Routing traffic through fortigate appliance from other subnets than the one the appliance is in.
Hi!
I need to route traffic from a VNet to an on premise network through a fortigate virtual appliance. Since I'll need to use container environments I can't place the fortigate appliance in the same subnet as the container environment, since its subnet needs to be delegated to mcrsft.Apps/Environments.
I don't have access to edit the fortigate appliance's configuration. And I'm trying to debug this using a VM.
I have tried setting up a route table associated with the subnet connected to the VM. I have double checked that the network interface on the fortigate appliance is set to "allow IP forwarding".
I'm at the end of my wits and can not understand what I'm doing wrong.
I have disabled all NSG features during testing.
Fortigate appliance has the IP 172.16.2.10
The IP addresses I'm trying to access through the fortigate appliance are 195.80.240.0/20.
Subnet | CIDR |
---|---|
Subnet A (contains fortigate appliance) | 172.16.2.0/24 |
Subnet B (contains my test VM) | 172.16.3.0/24 |
I have set up the UDR
CIDR | Next hop | Associated subnet |
---|---|---|
195.80.240.0/20 | 172.16.2.10 | SubnetB |
But I can't ping anything in the 195.80.240.0/20 network. And I can't ping the fortigate interface IP from the test VM in the other subnet. If I place my test VM in the SubnetA I can access the target network.