Update FAQ on forced tunneling support for firewalls

aktsmm · web-flow · commit eba3800e51d7 · 2025-10-16T16:25:42.000+09:00
Clarified support for forced tunneling in Azure Firewall, including details for existing firewalls and management NICs.
diff --git a/articles/firewall/firewall-faq.yml b/articles/firewall/firewall-faq.yml
@@ -268,7 +268,7 @@ sections:
 
       - question: Is forced tunneling/chaining to a Network Virtual Appliance supported?
         answer: |
-          Forced tunneling is supported when you create a new firewall. You can't configure an existing firewall for forced tunneling. For more information, see [Azure Firewall forced tunneling](forced-tunneling.md).
+          Forced tunneling is supported when creating a new firewall, and it is also supported for existing firewalls by adding a management NIC for forced tunneling. For more details about new deployments, see [Azure Firewall forced tunneling](forced-tunneling.md). For existing firewalls, see [Azure Firewall Management NIC](management-nic.md).
 
           Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override this with a 0.0.0.0/0 UDR with the **NextHopType** value set as **Internet** to maintain direct Internet connectivity.
 
