Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Firewall not getting private IPs #2352

Open
StefanW86 opened this issue Nov 13, 2024 · 1 comment
Open

Azure Firewall not getting private IPs #2352

StefanW86 opened this issue Nov 13, 2024 · 1 comment
Labels
Needs: Triage 🔍

Comments

@StefanW86
Copy link

StefanW86 commented Nov 13, 2024
edited
Loading

Bicep version
Deployment through VS Code mit extension version v0.31.34

I deploy an Azure Firewall with bicep. The deployment runs smoothly, but the firewall does not receive any IPs from the AzureFirewallSubnet and the subnets are not displayed in the firewall.
It is also interesting that the deployment of the firewall only takes about 5-7 seconds.
If I look for connected devices in the vnet, the firewall is displayed.
If I deploy the firewall via an ARM template, the subnet is assigned correctly and private IPs are also assigned.
The deployment then takes about 7 minutes.
Something seems to be wrong with the bicep deployment.

To Reproduce

resource firewall 'Microsoft.Network/azureFirewalls@2024-03-01' = {
  name: FirewallName
  location: resourceGroup().location
  properties: {
    sku: {
      name: 'AZFW_Hub'
      tier: 'Premium'
    }
    ipConfigurations: [
      {
        name: 'ipconfig1'
        properties: {
          publicIPAddress: {
            id: publicIP.id
          }
          subnet: {
            id: resourceId('Microsoft.Network/virtualNetworks/subnets', 'vn_001', 'AzureFirewallSubnet') 
          }
        }
      }    
    ]
    firewallPolicy: {
      id: firewallPolicyId
    }
  }
}

und hier das ARM Template

"resources": [
        {
            "apiVersion": "2020-05-01",
            "type": "Microsoft.Network/azureFirewalls",
            "name": "[parameters('azureFirewallName')]",
            "location": "[parameters('location')]",
            "zones": "[parameters('zones')]",
            "dependsOn": [],
            "properties": {
                "ipConfigurations": [
                    {
                        "name": "[parameters('publicIpAddressName')]",
                        "properties": {
                            "subnet": {
                                "id": "[parameters('subnetId')]"
                            },
                            "publicIpAddress": {
                                "id": "[parameters('publicIpAddressId')]"
                            }
                        }
                    }
                ],
                "sku": {
                    "tier": "[parameters('azureFirewallTier')]"
                },
                "firewallPolicy": {
                    "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourcegroups/rg_000/providers/Microsoft.Network/firewallPolicies/WhiteList"
                }
            },
            "tags": {}
        }
    ]

The screenshot shows that there is no private IP and no assigned subnet
Image

And last but not least, if you look at the json of the firewall deployed with bicep, you can also see that the subnet is assigned.

{
    "name": "azFirewall",
    "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourceGroups/rg_000/providers/Microsoft.Network/azureFirewalls/azFirewall",
    "etag": "W/\"a8b73db4-458e-4a72-a304-cb0706fb9c7a\"",
    "type": "Microsoft.Network/azureFirewalls",
    "location": "germanywestcentral",
    "properties": {
        "provisioningState": "Succeeded",
        "sku": {
            "name": "AZFW_Hub",
            "tier": "Premium"
        },
        "additionalProperties": {},
        "ipConfigurations": [
            {
                "name": "ipconfig1",
                "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourceGroups/rg_000/providers/Microsoft.Network/azureFirewalls/azFirewall/azureFirewallIpConfigurations/ipconfig1",
                "etag": "W/\"a8b73db4-458e-4a72-a304-cb0706fb9c7a\"",
                "type": "Microsoft.Network/azureFirewalls/azureFirewallIpConfigurations",
                "properties": {
                    "provisioningState": "Succeeded",
                    "privateIPAllocationMethod": "Dynamic",
                    "publicIPAddress": {
                        "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourceGroups/rg_000/providers/Microsoft.Network/publicIPAddresses/azFirewall-publicIPAddress"
                    },
                    "subnet": {
                        "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourceGroups/rg_000/providers/Microsoft.Network/virtualNetworks/vn_001/subnets/AzureFirewallSubnet"
                    }
                }
            }
        ],
        "firewallPolicy": {
            "id": "/subscriptions/db05b715-3e5d-4136-bebc-7b0fdd366616/resourceGroups/rg_000/providers/Microsoft.Network/firewallPolicies/WhiteList"
        }
    }
}
@stephaniezyen
Copy link
Contributor

This looks to be a Microsoft.Network RP issue, please open a support ticket with this team

@stephaniezyen stephaniezyen transferred this issue from Azure/bicep Nov 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs: Triage 🔍
Projects
Bicep
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@StefanW86 @stephaniezyen