cannot be introduced later?

You can define two secured hubs with individual policies first and then, after a year, once you’ve identified the common policies, you can introduce and link a parent policy. It’s not required to create the parent policy at the start of the firewall deployment; you have the flexibility to introduce it later.

Just stating few points for consideration as documented here

• Parent policy must be in the same region as child policy.
• Network rule collections inherited from a parent policy are always prioritized over network rule collections defined as part of a new policy. The same logic also applies to application rule collections. However, network rule collections are always processed before application rule collections regardless of inheritance.
• Threat Intelligence mode is also inherited from the parent policy.
• NAT rule collections aren't inherited because they're specific to a given firewall.
• With inheritance, any changes to the parent policy are automatically applied down to associated firewall child policies.

Hope this helps! Please let me know if you have any additional questions. Thanks