Forum Discussion

nirmalmcse02's avatar
nirmalmcse02
Copper Contributor
Jan 06, 2021

Outbound Connectivity after azure site recovery failover

How outbound connectivity works of any virtual machines after failover initiated from Azure Site Recovery. 

Explanation of above query is:-

On-premise environment Servers DR site is set up on Azure using Azure site recovery & Express route is set up for connectivity between on-premise to Azure.

In case a failover happens immediately  ASR initiates spinning up virtual machines. Once Virtual Machines is ready to use. How outbound traffic will flow of this VM.  Either Outbound traffic will go to On-premise or it will directly go to the Azure backbone. 

We would like to validate that whatever internet restrictions are applied on on-premise same should be applied to DR VM without deploying any NVA on the Azure side. 

 

 

 

 

 

  • nirmalmcse02 By default, outbound internet access is allowed from the vm. I recommend that you setup a NSG (network security group) for each subnet where you can block outbound internet access, don't forget to add a rule allowing Azure services... Otherwise, you could setup a route that forces all traffic back over your site-to-site vpn or expressroute...

     

     

     

  • JoeThompsonIT's avatar
    JoeThompsonIT
    Copper Contributor

    nirmalmcse02 By default, outbound internet access is allowed from the vm. I recommend that you setup a NSG (network security group) for each subnet where you can block outbound internet access, don't forget to add a rule allowing Azure services... Otherwise, you could setup a route that forces all traffic back over your site-to-site vpn or expressroute...

     

     

     

Resources