Azure Firewall Basic not fowarding to VM, 3389

Stephen Weber 146 Reputation points
2023-01-12T21:03:05.6533333+00:00

I am setting up Azure Firewall to forward several custom ports from the public internet to an existing VM using an existing virtual network. This is my first time working with Azure Firewall. I am working with the basic version. I have been using this video as a guide: [https://youtu.be/iJv7_F85X2o slightly outdated, but I was able to work through the differences. After completing the setup, I can not connect to the VM through the IP on the firewall. I setup a test policy using 3389 for remote desktop and * for source IP. I can connect to the VM from the local Lan, just not when using the public IP.

Below are my subnets which are configured, the VM is on the DefaultSubnet:

User's image

Here are the rules settings:

User's image

I check the destination address to make certain that I did not phat-finger the address.

Here are the local rules on the VM which I am attempting to connect too:

User's image

Any assistance would be greatly appreciated.

Sat Nam,

Steve

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
1,176 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
333 questions
{count} votes

Accepted answer
  1. msrini-MSFT 5,676 Reputation points Microsoft Employee
    2023-01-17T08:57:39.7233333+00:00

    Hi,The rule collection type needs to be DNAT and you will need to specify the Firewall public IP as source and translated IP will be the private ip of your VM. Then you should be able to RDP to the VM via public IP of Firewall.

    No comments

1 additional answer

Sort by: Most helpful
  1. lukemurraynz 2,926 Reputation points Microsoft MVP
    2023-01-12T21:32:55.57+00:00

    Hi, Stephen

    The rule needs to be a NAT/DNAT rule (not Network): https://learn.microsoft.com/en-us/azure/firewall/tutorial-firewall-dnat?WT.mc_id=AZ-MVP-5004796#configure-a-nat-rule

    Try creating a NAT rule, make sure the Destination address matches your Firewall IP and the Translated address is your VM.