routing table

Hi Stefan,

That’s a common situation in Azure networking.
When you add a route 0.0.0.0/0 → 192.168.0.5, all traffic including intra-subnet is sent to the firewall, which breaks internal communication.

The correct approach is to:

- Keep system routes for your VNet and subnets, for example 192.168.0.0/24
- Apply the UDR with 0.0.0.0/0 → 192.168.0.5 only to the application subnets, not to the firewall subnet
- Ensure the firewall performs SNAT or has return routes to internal networks

https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview https://pingmynetwork.com/academy/ccna-200-301/routing-table/

Take this:

1. Use a User-Defined Route (UDR)

• Create a route table with:
• Destination: 0.0.0.0/0
• Next hop type: Virtual appliance
• Next hop IP: 192.168.0.5 (your firewall)

2. Associate the Route Table with Subnets

• Apply the route table to application subnets, not the firewall subnet
• This ensures only outbound traffic from those subnets is routed through the firewall

3. Preserve Internal Traffic

• Internal traffic (e.g., between VMs in the same subnet or VNet) uses system routes
• To avoid breaking it:
• Do not override internal IP ranges like 192.168.0.0/24 in your custom route table
• Let Azure’s default routing handle intra-subnet communication

4. Firewall Configuration

• Ensure the firewall can:
• Route traffic back to internal subnets
• Handle NAT or SNAT if needed for outbound internet access
• Allow return traffic from the internet