azureazure-vpnazure-connect

How to route all traffic through Azure Firewall in Azure, even on Prem( connected with VPN)


In our Azure tenant we have a Azure Firewall and a VPN connection with our on prem servers. I want to route all traffic through the azure firewall, whether it's incoming traffic from on prem to azure or outgoing traffic from azure to on prem.

For traffic inside azure I have created a routing table for each subnet and pointed to the firewall. Is this correct? And what do I have to configure for the on prem connection part. Further, how can I test it?

Thanks and best regards


Solution

  • To route traffic coming from the on-prem network, through the Azure Firewall, you also need to specify a route on the "GatewaySubnet".

    This route table should contain the (Azure) subnets you want to reach from on-prem.

    So if you for example have a subnet 10.5.5.0/24 in Azure, and you want to reach that from On-Prem.

    Add a route table, with a route to 10.5.5.0/24, next hop type "Virtual Appliance" and Next Hop IP the private IP of your Azure Firewall. Add this route table to the GatewaySubnet. (Some times you cannot assosiate from within the route table itself, but have to to through Virtual Network > Subnet and specify the route table there.

    (And allow the traffic in the Azure Firewall.)