Today I had to deploy Azure Firewall Premium SKU in a Virtual WAN hub in Southeast Asia region. I used the same script as I’ve been using previously with the same customer, but I kept getting an error:
New-AzFirewall : Long running operation failed with status ‘Failed’. Additional Info:’An error occurred.’
StatusCode: 200
ReasonPhrase: OK
Status: Failed
ErrorCode: InternalServerError
ErrorMessage: An error occurred.
At line:1 char:9
- $AzFW = New-AzFirewall -Name (“afw-” + $locationShort + “-Firewall-PR …
~~~~~~~~~~~~~
- CategoryInfo : CloseError: (:) [New-AzFirewall], NetworkCloudException
- FullyQualifiedErrorId : Microsoft.Azure.Commands.Network.NewAzureFirewallCommand
The firewall resource was created, but ended up in a failed state. I started going through my script, but I couldn’t find anything wrong there. Trying through the portal didn’t let me choose Availability Zones neither for Standard or Premium configuration:
I then looked up the documentation for Azure Firewall Premium which led me to the Azure products available by region site and looked up Azure Firewall:
Clearly Azure Firewall is supported, right? I then looked up Availability Zone support, though I was quite sure Southeast Asia got AZ’s years ago. And correct, in 2018 this was generally available in Southeast Asia.
My final try was to deploy a new network, with the same Firewall configuration, but without Virtual WAN hubs through the portal. Doing this led me to an error that explained what was wrong:
So it was the combination of Azure Firewall Premium and Availability Zones, that caused issues. I guess we’ll go with no zones then, and redeploy later.
Cloudpuzzles 