Skip to main content

InternalServerError when deploying Azure Firewall

· 2 min read

When attempting to deploy an Azure Firewall, you may get an error: Conflict, DeploymentFailed error. This error can occur when you have an expressroute connection, and the Firewall is not deployed in Force Tunneled mode, as the routes from the BGP link will be replacing the default Azure internet route, required for the Azure Firewall.

"code": "InternalServerError",
"message": "An error occurred."

Deployment Failed - Azure Firewall

If you click Input in the deployment, you may notice your vnetName, vnetAddressSpace and subnetAddressSpace are blank.

Azure Firewall deployment

Even though the Azure Firewall will appear as deployed. You will notice that it won't have a Private IP assigned.

To resolve this error:

  1. Delete the Azure Firewall that has been partially deployed
  2. Create a User Defined route for the internet:
NameAddress PrefixNext hop type
  1. Link it to the AzureFirewallSubnet
  2. Redeploy

This error may occur as your internet route may flow via BGP routes from on-premises; the user-defined route will override this route.