Share via

We have an Azure Virtual WAN deployement secure by Azure Firewall High Availability

De Muyter, Frederik (INF) 20 Reputation points
2024-12-16T12:23:16.32+00:00

Do i understand correctly that everthing inside virtual WAN is deployed automaticaly in Availability zones? Besides the Azure Firewall components for this you need to redeploy them.

https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq

I don't see any avvailability zones when looking at my firewall config using powershell.

az network firewall list

Can anybody confirm that has deployed in availibility zones this is working.

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
233 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
702 questions
0 comments
Accepted answer
  1. Marcin Policht 29,885 Reputation points MVP
    2024-12-16T13:45:51.01+00:00

    AFAIK, your understanding is correct. Here’s the breakdown:

    In supported regions, resources within a Virtual WAN like virtual hubs and gateways, are automatically deployed across availability zones.

    For Azure Firewall, availability zones are not configured automatically during the initial deployment. If you want the Azure Firewall to support availability zones, you need to explicitly specify this during deployment using the --zones parameter with the Azure CLI or relevant templates.

    To verify if your Azure Firewall is deployed in specific zones, you can inspect its deployment details using:

    az network firewall show --name <FirewallName> --resource-group <ResourceGroupName>

    Check the output for the zones property. If it’s empty, the firewall is not associated with any availability zones.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rohith Vinnakota 1,515 Reputation points Microsoft Vendor
    2024-12-16T15:01:08.2133333+00:00

    Hi @De Muyter, Frederik (INF)

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    Do i understand correctly that everthing inside virtual WAN is deployed automaticaly in Availability zones? Besides the Azure Firewall components for this you need to redeploy them.

    Yes, you're right.https://learn.microsoft.com/en-us/azure/virtual-wan/virtual-wan-faq#how-are-availability-zones-and-resiliency-handled-in-virtual-wan

    Can anybody confirm that has deployed in availibility zones this is working.

    Currently, Azure Firewall can be deployed to support Availability Zones using Azure Firewall Manager Portal, PowerShell or CLI. There's currently no way to configure an existing Firewall to be deployed across availability zones. You'll need to delete and redeploy your Azure Firewall.

    Refer this link:
    https://learn.microsoft.com/en-us/powershell/module/az.network/new-azfirewall?view=azps-13.0.0#example-6-create-a-firewall-with-no-rules-and-with-availability-zones

    If you have any further queries, do let us know.

    Thanks,

    Rohith

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.