Need Help with Azure Routing for a Firewall Deployment

0
15
Asked By TechWhiz42 On

I'm a Cisco network engineer, and I've recently taken on a new role where I'm managing an Azure environment, which I'm not very familiar with. I'm trying to deploy a firewall within our existing production virtual network (VNET), but I'm running into issues. I attempted to set up a NAT gateway on the management interface for internet access, but I'm receiving errors. To fix this, I created a new VNET specifically for the firewall. The management interface needs to access the internet as well as communicate with the firewall manager located on-premises.

I've placed a NAT gateway on the management interface for internet access and peered the new VNET to the Production VNET. However, I'm unclear about how to route back to the on-prem environment. In the routing table for the management interface, I assume I should choose the next-hop as Virtual Network, and since it's peered, Azure should know to send traffic to the Production VNET. But once it reaches there, I'm not sure how Azure determines which routing table to use to get to the on-prem site. Any guidance would be greatly appreciated!

2 Answers

Answered By CloudGuru88 On

You might want to think about deploying a third-party network virtual appliance (NVA) for improved routing. You’ve got options for peering, so check those settings. Also, how were you connecting to on-prem before this? A dedicated virtual network gateway would be ideal to handle the IPSec tunnel to your Mako firewall on-prem, but if that's not in the budget, focus on the routing tables. If you're peered and set your next hop to the Virtual Network, Azure should manage most of this for you. Just ensure you have the right routes set up in the Production VNET so traffic can flow back to your on-prem network.

Answered By NetworkNerd23 On

Related Questions

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.