I'm a Cisco network engineer, and I've recently taken on a new role where I'm managing an Azure environment, which I'm not very familiar with. I'm trying to deploy a firewall within our existing production virtual network (VNET), but I'm running into issues. I attempted to set up a NAT gateway on the management interface for internet access, but I'm receiving errors. To fix this, I created a new VNET specifically for the firewall. The management interface needs to access the internet as well as communicate with the firewall manager located on-premises.
I've placed a NAT gateway on the management interface for internet access and peered the new VNET to the Production VNET. However, I'm unclear about how to route back to the on-prem environment. In the routing table for the management interface, I assume I should choose the next-hop as Virtual Network, and since it's peered, Azure should know to send traffic to the Production VNET. But once it reaches there, I'm not sure how Azure determines which routing table to use to get to the on-prem site. Any guidance would be greatly appreciated!
2 Answers
You might want to think about deploying a third-party network virtual appliance (NVA) for improved routing. You’ve got options for peering, so check those settings. Also, how were you connecting to on-prem before this? A dedicated virtual network gateway would be ideal to handle the IPSec tunnel to your Mako firewall on-prem, but if that's not in the budget, focus on the routing tables. If you're peered and set your next hop to the Virtual Network, Azure should manage most of this for you. Just ensure you have the right routes set up in the Production VNET so traffic can flow back to your on-prem network.

Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures