Merge pull request #313839 from duongau/firewall-freshness-review-564969-P2a

Azure Firewall P2a freshness review - metadata, cmdlet links, PS formatting

Author: v-shils

articles/firewall/create-ip-group.md

@@ -1,20 +1,19 @@
 ---
-title: Create IP Groups in Azure Firewall 
-description: IP Groups allow you to group and manage IP addresses for Azure Firewall rules.
-services: firewall
+title: Create IP Groups in Azure Firewall
+description: Create IP Groups to group and manage IP addresses for Azure Firewall rules.
 author: duongau
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: how-to
-ms.date: 10/31/2022
-ms.author: duau 
-ms.custom: devx-track-azurepowershell, devx-track-azurecli 
+ms.date: 03/28/2026
+ms.custom: devx-track-azurepowershell, devx-track-azurecli
 ms.devlang: azurecli
 # Customer intent: "As a network administrator, I want to create and manage IP Groups for Azure Firewall, so that I can efficiently configure and enforce firewall rules based on grouped IP addresses."
 ---
 
 # Create IP Groups
 
-IP Groups allow you to group and manage IP addresses for Azure Firewall rules. They can have a single IP address, multiple IP addresses, or one or more IP address ranges.
+IP Groups help you group and manage IP addresses for Azure Firewall rules. They can include a single IP address, multiple IP addresses, or one or more IP address ranges.
 
 ## Create an IP Group - Azure portal
 
@@ -29,13 +28,13 @@ To create an IP Group by using the Azure portal:
 1. Select **Next: IP addresses**.
 1. Type an IP address, multiple IP addresses, or IP address ranges.
 
-   There are two ways to enter IP addresses:
-   - You can manually enter them
-   - You can import them from a file
+   Enter IP addresses in one of two ways:
+   - Manually enter them.
+   - Import them from a file.
 
-   To import from a file, select **Import from a file**. You may either drag your file to the box or select **Browse for files**. If necessary, you can review and edit your uploaded IP addresses.
+   To import from a file, select **Import from a file**. You can either drag your file to the box or select **Browse for files**. If necessary, you can review and edit your uploaded IP addresses.
 
-   When you type an IP address, the portal validates it to check for overlapping, duplicates, and formatting issues.
+   When you type an IP address, the portal validates it to check for overlapping, duplicates, and formatting problems.
 
 1. When finished, select **Review + Create**.
 1. Select **Create**.
@@ -49,7 +48,7 @@ $ipGroup = @{
     Name              = 'ipGroup'
     ResourceGroupName = 'Test-FW-RG'
     Location          = 'East US'
-    IpAddress         = @('10.0.0.0/24', '192.168.1.10') 
+    IpAddress         = @('10.0.0.0/24', '192.168.1.10')
 }
 
 New-AzIpGroup @ipGroup

articles/firewall/deploy-firewall-basic-portal-policy.md

@@ -1,56 +1,56 @@
 ---
 title: Deploy Azure Firewall with multiple public IP addresses using PowerShell
-description: In this article, you learn how to deploy an Azure Firewall with multiple public IP addresses using the Azure PowerShell. 
-services: firewall
+description: Deploy an Azure Firewall with multiple public IP addresses using Azure PowerShell.
 author: duongau
+ms.author: duau
 ms.service: azure-firewall
 ms.topic: how-to
-ms.date: 10/24/2022
-ms.author: duau 
+ms.date: 03/28/2026
 ms.custom: devx-track-azurepowershell
 # Customer intent: "As a network administrator, I want to deploy Azure Firewall with multiple public IP addresses using PowerShell, so that I can efficiently manage incoming and outgoing network traffic while ensuring high availability and reducing port exhaustion."
 ---
 
-# Deploy an Azure Firewall with multiple public IP addresses using Azure PowerShell
+# Deploy an Azure Firewall with multiple public IP addresses by using Azure PowerShell
 
 This feature enables the following scenarios:
 
 - **DNAT** - You can translate multiple standard port instances to your backend servers. For example, if you have two public IP addresses, you can translate TCP port 3389 (RDP) for both IP addresses.
-- **SNAT** - Additional ports are available for outbound SNAT connections, reducing the potential for SNAT port exhaustion. Azure Firewall randomly selects the first source public IP address to use for a connection and selects another public IP after ports from the first IP have been exhausted. If you have any downstream filtering on your network, you need to allow all public IP addresses associated with your firewall. Consider using a [public IP address prefix](../virtual-network/ip-services/public-ip-address-prefix.md) to simplify this configuration.
- 
-Azure Firewall with multiple public IP addresses is available via the Azure portal, Azure PowerShell, Azure CLI, REST, and templates.
-You can deploy an Azure Firewall in a Hub VNET with up to 250 public IP addresses, however DNAT destination rules will also count toward the 250 maximum.
-The limit for an Azure Firewall in a VHUB deployment with Bring your own Public IP is 250 addresses and for classic VHUB deployment is 80 public IP addresses. 
+- **SNAT** - Additional ports are available for outbound SNAT connections, reducing the potential for SNAT port exhaustion. Azure Firewall randomly selects the first source public IP address to use for a connection and selects another public IP after ports from the first IP are exhausted. If you have any downstream filtering on your network, you need to allow all public IP addresses associated with your firewall. Consider using a [public IP address prefix](../virtual-network/ip-services/public-ip-address-prefix.md) to simplify this configuration.
+
+You can access Azure Firewall with multiple public IP addresses through the Azure portal, Azure PowerShell, Azure CLI, REST, and templates.
+You can deploy an Azure Firewall in a hub virtual network with up to 250 public IP addresses. However, DNAT destination rules also count toward the 250 maximum.
+The limit for an Azure Firewall in a VHUB deployment with Bring your own Public IP is 250 addresses, and for classic VHUB deployment, it's 80 public IP addresses.
 
