Does Azure Firewall support BGP?

Question

Does Azure Firewall support BGP? I am looking into Azure Route Server to replace the route tables which we now deploy with each (spoke) vnet. I read an article stating that Azure Firewall does not support BGP, so using ARS in combination with AFW would not work.

I cannot directly find any answer in the docs.

Answer 1

Azure Firewall does not natively support BGP (Border Gateway Protocol).

You can try using auto-learn SNAT Routes, which allow the firewall to dynamically learn and avoid SNAT traffic to non-RFC-1918 address spaces using Azure Route Server (ARS). While this sounds like Azure Firewall can interact with BGP in a limited way via ARS, it is important to note that Azure Firewall itself does not natively support BGP. However, the Machine Learning SNAT feature leverages BGP indirectly through ARS.
Reference: https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-firewall-s-auto-learn-snat-routes-a-guide-to-dynamic/ba-p/4014744#:~:text=The%20ARS%20is%20configured%20with,reliability%2C%20and%20cost%2Defficiency.

https://techcommunity.microsoft.com/t5/azure-network-security-blog/azure-firewall-s-auto-learn-snat-routes-a-guide-to-dynamic/ba-p/4014744#:~:text=The%20ARS%20is%20configured%20with,reliability%2C%20and%20cost%2Defficiency.'

Get in touch if you need more help with this issue.

--please don't forget to "[Accept the answer]" if the reply is helpful--