azure firewall

Johan Conradie 0 Reputation points
2024-08-05T15:16:26.7166667+00:00

Azure firewall is deployed in hub vnet and VPN gateway associated with hub vnet. Hub vnet is peered with spoke vnet. the spoke vnet is also associated with VPN gateway. Now the azure firewall only route traffic to vpn gateway associated with hub vnet and do not route traffic to spoke vnet VPN gateway.

UDR is pointing to azure firewall private ip address

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
674 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2024-08-05T16:29:42.02+00:00

    @Johan Conradie (MEA)

    Thank you for reaching out.

    I understand you are facing connectivity issue to route traffic from your spoke Vnet to on-prem via Azure Firewall in the Hub Vnet.

    Based on a similar implementation here- To route the spoke subnet traffic through the hub firewall, you can use a user-defined route (UDR) that points to the firewall with the Virtual network gateway route propagation option disabled. Disabling this option prevents route distribution to the spoke subnets, so learned routes can't conflict with your UDR. If you want to keep Virtual network gateway route propagation enabled, make sure that you define specific routes to the firewall to override routes that are published from on-premises over Border Gateway Protocol (BGP).

    You can also go through the documentation above just to validate if there are no configuration/ prerequisite missed.

    If above does not help, you can follow the troubleshooting steps below to help pin-point the issue.

    Hope this helps! Please let me know if the issue still persists and what were your findings from the troubleshooting steps above. Thank you!


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.