InternalServerError when deploying Azure Firewall
· 2 min read
Author
When attempting to deploy an Azure Firewall, you may get an error: Conflict, DeploymentFailed error. This error can occur when you have an expressroute connection, and the Firewall is not deployed in Force Tunneled mode, as the routes from the BGP link will be replacing the default Azure internet route, required for the Azure Firewall.
"code": "InternalServerError",
"message": "An error occurred."
If you click Input in the deployment, you may notice your vnetName, vnetAddressSpace and subnetAddressSpace are blank.
Even though the Azure Firewall will appear as deployed. You will notice that it won't have a Private IP assigned.
To resolve this error:
- Delete the Azure Firewall that has been partially deployed
- Create a User Defined route for the internet:
| Name | Address Prefix | Next hop type |
|---|---|---|
| Internet | 0.0.0.0/0 | Internet |
- Link it to the AzureFirewallSubnet
- Redeploy
This error may occur as your internet route may flow via BGP routes from on-premises; the user-defined route will override this route.