This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 46%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETA%3C/text%3E%3C/svg%3E)
Hi, I've created two subnets on the same virtual network.
I've defined a default route to a Azure firewall in this vnet.
I can reach two sample hosts (one on each subnet) with RDP from internet, passing through the firewall.
But If I try to produce traffic from a host to the other and vice versa, this traffic doesn't go to firewall.
How to solve?
Please 'Accept as answer' if the provided information is helpful, so that it can help others in the community looking for help on similar topics.
"Hub&Spoke" is the name of a network topology, nothing "Azure-Special":
Hub-spoke network topology in Azure
Regards
Andreas Baumgarten
(Please don't forget to Accept as answer if the reply is helpful)
This is the solution!
Many thanks for help.
It works fine!
In the same vNET it's routed by default, but if you have two vNET's you have to configure Route table
also check this article
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke#deploy-the-solution
(Please don't forget to Accept as answer if the reply is helpful)
http://www.moamenhany.com
Maybe this is helpful:
Virtual network traffic routing
Though a virtual network contains subnets, and each subnet has a defined address range, Azure does not create default routes for subnet address ranges, because each subnet address range is within an address range of the address space of a virtual network.
Regards
Andreas Baumgarten
(Please don't forget to Accept as answer if the reply is helpful)
Hi, thank your for reply but how can I "separate" the two subnets?
I need that from a subnet I can reach the other and NOT vice versa...
As two subnets in one virtual network are "routed by default" the only way I can think of is creating 2 virtual networks with one subnet in each virtual network.
This way you should be able to work with routes.
If you just want to block communication maybe a Network Security Group (NSG) is an option as well. But this is not routing based control of communication but is more simple allow/deny ruleset for communication.
Regards
Andreas Baumgarten
(Please don't forget to Accept as answer if the reply is helpful)