question

AndyRobbins-3835 avatar image
0 Votes"
AndyRobbins-3835 asked SaiKishor-MSFT commented

UDR not forwarding traffic to a virtual firewall (Cisco FTDv)

We have a Cisco FTDv deployed in Azure which is working and has internet access etc. The VM's on the inside can ping the FTDv but all of the VM traffic is going out of there own public IP's.

We've tried creating a UDR pointing the server subnet to use the FTDv as the next hop but the server continue to use there own public IP's, not sure if theres any other requirement?

azure-virtual-networkazure-stack-hub
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SaiKishor-MSFT avatar image
1 Vote"
SaiKishor-MSFT answered SaiKishor-MSFT edited

@AndyRobbins-3835 Thank you for reaching out to Microsoft Q&A. I understand that although you have an UDR created to push all traffic to the Cisco FTDv, traffic is still not going through the same. Do you have IP Forwarding enabled on the Cisco FTDv VM? If not, please do so as given here in this document.

When Azure sends network traffic to myVMNVA, if the traffic is destined for a different IP address, IP forwarding sends the traffic to the correct location.

Please let me know if turning it on helps and if not, we can further troubleshoot the issue. Thank you!

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndyRobbins-3835 avatar image
0 Votes"
AndyRobbins-3835 answered SaiKishor-MSFT commented

Hi,

We do have ip forwarding enabled on the FTDv interfaces, ive double checked but im sure that option is on by default when the FTDv deployment is done.

Unfortunately that's not the fix, worth checking though.

I've completely re-deployed everything again from scratch and still have the same issue there's a setting wrong somewhere.

Thanks

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyRobbins-3835
Please send mail to AzCommunity [at] microsoft dot com with subject: "ATTN: Sai Kishor" include your Azure subscription ID and a link to this forum thread (for context). We would like to enable one time free technical support on your subscription to put you through Azure backup technical support team to get quick resolution to your issue.

0 Votes 0 ·
AndyRobbins-3835 avatar image
0 Votes"
AndyRobbins-3835 answered SaiKishor-MSFT commented

Hi Sai,

We ran out of time trying to get the FTDv working, in the end we created VPN connections using a virtual network gateway in Azure.

Once the proof of concept has been completed we'll re-visit the FTDv.

Thankyou for the offer of support.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AndyRobbins-3835 Thank you for updating me. Please let me know if you have any further questions at any point. Thank you!

0 Votes 0 ·