How to reboot or restart an Azure Firewall?
In this scenario, I have an Azure Firewall (AzFirewall) Platform-as-a-Service
(PaaS) resource. I have experience an issue where I cannot observe any incoming
traffic on my logs after some minor changes to the firewall rules and I want to
restart or reboot my firewall. But there isn’t any restart or reboot options in
Azure, that’s where I explored and found that Azure PowerShell can allocate and
deallocate the resource, and created this Restart-AzFirewall cmdlet instead.
↑Top
Problem
I am unable to restart or reboot an Azure Firewall (AzFirewall).
↑Top
Solution
-
Create a Restart-AzFirewall.psm1 file
-
Copy and paste the code below into the file and save it
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<#
.Synopsis
Restarts an Azure Firewall.
.Description
Restarts an Azure Firewall. This function retains the existing Azure Firewall
configurations prior to deallocating the resource to stop the Azure Firewall
and reallocating the resource with those previously retained Azure Firewall
configurations to start the Azure Firewall.
.Parameter Name
Specifies the name of the Azure Firewall that this cmdlet will restarts.
.Parameter ResourceGroupName
Specifies the name of a resource group to contain the Firewall.
.Example
# Restart the Azure Firewall.
Restart-AzFirewall -Name "myAzureFirewall" -ResourceGroupName "myResourceGroup"
.Example
# Restart the Azure Firewall with Verbose outputs.
Restart-AzFirewall -Name "myAzureFirewall" -ResourceGroupName "myResourceGroup" -Verbose
.INPUTS
System.String
.OUTPUTS
System.Object
.NOTES
Author: Ryen Tang
GitHub: https://github.com/kiazhi
#>
function Restart-AzFirewall {
[CmdletBinding()]
param (
[Parameter(Mandatory)]
[String] $Name,
[Parameter(Mandatory)]
[String] $ResourceGroupName
)
begin {}
process {
$AzFirewall = Get-AzFirewall `
-Name $Name `
-ResourceGroupName $ResourceGroupName
$ExistingPublicIpAddressName = (Get-AzResource -ResourceId (((Get-AzFirewall `
-Name $Name `
-ResourceGroupName $ResourceGroupName).IpConfigurations).PublicIpAddress).Id).Name
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose `
-Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Existing azFirewall Public Ip Address Name: $ExistingPublicIpAddressName")
}
$ExistingPublicIpAddressResourceGroupName = (Get-AzResource -ResourceId (((Get-AzFirewall `
-Name $Name `
-ResourceGroupName $ResourceGroupName).IpConfigurations).PublicIpAddress).Id).ResourceGroupName
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose `
-Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Existing azFirewall Public Ip Address Resource Group Name: $ExistingPublicIpAddressResourceGroupName")
}
$ExistingVirtualNetworkName = (Get-AzResource `
-Name $(((Get-AzResource -ResourceId (((Get-AzFirewall `
-Name $Name `
-ResourceGroupName $ResourceGroupName).IpConfigurations).Subnet).Id)).ParentResource -replace '.*/','') `
-ResourceType 'Microsoft.Network/virtualNetworks').Name
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose `
-Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Existing azFirewall Virtual Network Name: $ExistingVirtualNetworkName")
}
$ExistingVirtualNetworkResourceGroupName = (Get-AzResource `
-Name $(((Get-AzResource -ResourceId (((Get-AzFirewall `
-Name $Name `
-ResourceGroupName $ResourceGroupName).IpConfigurations).Subnet).Id)).ParentResource -replace '.*/','') `
-ResourceType 'Microsoft.Network/virtualNetworks').ResourceGroupName
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose `
-Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Existing azFirewall Virtual Network Resource Group Name: $ExistingVirtualNetworkResourceGroupName")
}
$AzFirewall.Deallocate()
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose -Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Stopping azFirewall")
}
Set-AzFirewall `
-AzureFirewall $AzFirewall
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose -Message $("$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - " `
+ "Stopped azFirewall")
}
$VirtualNetwork = Get-AzVirtualNetwork `
-Name $ExistingVirtualNetworkName `
-ResourceGroupName $ExistingVirtualNetworkResourceGroupName
$PublicIpAddress = Get-AzPublicIpAddress `
-Name $ExistingPublicIpAddressName `
-ResourceGroupName $ExistingPublicIpAddressResourceGroupName
$AzFirewall.Allocate($VirtualNetwork,$PublicIpAddress)
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose -Message "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - Starting azFirewall"
}
Set-AzFirewall -AzureFirewall $AzFirewall
if($PSCmdlet.MyInvocation.BoundParameters["Verbose"].IsPresent) {
Write-Verbose -Message "$(Get-Date -Format 'yyyy-MM-dd HH:mm:ss zzzz') - Started azFirewall"
}
}
end {}
}
-
Import the Restart-AzFirewall.psm1 module
-
Type the following below.
1
Restart-AzFirewall -Name "myAzureFirewall" -ResourceGroup "myAzureFirewallResourceGroup" -Verbose
↑Top
Update
If you are interested with the Restart-AzFirewall.psm1 source code, it is
currently published on Github’s kiazhi/Restart-AzFirewall
repository. Hope it helps to make your life easier.
↑Top
References
↑Top
Related Books
↑Top