Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,593 questions
Traffic not flowing via azure firewall when using site to site vpn
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 34%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Anushankar Konduri
0
Reputation points
I have created a site-to-site connection between AWS and Azure. In Azure, I have a firewall in place. When the gateway connection is established, traffic is not flowing through the Azure firewall. However, when the gateway connection is disconnected or deleted, traffic flows through the firewall as expected.
Scenario: In the spoke VNet, I have created a VM. When the gateway connection is active, the VM is unable to access the internet. But when the gateway is disconnected, the VM can access the internet. A route has been added with 0.0.0.0/0 and the next hop set to the firewall IP.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 17%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERV%3C/text%3E%3C/svg%3E)
Rohith Vinnakota 1,515 Reputation points Microsoft Vendor2024-12-26T21:59:39.9466667+00:00 Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.
To achieve this, ensure that you add route tables to the subnet where the traffic is directed for the site-to-site connection. Additionally, include a route table in the gateway subnet, setting the next hop to the private IP of the firewall.
Note: Allow the traffic in the Azure Firewall.
Refer this link:
https://cloudcurve.co.uk/azure/how-to-route-site-to-site-vpn-traffic-via-azure-firewall/If you have any further queries, do let us know.
Thanks,
Rohith
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.
-
Anushankar Konduri 0 Reputation points
2024-12-27T03:02:28.09+00:00 Hi @Rohith Vinnakota thanks for your response. I followed the same steps, adding the route to the gateway subnet as the Azure CIDR to the firewall's private IP, and for the spoke subnet, I set the AWS VPC CIDR with the firewall's IP as the next hop. However, traffic is not flowing through Azure Firewall.
Additionally, when the gateway connection is established, I'm unable to make any updates on the azure firewall.
Thanks.
Sign in to comment
Sign in to answer