Quick tip: Runbook script to start and stop your Azure Firewall

If you are trying to save money on your Azure subscription, the best way is to stop the resources you are not using. In this blog post, we are going over a simple script that can be used as an Azure runbook to manage your Azure Firewall.

Unfortunately, there is no such option in the Azure Portal and there are more steps in the process than just a simple cmdlet start-azfirewall available at this time.

This script to manage your Azure Firewall uses four parameters, however, the last two are only used during the start operation.

  • Operation has two possible values, on or off
  • ResourceGroup: The script will look for the Firewall only on that resource group. If it is not specified, then all Azure Firewalls in your subscriptions will be used (be careful!).
  • FWPublicIPName: The public IP resource used by the firewall, if no value is provided the default azureFirewalls-ip will be used.
  • VNETName: The virtual network where the Azure Firewall is attached

I am placing the script in this blog, but I recommend you get the latest version in GitHub, which can be found here.

# Script: AzFwMaintenance.ps1
# Script by Anderson Patricio (AP6) https://github.com/andersonPatricio
param (
[string]$Operation = "Off",
[string]$FWPublicIPName = "azureFirewalls-ip",
#Validating parameters...
If (!$VNETName){
$VNETName = Read-Host -Prompt "Please provide the Virtual Network Name (VNET) or Ctrl+C to abort?"
#Importing Az modules...
Import-Module Az.Resources
Import-Module Az.Network
# Script body
If (!$ResourceGroup){
Write-Host -ForegroundColor Yellow "Resource Group was not specified, the script will run in the entire subscription!"
$fws = Get-AzResource -ResourceType 'Microsoft.Network/azureFirewalls'
} Else{
$fws = Get-AzResource -ResourceType 'Microsoft.Network/azureFirewalls' -ResourceGroupName $ResourceGroup
If ($fws -eq $null) {
Write-Output "The Runbook could not find any Azure Firewall on the $ResourceGroup specified."
} Else {
Write-Output "We have found Azure Firewalls. We are going to validate and if doable we will take them $Operation."
if ($Operation -eq "on") {
Write-Output "Starting the Azure Firewall(s)..."
ForEach ($fw in $fws){
Write-Output $fw.Name
$azfw = Get-AzFirewall -Name $fw.Name -ResourceGroupName $ResourceGroup
$vPublicIP = Get-AzPublicIpAddress -Name $FWPublicIPName -ResourceGroupName $ResourceGroup
$vnet = Get-AzVirtualNetwork -ResourceGroupName $ResourceGroup -Name $VNETName
Set-AzFirewall -AzureFirewall $azfw
} Else {
Write-Output 'Stopping the Azure Firewall(s)...'
ForEach ($fw in $fws){
Write-Output "Stopping " $fw.Name
$azfw = Get-AzFirewall -Name $fw.name -ResourceGroupName $ResourceGroup
Set-AzFirewall -AzureFirewall $azfw

Featured image: Pixabay

Anderson Patricio

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange, CISSP and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at Techgenix.com, MSExchange.org, ITPROCentral.com and Anderson Patricio.org (Portuguese).

Published by
Anderson Patricio

Recent Posts

Losing your edge? 7 free tools to keep you focused at work

Staying focused at work in an always-connected world is hard! Here’s how to use tech — and some free tools…

11 hours ago

What’s next in the evolution of biometrics and facial recognition technology?

Facial recognition technology has matured to the point of being reliable — for better or for worse. What does the…

15 hours ago

Locking down your Exchange server with cipher suites

Cipher suites are a set of algorithms you need to secure your environment, either by using SSL and TLS. Here’s…

18 hours ago

AI cyber risks: What to look out for when deploying AI technology

Artificial intelligence has greatly improved modern life. But businesses must recognize that AI cyber risks exist and take appropriate measures.

1 day ago

Review: Office 365 synchronizing and administration tool CiraSync

CiraSync offers an enterprise solution for syncing global address list contacts and calendars to smartphones and other mobile devices. Here’s…

2 days ago

HIPAA IT compliance: Privacy and security rules you must know

HIPAA is the mandatory health regulation that must be followed strictly. But if you’re an IT pro in the health-care…

2 days ago