TLDR: Fix it
- If you have removed/deleted a Firewall policy or attachment to the Azure Firewall – re-attach it, or create the policy/attachment with the same name (you will see the name in the CLI output as detailed below).
- Once you have re-attached, re-created (just empty policy with same name) you can then delete the Firewall (recommended using Azure Cloud PowerShell) with command:
- Obviously updating -Name and -ResourceGroup parameters.
Remove-AzFirewall -Name "ZOAK-SecureGateway-Firewall" -ResourceGroupName "ZOAK-SecureAccessGateway-ResourceGroup" -Force
Remove-AzFirewall: Long running operation failed with status ‘Failed’
$ Remove-AzFirewall -Name "ZOAK-SecureGateway-Firewall" -ResourceGroupName "ZOAK-SecureAccessGateway-ResourceGroup"
... Remove-AzFirewall: Long running operation failed with status 'Failed'. Additional Info:'The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix' StatusCode: 200 ReasonPhrase: OK Status: Failed ErrorCode: ResourceNotFound ErrorMessage: The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found. For more details please go to https://aka.ms/ARMResourceNotFoundFix
- Was creating a test environment implementing Use Azure Firewall to protect Azure Virtual Desktop | Microsoft Learn.
- Went to apply RDS-Templates/AzureFirewallPolicyForAVD at master · Azure/RDS-Templates · GitHub to enable the Virtual Desktop hosts to talk to MS endpoints… which failed because the Azure firewall SKU I chose when initiatlly deploying was of type: ‘basic’
- I tried changing the SKU but didn’t read: Azure Firewall easy upgrade/downgrade | Microsoft Learn…. which states:
- This new upgrade/downgrade capability doesn’t currently support the Azure Firewall Basic SKU (why have the ‘Change SKU’ button then??)
- So… when to delete the firewall… which seemed to hang (was only looking via the UI).
- Went to use CLI from my workstation… and ran into SSL error when trying to authenticate with MFA (which I couldn’t work around quickly….) so used the Azure Cloud PowerShell which I would recommend for anyone getting frustrated (or blocked by workstation restrictions) with local PowerShell – you can upload scripts and inputs simply and there are no issue with auth, modules, versions, dependencies, etc.
Once attempting to delete via CLI I actually got a meaningful error message:
Additional Info:'The Resource 'Microsoft.Network/firewallPolicies/ZOAK-SecureGateway-Firewall-BasicPolicy' under resource group 'ZOAK-SecureAccessGateway-ResourceGroup' was not found.
That resource had already been deleted… so, re-recreate (just and empty policy) with same name… attached it, then I could delete.