Hello,
We have set up a VPN between Azure and onpremises with BGP enabled, it works fine. One of the requirements is that all the traffic (ftom and to onpremises) should be filtered by an Azure Firewall, so we set up the Azure Firewall and added a UDR on the gatewaysubnet to route the traffic coming from onpremises to the Azure firewall.
(The routing rule placed on the gateway subnet is as follows :
- Address prefix = the address range allocated to Azure
- Next hop type = Virtual appliance
- Next hop IP address = the private ip address of the Azure Firewall
The routing rules placed on the AzureFirewallSubnet is as follows :
- Rule 1
- 0.0.0.0/0 -> internet
- Rule 2
- the address range allocated to Azure -> Virtual Network
- Rule 3
- the onpremises address ranges -> Virtual Network Gateway
The routing rule placed on a subnet in the same vnet as the vpn gateway and the azure firewall (the subnet contains a VM for testing purposes)
- 0.0.0.0/0 -> the private ip address of the Azure Firewall
When we try to ping the VM from onpremises with no UDR, it works just fine.
When we position these custom route tables, it does not work anymore (we tested with BGP propagation enabled on the route table positionned on the gatewaysubnet as well). Nothing shows on the Azure Firewall logs (the flows are allowed on the azure firewall)
Are we missing something ? Your help would be really great
Thank you