question

jhueppauff avatar image
1 Vote"
jhueppauff asked JoeGC commented

Update of Azure Firewall Policies failes - faulted referenced firewalls

Hi all,

I try to create a Firewall (vWAN Secured Hub) using an ARM Template (actually as part of a blueprint).
The initial deployment works like a charm. But when I try to update the blueprint assignment and thus triggering a new deployment I get the following error: 

 {
     "status": "Failed",
     "error": {
         "code": "FirewallPolicyUpdateFailed",
         "message": "Put on Firewall Policy [Firewall-Policy-Name] Failed with 1 faulted referenced firewalls"
     }
 }

No changes are made to the template after the initial deployment


azure-firewallazure-firewall-manager
· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaiKishor-MSFT avatar image SaiKishor-MSFT ·

@jhueppauff Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with your Firewall policy Update.

To understand better, can you please explain further regarding what you tried to update un the ARM template that caused this error? Also can you post the error in more detail so we can understand the cause for the same? Thank you!

0 Votes 0 ·
jhueppauff avatar image jhueppauff SaiKishor-MSFT ·

I haven't changed the ARM template after the initial deployment. When I try to deploy the same arm template again it will fail.
First deployment is sucessful, deleting and resubmitting the template works as well only when the policy already exists it fails

0 Votes 0 ·
TomaszL-0445 avatar image TomaszL-0445 ·

I`m facing the same issue while using different tools. In my case it is deployment of Azure Firewall together with the firewall policy and ruleCollectionGroups from a bicep template. The first initial deployment to a clean subscription completes successfully. However the next one, with unchanged template and no changes in parameters results in a failure for the Microsoft.Network/firewallPolicies/ruleCollectionGroups resources with the same error that jhueppauff has. I would expect that to be idempotent and just complete successfully when the rules are already in place?

0 Votes 0 ·

1 Answer

TomaszL-0445 avatar image
2 Votes"
TomaszL-0445 answered JoeGC commented

It seems I found a possible solution - the issue seem to come from the fact that ARM deploys all the ruleCollectionGroups in parallel or at least not sequentially. When I set explicit dependency between ruleCollectionGroups (I have 2 currently) in my bicep template the error did not appear anymore across multiple redeployments.
I guess it is worth a try :)

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JoeGC avatar image JoeGC ·

This resolved my issue too, thanks!

1 Vote 1 ·