Merge pull request Azure#8903 from fanymanea/UpdateAzureFirewallExamples

Update AzureFirewall examples

Author: cormacpayne

src/Network/Network/help/New-AzFirewall.md

@@ -38,7 +38,10 @@ The **New-AzFirewall** cmdlet creates an Azure Firewall.
 
 ### 1:  Create a Firewall attached to a virtual network
 ```
-New-AzFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name"
+$rgName = "resourceGroupName"
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
+$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
+New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetworkName $vnet.Name -PublicIpName $pip.Name
 ```
 
 This example creates a Firewall attached to virtual network "vnet" in the same resource group as the firewall.
@@ -47,9 +50,13 @@ Threat Intel will also run in default mode - Alert - which means malicious traff
 
 ### 2:  Create a Firewall which allows all HTTPS traffic
 ```
+$rgName = "resourceGroupName"
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
+$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
+
 $rule = New-AzFirewallApplicationRule -Name R1 -Protocol "https:443" -TargetFqdn "*" 
 $ruleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
-New-AzFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name" -ApplicationRuleCollection $ruleCollection
+New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetworkName $vnet.Name -PublicIpName $pip.Name -ApplicationRuleCollection $ruleCollection
 ```
 
 This example creates a Firewall which allows all HTTPS traffic on port 443.
@@ -67,17 +74,24 @@ Threat Intel is turned off in this example.
 
 ### 4:  Create a Firewall with no rules and with Threat Intel in Alert mode
 ```
-New-AzFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name" -ThreatIntelMode Alert
+$rgName = "resourceGroupName"
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
+$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
+New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetworkName $vnet.Name -PublicIpName $pip.Name -ThreatIntelMode Alert
 ```
 
 This example creates a Firewall which blocks all traffic (default behavior) and has Threat Intel running in Alert mode.
 This means alerting logs are emitted for malicious traffic before applying the other rules (in this case just the default rule - Deny All)
 
 ### 5:  Create a Firewall which allows all HTTP traffic on port 8080, but blocks malicious domains identified by Threat Intel
 ```
+$rgName = "resourceGroupName"
+$vnet = Get-AzVirtualNetwork -ResourceGroupName $rgName -Name "vnet"
+$pip = Get-AzPublicIpAddress -ResourceGroupName $rgName -Name "publicIpName"
+
 $rule = New-AzFirewallApplicationRule -Name R1 -Protocol "http:8080" -TargetFqdn "*" 
 $ruleCollection = New-AzFirewallApplicationRuleCollection -Name RC1 -Priority 100 -Rule $rule -ActionType "Allow"
-New-AzFirewall -Name "azFw" -ResourceGroupName "rg" -Location centralus -VirtualNetworkName "vnet" -PublicIpName "pip-name" -ApplicationRuleCollection $ruleCollection -ThreatIntelMode Deny
+New-AzFirewall -Name "azFw" -ResourceGroupName $rgName -Location centralus -VirtualNetworkName $vnet.Name -PublicIpName $pip.Name -ApplicationRuleCollection $ruleCollection -ThreatIntelMode Deny
 ```
 
 This example creates a Firewall which allows all HTTP traffic on port 8080 unless it is considered malicious by Threat Intel.

src/Network/Network/help/Remove-AzFirewall.md

@@ -35,20 +35,6 @@ Are you sure you want to remove resource 'azFw'
 
 This example creates a Firewall and then deletes it. To suppress the prompt when deleting the Firewall, use the -Force flag.
 
-### 2: Deallocate the Firewall, then delete the Firewall
-```
-$firewall=Get-AzFirewall -ResourceGroupName rgName -Name azFw
-$firewall.Deallocate()
-Remove-AzFirewall -ResourceGroupName rgName -Name azFw
-Confirm
-Are you sure you want to remove resource 'azFw'
-[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
-```
-
-This example retrieves a Firewall, deallocates the firewall, and then deletes the firewall. The Deallocate command removes the running 
-service but preserves the firewall's configuration. If user wants to start the service again, the Allocate method should be called on the firewall.
-To suppress the prompt when deleting the Firewall, use the -Force flag.
-
 ## PARAMETERS
 
 ### -AsJob

src/Network/Network/help/Set-AzFirewall.md

@@ -62,6 +62,24 @@ Set-AzFirewall -Firewall $azFw
 This example updates the Threat Intel operation mode of Azure Firewall "AzureFirewall" in resource group "rg".
 Without the Set-AzFirewall command, all operations performed on the local $azFw object are not reflected on the server.
 
+### 4: Deallocate and allocate the Firewall
+```
+$firewall=Get-AzFirewall -ResourceGroupName rgName -Name azFw
+$firewall.Deallocate()
+$firewall | Set-AzFirewall
+
+$vnet = Get-AzVirtualNetwork -ResourceGroupName rgName -Name anotherVNetName
+$pip = Get-AzPublicIpAddress - ResourceGroupName rgName -Name publicIpName
+$firewall.Allocate($vnet, $pip)
+$firewall | Set-AzFirewall
+```
+
+This example retrieves a Firewall, deallocates the firewall, and saves it. The Deallocate command removes the running 
+service but preserves the firewall's configuration. For changes to be reflected in cloud, Set-AzFirewall must be called.
+If user wants to start the service again, the Allocate method should be called on the firewall.
+The new VNet and Public IP must be in the same resource group as the Firewall. Again, for changes to be reflected in cloud,
+Set-AzFirewall must be called.
+
 ## PARAMETERS
 
 ### -AsJob