 > [!NOTE]
-> In scenarios with high traffic volume and throughput, it is recommended to use a [NAT Gateway](/azure/nat-gateway/nat-overview) to provide outbound connectivity. SNAT ports are dynamically allocated across all public IPs associated with NAT Gateway. To learn more see [integrate NAT Gateway with Azure Firewall](/azure/firewall/integrate-with-nat-gateway).
+> In scenarios with high traffic volume and throughput, use a [NAT Gateway](/azure/nat-gateway/nat-overview) to provide outbound connectivity. NAT Gateway dynamically allocates SNAT ports across all public IPs associated with it. For more information, see [integrate NAT Gateway with Azure Firewall](/azure/firewall/integrate-with-nat-gateway).
 
 The following Azure PowerShell examples show how you can configure, add, and remove public IP addresses for Azure Firewall.
 
 > [!IMPORTANT]
-> You can't remove the first ipConfiguration from the Azure Firewall public IP address configuration page. If you want to modify the IP address, you can use Azure PowerShell.
+> You can't remove the first IP configuration from the Azure Firewall public IP address configuration page. If you want to modify the IP address, use Azure PowerShell.
+
 
 ## Create a firewall with two or more public IP addresses
 
-This example creates a firewall attached to virtual network *vnet* with two public IP addresses.
+This example creates a firewall attached to virtual network *myVirtualNetwork* with two public IP addresses. Use [Get-AzVirtualNetwork](/powershell/module/az.network/get-azvirtualnetwork) to retrieve the existing virtual network, [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) to create each public IP address, and [New-AzFirewall](/powershell/module/az.network/new-azfirewall) to deploy the firewall with both IPs.
 
 ```azurepowershell
 $rgName = "resourceGroupName"
 
 $vnet = Get-AzVirtualNetwork `
-  -Name "vnet" `
+  -Name "myVirtualNetwork" `
   -ResourceGroupName $rgName
 
 $pip1 = New-AzPublicIpAddress `
   -Name "AzFwPublicIp1" `
-  -ResourceGroupName "rg" `
+  -ResourceGroupName $rgName `
   -Sku "Standard" `
   -Location "centralus" `
   -AllocationMethod Static
 
 $pip2 = New-AzPublicIpAddress `
   -Name "AzFwPublicIp2" `
-  -ResourceGroupName "rg" `
+  -ResourceGroupName $rgName `
   -Sku "Standard" `
   -Location "centralus" `
   -AllocationMethod Static
@@ -65,7 +65,7 @@ New-AzFirewall `
 
 ## Add a public IP address to an existing firewall
 
-In this example, the public IP address *azFwPublicIp1* is attached to the firewall.
+In this example, the public IP address *azFwPublicIp1* is attached to the firewall. Use [New-AzPublicIpAddress](/powershell/module/az.network/new-azpublicipaddress) to create the new IP, [Get-AzFirewall](/powershell/module/az.network/get-azfirewall) to retrieve the existing firewall object, and [Set-AzFirewall](/powershell/module/az.network/set-azfirewall) to save the updated configuration.
 
 ```azurepowershell
 $pip = New-AzPublicIpAddress `
@@ -86,7 +86,7 @@ $azFw | Set-AzFirewall
 
 ## Remove a public IP address from an existing firewall
 
-In this example, the public IP address *azFwPublicIp1* is detached from the firewall.
+In this example, the public IP address *azFwPublicIp1* is detached from the firewall. Use [Get-AzPublicIpAddress](/powershell/module/az.network/get-azpublicipaddress) to retrieve the existing IP, [Get-AzFirewall](/powershell/module/az.network/get-azfirewall) to retrieve the firewall object, and [Set-AzFirewall](/powershell/module/az.network/set-azfirewall) to save the updated configuration.
 
 ```azurepowershell
 $pip = Get-AzPublicIpAddress `
@@ -104,4 +104,4 @@ $azFw | Set-AzFirewall
 
 ## Next steps
 
-* [Quickstart: Create an Azure Firewall with multiple public IP addresses - Resource Manager template](quick-create-multiple-ip-template.md)
+- [Quickstart: Create an Azure Firewall with multiple public IP addresses - Resource Manager template](quick-create-multiple-ip-template.md)