Hi @Philipp Gerber ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to access the SQL Database's Private EndPoint via Azure Firewall.
I am not sure if this is a recommended architecture or a best practice, but with DNAT, you should be able to reach any VM/Private EndPoint in the VNet (or Spoke VNet).
- Can you access the SQL server via Private EndPoint from VMs in the same Vnet via SSMS?
- Can you access the SQL server via Private EndPoint from VMs in the Azure Firewall Vnet via SSMS?
- Can you share a screenshot of how you have configured the DNAT rule from Azure Firewall?
Also, from your local machine, you should map the FQDN of SQL server ( XXX.database.windows.net ) to the Public IP of the Firewall
You can edit the Host file entry in your local machine to achieve this.
Cheers,
Kapil