Shulou(Shulou.com)06/03 Report--

Azure Firewall is a hosted cloud-based network security service that protects Azure virtual network resources. It is a fully stateful firewall in the form of services with built-in high availability and unlimited cloud scalability. You can create, implement, and document application and network connection policies across subscriptions and virtual networks. Azure firewalls use static public IP addresses for virtual network resources to enable external firewalls to identify traffic from your virtual network. This service is fully integrated with Azure Monitor for logging and analysis.

By default, VNET between chinanorth and china east2 does not communicate.

There are many ways to get them to communicate. You can do another peering directly between the two VNET, but the disadvantage is that if there is more VNET, it will become a mesh result, which is more difficult to manage.

In addition to peering, there is another way to realize the interworking between two VNET through FW.

If you want to make the communication between the two vnet very easy, you can set the default route to FW in subnet. For more information, please refer to the previous SNAT article.

After the UDR of the default route is mounted, the two branch VNET can also communicate directly

You can see that the two network segments can be connected with ping directly.

Cancel one of the UDR and try again

Test again, it doesn't work anymore.

This should not be sent directly to peering vnet at the routing level, but through the route of 0.0.0.0, the packet is first sent to firewall, and then forwarded by FW.

It can also be seen from the routing table that there is no routing information directly to the peer VNET.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.