Overview
High Iptables rules count in Azure firewall could lead to performance issues. It is advised to keep the lines in iptables for Azure Firewall below 20K.
azure-docs/includes/firewall-limits.md at main · MicrosoftDocs/azure-docs · GitHub
- 20,000 unique source/destinations in network rules
- Unique source/destinations in network = sum of (unique source addresses * unique destination addresses for each rule)
- An IP group counts as one address, regardless of how many IP addresses it contains.
- You can track the Firewall Policy network rule count in the policy analytics under the Insights tab. As a proxy, you can also monitor your Firewall Latency Probe metrics to ensure it stays within 20 ms even during peak hours. <