This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 81%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
Hi all,
I try to create a Firewall (vWAN Secured Hub) using an ARM Template (actually as part of a blueprint).
The initial deployment works like a charm. But when I try to update the blueprint assignment and thus triggering a new deployment I get the following error:
{
"status": "Failed",
"error": {
"code": "FirewallPolicyUpdateFailed",
"message": "Put on Firewall Policy [Firewall-Policy-Name] Failed with 1 faulted referenced firewalls"
}
}
No changes are made to the template after the initial deployment
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Julian Hüppauff Thank you for reaching out to Microsoft Q&A. I understand that you are having issues with your Firewall policy Update.
To understand better, can you please explain further regarding what you tried to update un the ARM template that caused this error? Also can you post the error in more detail so we can understand the cause for the same? Thank you!
I haven't changed the ARM template after the initial deployment. When I try to deploy the same arm template again it will fail.
First deployment is sucessful, deleting and resubmitting the template works as well only when the policy already exists it fails
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 63%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETL%3C/text%3E%3C/svg%3E)
I`m facing the same issue while using different tools. In my case it is deployment of Azure Firewall together with the firewall policy and ruleCollectionGroups from a bicep template. The first initial deployment to a clean subscription completes successfully. However the next one, with unchanged template and no changes in parameters results in a failure for the Microsoft.Network/firewallPolicies/ruleCollectionGroups resources with the same error that jhueppauff has. I would expect that to be idempotent and just complete successfully when the rules are already in place?
It seems I found a possible solution - the issue seem to come from the fact that ARM deploys all the ruleCollectionGroups in parallel or at least not sequentially. When I set explicit dependency between ruleCollectionGroups (I have 2 currently) in my bicep template the error did not appear anymore across multiple redeployments.
I guess it is worth a try :)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 68%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
This resolved my issue too, thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 55.00000000000001%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
How did you set the dependency in your template? I'm getting a similar error in a Json template.