Network routing is a foundational concept in modern networking, enabling data to travel efficiently across connected systems, whether on-premises or in the cloud. Proper routing configuration ensures secure and optimized traffic flow, helping organizations maintain performance and control.
To enforce firewall policies, all outbound application traffic must be routed through the firewall. You’ll need to define the following requirements:
A route table must be created and associated with both the frontend and backend subnets.
A custom route is needed to direct all outbound IP traffic from these subnets to the firewall, using its private IP address as the next hop.
Create a route table
Azure automatically generates a route table for every subnet in an Azure virtual network, which contains the default system routes. You have the option to create custom route tables and routes to override Azure's default system routes.
Record the private IP address of app-vnet-firewall
In the search bar at the top of the portal, type "Firewall" and choose Firewall from the search results. Select app-vnet-firewall. Go to the Overview section and note down the Private IP address.
Incorporate the route table.
In the search bar, type "Route tables" and select Route table from the search results. On the Route table page, click + Create to set up the route table.
Resource group==>RG1
Region==>East US
Name==>app-vnet-firewall-rt
Allow the route table deployment to complete, then click Go to resource.
Associate the route table to the subnets
In the portal, proceed with the route table and select app-vnet-firewall-rt. Under the Settings blade, choose Subnets, then click + Associate. Set up an association with the frontend subnet, and click OK
Virtual network==>app-vnet (RG1)
Subnet==>frontend
Configure an association to the backend subnet, then select OK.
Virtual network==>app-vnet (RG1)
Subnet==>backend
Create a route in the route table.
In the portal, continue working with the route table, select app-vnet-firewall-rt. In the Settings blade, select Routes and then + Add. Configure the route, then select Add.
Route name==>outbound-firewall
Destination type==>IP addresses
Destination IP addresses/CIDR range==>0.0.0.0/0
Next hop type==>Virtual appliance
Next hop address==>private IP address of the firewall
In Azure, system routes automatically handle traffic between subnets, virtual networks, and on-premises networks. To customize traffic flow, user-defined routes (UDRs) can override these defaults and direct traffic through network virtual appliances (NVAs) such as firewalls, load balancers, and routers. Route tables, which store routing rules, must be associated with subnets to apply these configurations.
Top comments (0)