Hey everyone! I'm working on setting up a firewall/router for my Azure environment, and I was hoping to get some clarity on blocking traffic between subnets. I want to inspect all the traffic in my subscription, and I've had success routing internet-bound traffic through my firewall. However, when it comes to inspecting east-west traffic within the same VNET, I'm hitting a wall – the traffic isn't even reaching the firewall. Ideally, I would have used a separate VNET for each subnet, but Azure doesn't allow me to connect a network interface from a different VNET to the firewall. So, is there a way to achieve what I'm trying to do?
1 Answer
To block traffic between subnets, you'll need to create a User Defined Route (UDR) for each subnet and associate it accordingly. Make sure to configure the route table to override the default system route directing to the VNET. This way, you can force the traffic from one subnet to go through the firewall. It’s definitely achievable!
That's useful, but I tried creating a route table and it's not working as expected. Everything in the same VNET seems to bypass my configurations. What could I be missing?