UDR not forwarding traffic to a virtual firewall (Cisco FTDv)

Question

We have a Cisco FTDv deployed in Azure which is working and has internet access etc. The VM's on the inside can ping the FTDv but all of the VM traffic is going out of there own public IP's.

We've tried creating a UDR pointing the server subnet to use the FTDv as the next hop but the server continue to use there own public IP's, not sure if theres any other requirement?

Answer 1

@Andy Robbins Thank you for reaching out to Microsoft Q&A. I understand that although you have an UDR created to push all traffic to the Cisco FTDv, traffic is still not going through the same. Do you have IP Forwarding enabled on the Cisco FTDv VM? If not, please do so as given here in this document.

When Azure sends network traffic to myVMNVA, if the traffic is destined for a different IP address, IP forwarding sends the traffic to the correct location.

Please let me know if turning it on helps and if not, we can further troubleshoot the issue. Thank you!

Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.

Answer 2

Hi,

We do have ip forwarding enabled on the FTDv interfaces, ive double checked but im sure that option is on by default when the FTDv deployment is done.

Unfortunately that's not the fix, worth checking though.

I've completely re-deployed everything again from scratch and still have the same issue there's a setting wrong somewhere.

Thanks

Answer 3

Hi Sai,

We ran out of time trying to get the FTDv working, in the end we created VPN connections using a virtual network gateway in Azure.

Once the proof of concept has been completed we'll re-visit the FTDv.

Thankyou for the offer of support.