DEV Community

Cover image for Configure network routing
okunola babatunde
okunola babatunde

Posted on

Configure network routing

#cloudcomputing #routing #azurenetworking #firewall

Introduction:
In a secure cloud environment, controlling how traffic flows between resources is just as important as protecting the resources themselves. To ensure Azure Firewall policies are consistently enforced, outbound traffic from application subnets must be routed through the firewall before reaching external destinations.

In this scenario, a route table is created and associated with both the frontend and backend subnets to centralize traffic management. A custom route is then configured to direct all outbound internet traffic to the Azure Firewall using its private IP address. This approach ensures that all traffic is inspected, filtered, and monitored based on the organization’s security policies before leaving the virtual network.

Scenario
To ensure the firewall policies are enforced, outbound application traffic must be routed through the firewall. You identify these requirements.

  • A route table is required. This route table will be associated with the frontend and backend subnets.
  • A route is required to filter all outbound IP traffic from the subnets to the firewall. The firewall’s private IP address will be used.

Skilling tasks

  • Create and configure a route table.
  • Link a route table to a subnet.

In this guide, I’ve provided a detailed step-by-step walkthrough that covers the complete process of configuring network routing in Azure from start to finish. The template is designed to simplify the deployment process and help you understand how traffic can be securely routed through Azure Firewall using route tables and custom routes.

Exercise instructions
Create a route table
Azure automatically creates a route table for each subnet within an Azure virtual network. The route table includes the default system routes. You can create route tables and routes to override Azure’s default system routes.

Record the private IP address of app-vnet-firewall

  1. In the search box at the top of the portal, enter Firewall. Select Firewall in the search results. firewall
  2. Select app-vnet-firewall. app-vnet-firewall
  3. Select Overview and record the Private IP address. Private IP address

Add the route table

  1. In the search box, enter Route tables. When Route table appears in the search results, select it. Route tables
  2. In the Route table page, select + Create and create the route table. Route tables

Property Value
Subscription Select your subscription
Resource group RG1
Region East US
Name app-vnet-firewall-rt

  1. Select Review + create and then select Create. Review + create and then select Create
  2. Wait for the route table to deploy, then select Go to resource. Go to resource

Associate the route table to the subnets

  1. In the portal, continue working with the route table, select app-vnet-firewall-rt. route table
  2. In the Settings blade, select Subnets and then + Associate. Subnets Subnets
  3. Configure an association to the frontend subnet, then select OK. Property Value Virtual network app-vnet (RG1) Subnet frontend ssociation to the frontend subnet
  4. Configure an association to the backend subnet, then select OK. Property Value Virtual network app-vnet (RG1) Subnet backend association to the backend subnet

Create a route in the route table

  1. In the portal, continue working with the route table, select app-vnet-firewall-rt. oute table
  2. In the Settings blade, select Routes and then + Add. Routes
  3. Configure the route, then select Add.

Property Value
Route name outbound-firewall
Destination type IP addresses
Destination IP addresses/CIDR range 0.0.0.0/0
Next hop type Virtual appliance
Next hop address private IP address of the firewall
Configure the route

Summary:
This configuration focuses on implementing secure network routing within an Azure virtual network environment. By creating and associating a route table with the frontend and backend subnets, outbound traffic can be centrally controlled and redirected through Azure Firewall.

The custom route uses the firewall’s private IP address as the next hop, ensuring all outbound traffic is inspected against configured firewall policies. This setup improves visibility, strengthens security enforcement, and helps maintain consistent traffic filtering across the environment.

Conclusion
Configuring network routing through Azure Firewall provides a reliable way to enforce centralized security policies across application workloads. By directing outbound traffic through the firewall, organizations gain greater control over network communication while reducing the risk of unauthorized or unmonitored traffic leaving the environment.

This approach not only enhances security and traffic visibility but also creates a scalable foundation for managing and protecting cloud-based applications as infrastructure requirements continue to grow.

Key Takeaways

  • Route tables help control how traffic flows within an Azure virtual network.

  • Associating route tables with subnets ensures routing policies are consistently applied to resources within those subnets.

  • Custom routes can redirect outbound traffic through Azure Firewall for centralized inspection and filtering.

  • Using the firewall’s private IP address as the next hop ensures traffic passes through security controls before accessing external networks.

  • Centralized routing improves security visibility, policy enforcement, and overall network management within Azure environments.

Top comments (0)