Would Force Tunnelling break WVD Front End?

%3CLINGO-SUB%20id%3D%22lingo-sub-1545178%22%20slang%3D%22en-US%22%3EWould%20Force%20Tunnelling%20break%20WVD%20Front%20End%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1545178%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20wondering%20if%20anyone%20has%20tried%20enabling%20force%20tunneling%20like%20this%20article%20with%20a%20WVD%20environment%3F%26nbsp%3B%20Thinking%20about%20tunneling%20internet%20traffic%20back%20across%20a%20Site%20to%20Site%20VPN%20and%20out%20a%20Fortigate%20Firewall.%26nbsp%3B%20Would%20this%20potentially%20break%20the%20front%20door%20and%20load%20balancing%20of%20WVD%20or%20should%20this%20work%20without%20any%20issues%3F%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fpetri.com%2Fazure-forced-tunneling%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpetri.com%2Fazure-forced-tunneling%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1545597%22%20slang%3D%22en-US%22%3ERe%3A%20Would%20Force%20Tunnelling%20break%20WVD%20Front%20End%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1545597%22%20slang%3D%22en-US%22%3EI%20ran%20into%20the%20this%20requirement%20for%20a%20client%20that%20wanted%20to%20proxy%20internet%20traffic%20to%20an%20on-premise%20firewall.%20The%20provisioning%20process%20and%20the%20session%20hosts%20need%20to%20reach%20back%20to%20the%20WVD%20control%20plane%20constantly%2C%20and%20the%20control%20plane%20is%20locked%20down%20to%20Azure%20IP%20addresses.%20Therefore%2C%20since%20the%20fortigate%20firewall%20is%20on-premise%2C%20it%20won't%20work%20well.%20I%20was%20told%20that%20theoretically%2C%20you%20can%20deploy%20agents%20manually%20then%20use%20explicit%20proxy%20settings%20in%20IE%20setting%20to%20force%20traffic%20to%20go%20back%20thru%20the%20tunnel%2C%20but%20that%20is%20not%20an%20acceptable%20solution%20so%20we%20gave%20up.%20The%20support%20method%20is%20to%20proxy%20network%20traffic%20through%20an%20Azure-based%20firewall.%3C%2FLINGO-BODY%3E
Occasional Contributor

I am wondering if anyone has tried enabling force tunneling like this article with a WVD environment?  Thinking about tunneling internet traffic back across a Site to Site VPN and out a Fortigate Firewall.  Would this potentially break the front door and load balancing of WVD or should this work without any issues?

https://petri.com/azure-forced-tunneling

 

2 Replies
I ran into the this requirement for a client that wanted to proxy internet traffic to an on-premise firewall. The provisioning process and the session hosts need to reach back to the WVD control plane constantly, and the control plane is locked down to Azure IP addresses. Therefore, since the fortigate firewall is on-premise, it won't work well. I was told that theoretically, you can deploy agents manually then use explicit proxy settings in IE setting to force traffic to go back thru the tunnel, but that is not an acceptable solution so we gave up. The support method is to proxy network traffic through an Azure-based firewall.

Would it even work then to have a Fortigate Azure VM Firewall (in Azure) to send the Wvd internet traffic through?  Or would that also break the routing with Wvd Front End?