SOLVED

Problem access internet from my VM : error invalid 0.0.0.0/0 to internet / route table

%3CLINGO-SUB%20id%3D%22lingo-sub-2094679%22%20slang%3D%22en-US%22%3EProblem%20access%20internet%20from%20my%20VM%20%3A%20error%20invalid%200.0.0.0%2F0%20to%20internet%20%2F%20route%20table%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2094679%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3CBR%20%2F%3EI%20installed%20a%20forti%20firewall%20on%20Azure%20to%20make%20a%20VPN%20with%20my%2003%20sophos%20UTM9.%3C%2FP%3E%3CP%3EThe%20VPN%20connection%20was%20made%20well.%3C%2FP%3E%3CP%3EWhereas%2C%20I%20had%20a%20problem%20with%20my%20VMs%20connected%20to%20the%20Vnet%20of%20this%20firewall%20and%20which%20do%20not%20connect%20to%20the%20internet.%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EAttached%20are%20the%20screenshots%3A%3C%2FP%3E%3CP%3E1-%20Vnet%20config%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_0-1611595597476.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249175i9B227F19D913358C%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_0-1611595597476.png%22%20alt%3D%22hamma91_0-1611595597476.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E2-%20Effective%20routes%26nbsp%3B%20(network%20interface%20of%20the%20VM%20Testing659)%26nbsp%3B%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EInvalid%26nbsp%3B%200.0.0.0%2F0%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_1-1611595674120.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249177i2567C8EBF26BB82F%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_1-1611595674120.png%22%20alt%3D%22hamma91_1-1611595674120.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E3-%20Route%20Tables%20%3A%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3Efor%20inside%20Subnet%20routes%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_2-1611595747263.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249178i47A69A20DD173693%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_2-1611595747263.png%22%20alt%3D%22hamma91_2-1611595747263.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3Eand%20for%20publicfacing%20subnet%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_3-1611595789719.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249179i57DE0D5C86A645F9%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_3-1611595789719.png%22%20alt%3D%22hamma91_3-1611595789719.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E4-%20VM%20parmater%20of%20internet%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_5-1611595842519.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249181i30633B0EFCED9836%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_5-1611595842519.png%22%20alt%3D%22hamma91_5-1611595842519.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22hamma91_4-1611595827676.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F249180i27CA9587D9D5E48B%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22hamma91_4-1611595827676.png%22%20alt%3D%22hamma91_4-1611595827676.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3Ehas%20anyone%20encountered%20this%20problem%20please%3F%3CBR%20%2F%3Eyour%20help%20please%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2094783%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20access%20internet%20from%20my%20VM%20%3A%20error%20invalid%200.0.0.0%2F0%20to%20internet%20%2F%20route%20table%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2094783%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F540591%22%20target%3D%22_blank%22%3E%40ibrahimambodji%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%20bro%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20adding%20a%20new%20subnet%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWill%20this%20VM%20be%20accessible%20by%20the%20VPN%20network%20with%20the%20Forti%3F%3C%2FP%3E%3CP%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2094729%22%20slang%3D%22en-US%22%3ERe%3A%20Problem%20access%20internet%20from%20my%20VM%20%3A%20error%20invalid%200.0.0.0%2F0%20to%20internet%20%2F%20route%20table%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2094729%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F747789%22%20target%3D%22_blank%22%3E%40hamma91%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThis%20error%20is%20normal%20because%20you%20have%20created%20an%20UDR%20to%20forward%20the%20traffic%20to%20the%20NVA%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20the%20traffic%20is%20no%20longer%20going%20directly%20to%20the%20internet%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20need%20to%20verify%20that%26nbsp%3B%20%3A%3C%2FP%3E%3CP%3ELocal%20Subnets%20and%20Remote%20subnets%20are%20present%20in%20both%20firewalls%26nbsp%3B%3C%2FP%3E%3CP%3EIpv4%20policies%20From%20Internet%20_%20To%20your%20Subnet%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3B%20%26nbsp%3BFrom%20your%20Subnet%20__%20To%20Internet%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi,
I installed a forti firewall on Azure to make a VPN with my 03 sophos UTM9.

The VPN connection was made well.

Whereas, I had a problem with my VMs connected to the Vnet of this firewall and which do not connect to the internet.


Attached are the screenshots:

1- Vnet config 

hamma91_0-1611595597476.png

2- Effective routes  (network interface of the VM Testing659) 


Invalid  0.0.0.0/0

 

hamma91_1-1611595674120.png

3- Route Tables : 

for inside Subnet routes

hamma91_2-1611595747263.png


and for publicfacing subnet 

hamma91_3-1611595789719.png


4- VM parmater of internet 

hamma91_5-1611595842519.png

 

 

 

hamma91_4-1611595827676.png


has anyone encountered this problem please?
your help please

2 Replies
best response confirmed by hamma91 (Contributor)
Solution

@hamma91 

 

Hi 

 

This error is normal because you have created an UDR to forward the traffic to the NVA 

So the traffic is no longer going directly to the internet  

You need to verify that  :

Local Subnets and Remote subnets are present in both firewalls 

Ipv4 policies From Internet _ To your Subnet

                     From your Subnet __ To Internet 

@ibrahimambodji 

 

Thanks bro 

Am I adding a new subnet? 

 

Will this VM be accessible by the VPN network with the Forti?