Azure NSv HA: How to forward LAN traffic to the external network through the Virtual gateway IP?
Description
| IP addresses used in the article | ||
| Vnet: | 192.168.0.0/16 | |
| NSv Primary | NSv Secondary | |
| WAN Monitoring IP | 192.168.1.4 | 192.168.1.5 |
| WAN Virtual IP | 192.168.1.254 | |
| LAN Monitoring IP | 192.168.2.4 | 192.168.2.5 |
| LAN Virtual IP | 192.168.2.254 | |
| HA Interface IP | 192.168.3.4 | 192.168.3.5 |
In a standalone NSv Azure deployment the traffic will be routed to the firewall interface IP but in HA setup, the traffic will be routed to the Interface virtual IP address. This article will cover the steps to create a route table and add route policies to route the Internet traffic from the LAN subnet through the SonicWALL NSv HA LAN Virtual IP address(192.168.2.254).Â
NOTE: The VM(192.168.2.6) is part of LAN subnet(192.168.2.0/24)
Resolution
1. Create a route table defining the resource group under 'Home > Route Tables'. NOTE: SonicWall and Virtual Machine belong to the same resource group.
2. Add a route which will send any traffic to the next hop as 192.168.2.254 under 'Home > Route Tables > LAN-RT'
3. Associate the subnet to the route table by defining the virtual network and Subnet.
4. The Route table will look like the screenshot below
NOTE: We can test if the traffic is getting forwarded through sonicwall using Packet monitor or by accessing the website 'whatismyip.com' in a web browser, we should see the public IP of the Sonicwall WAN.Â