Share via

How to create a Routing table between my Azure firewall to Azure SD-WAN Vmx

Bolenath Gundagani 0 Reputation points
2024-10-20T12:15:26.2433333+00:00

Hello we have a Vnet name Vnet-SD-WAN and Below are subnets in Vnet 10.170.0.0/22 and Sd-wan Vmx subnet - 10.170.1.0/28
Azurefirewall subnet -10.170.3.0/26
Azure Application gateway : 10.170.3.64/26

Network flow in below way
Internet-->Application gateway WAF (Public IP) --->AzureFirewall--->Sd-wan Vmx (Auto VPN) -->On-prem MX67 (Auto VPN).
Destination here is the On-prem network 192.168.0.0/16

Confused on the routing table to create and how to associate to subnets on next hop.

Would appreciate if any help.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
680 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,507 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,080 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 1,275 Reputation points Microsoft Vendor
    2024-10-21T11:36:01.5333333+00:00

    Hi Bolenath Gundagani

    Greetings,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    To set up the routing for your Azure networking configuration, you’ll need to define routes that guide traffic appropriately through the various components you've outlined. Here's a step-by-step approach:

    1. Route Table Creation

    Create a route table for your VNet and define routes for the traffic flow:

    Route Table 1: VNet Routing

    • Subnet Association: Associate this route table with the Vnet-SD-WAN subnet.
    Destination Next Hop Type Next Hop Address
    0.0.0.0/0 Internet (Default route for internet traffic)
    0.0.0.0/0 Internet (Default route for internet traffic)
    10.170.3.0/26 Virtual Appliance <Azure Firewall IP>
    10.170.1.0/28 Virtual Appliance <SD-WAN VMX IP>
    192.168.0.0/16 Virtual Appliance <On-prem MX67 IP>

    Route Table 2: SD-WAN Routing

    • Subnet Association: Associate this route table with the Sd-wan Vmx subnet.
    Destination Next Hop Type Next Hop Address
    0.0.0.0/0 Internet (Default route for internet traffic)
    0.0.0.0/0 Internet (Default route for internet traffic)
    192.168.0.0/16 Virtual Network (Direct to On-prem network)
    1. Subnet Routing Associations
    • Vnet-SD-WAN Subnet:
      • Associate Route Table 1 with the Vnet-SD-WAN subnet.
      • SD-WAN VMX Subnet:
        • Associate Route Table 2 with the Sd-wan Vmx subnet.
    1. Configuration Steps
    2. Create Route Tables: Use Azure Portal, CLI
    3. Add Routes: Add the necessary routes as per the tables above.
    4. Associate Route Tables: Associate the route tables with the appropriate subnets.

    Refer: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#create-a-route-table

    Refer: https://learn.microsoft.com/en-us/azure/virtual-network/tutorial-create-route-table-portal#create-a-route

    Once configured, test the connectivity:

    • From the internet to the Application Gateway.
    • From the Application Gateway to the Azure Firewall.
    • From the Azure Firewall to the SD-WAN VMX.
    • From the SD-WAN VMX to the On-prem MX67.

    Hope this clarifies.

    Thanks,

    Ganesh

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.