Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

NSv in Azure Route Same VNET different address space

jp240jp240 Newbie ✭
in Virtual Firewall

I am attempting to setup some routing in Azure for a new NSv. I used this article as my guide How can I route all traffic to SonicWall NSv using the same address space (same VNet) and different subnet behind X0 interface? | SonicWall

However, my issue is slightly different. I am using the same VNET but I have several different address spaces.

I created a separate network for X0 using 10.181.254.0/26. My X0 IP is 10.181.254.11. The Azure GW IP is 10.181.254.1. I can see this in my ARP table.

I have an Azure routing table setup with the next hop of 10.181.254.11. Right now 172.29.23.0/24 is using this routing table.

I have a test machine on the same VNET with a an address space of 172.29.23.0/24. Its IP is 172.29.23.4. I have created a route on the NSv to 172.29.23.0/24 with a next hop of 10.181.254.1. I can ping 172.29.23.4 from the firewall. When I run a ping from the test machine to 8.8.8.8 and run a packet capture on the firewall, I see that the firewall is forwarding traffic to X1. But the pings fail.

If I was doing this with a physical firewall, I would create a virtual interface on 172.29.23.0/24 and be done with it. Do I need to do something similar on the Azure firewall?

Category: Virtual Firewall
Reply

Answers

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    You dont say what your X1 Wan interface is connected to.

    image.png

    This is my setup usign 2 internal subnets with routes on the NSv to each subnet via the Azure gateway 10.181.1,209

    X1 default gateway is the Azure gateway with a Pubic IP attatched.

    This natted by the gateway at 10.181.1.225 and presented as the public IP

    routelan and rroutedmz are defined with the address prefix 0.0.0.0/0 gateway of Next hop type "Virtual appliance" with the IP address of 10.181.1.212 (yes that is correct - thats software defined networks.........)

  • girlaygirlay Newbie ✭

    Hi, do you have a document setup if the Sonicwall NSV is deployed in another VNET. I used this article as my guide, How do I route all traffic to a SonicWall NSv using a different address space (different VNet)? | SonicWall.

    I have different subnet for Azure Virtual Desktop (host pool) and another subnet for our VM servers. I just want to filter out outbound traffic of these subnets in another VNet. Did all the VNEt Peering too.

  • MarkDMarkD Cybersecurity Overlord ✭✭✭

    . I just want to filter out outbound traffic of these subnets in another VNet. Did all the VNEt Peering too.

    Do I understand correctly, you want to apply rules between the Virtual desktop and VM servers?

Sign In or Register to comment.