P
PETER Samuel
Guest
Securing workloads in the cloud isnโt just about protecting applicationsโitโs also about controlling how traffic flows in and out of your environment. In this project, I configured Azure Virtual Network routing to ensure that all outbound traffic from application workloads passes through a firewall for inspection and policy enforcement.
This post walks you through the scenario, architecture, configuration steps, and key takeaways from the project.
Scenario
To enforce firewall policies on outbound traffic, I needed to ensure that application traffic from both the frontend and backend subnets would route through an Azure Firewall.
Requirements:
A route table for the virtual network.
Association of the route table with both the frontend and backend subnets.
A user-defined route to send all outbound traffic (0.0.0.0/0) through the firewallโs private IP address.
Skilling Tasks
Hereโs what I practiced in this project:
Creating and configuring a custom route table in Azure.
Associating route tables with subnets.
Adding a route to direct outbound traffic through a firewall.
Architecture
The architecture looks like this:
One virtual network with:
A frontend subnet
A backend subnet
An Azure Firewall
A route table linked to both subnets, forcing outbound traffic through the firewall.
1. Record the Firewallโs Private IP
Navigate to app-vnet-firewall in the Azure Portal.
Under Overview, copy the Private IP address.
2. Create a Route Table
Search for Route tables in the portal โ + Create.
Fill in:
Property Value
Resource group RG1
Region East US
Name app-vnet-firewall-rt
Click Review + create โ Create.
3. Associate the Route Table with Subnets
Open the route table (app-vnet-firewall-rt).
Under Settings โ Subnets โ + Associate.
Associate with frontend subnet.
Repeat and associate with backend subnet.
4. Create a Route in the Route Table
In the same route table, go to Routes โ + Add.
Configure:
Property Value
Route name outbound-firewall
Destination type IP addresses
Destination CIDR 0.0.0.0/0
Next hop type Virtual appliance
Next hop address Private IP of the firewall
Key Takeaways
Azure automatically applies system routes, but user-defined routes (UDRs) let you override them.
Routing outbound traffic through an NVA (like Azure Firewall) enforces security policies.
Subnet-level associations allow fine-grained control over traffic flow.
Route tables are a critical piece in designing secure cloud networking.
Final Thoughts
This exercise gave me hands-on experience with network routing and security in Azure. Configuring user-defined routes ensures that workloads donโt bypass firewall policies, which is essential for secure architectures in production.
If youโre exploring Azure networking, Iโd recommend diving into custom routing and firewalls earlyโitโs a skill youโll need for almost every enterprise-grade deployment.
Would you have routed traffic differently, maybe using NSGs or Application Gateway instead of Firewall? Iโd love to hear your approach in the comments!
Next step for me: Extend this project by adding monitoring with Azure Monitor and logging firewall activity to see what traffic gets blocked or allowed.
Thanks for reading! If you found this useful, drop a
or follow me here on Dev.to for more Azure hands-on projects.
Continue reading...
This post walks you through the scenario, architecture, configuration steps, and key takeaways from the project.
Scenario
To enforce firewall policies on outbound traffic, I needed to ensure that application traffic from both the frontend and backend subnets would route through an Azure Firewall.
Requirements:
A route table for the virtual network.
Association of the route table with both the frontend and backend subnets.
A user-defined route to send all outbound traffic (0.0.0.0/0) through the firewallโs private IP address.
Skilling Tasks
Hereโs what I practiced in this project:
Creating and configuring a custom route table in Azure.
Associating route tables with subnets.
Adding a route to direct outbound traffic through a firewall.
Architecture
The architecture looks like this:
One virtual network with:
A frontend subnet
A backend subnet
An Azure Firewall
A route table linked to both subnets, forcing outbound traffic through the firewall.
1. Record the Firewallโs Private IP
Navigate to app-vnet-firewall in the Azure Portal.
Under Overview, copy the Private IP address.
2. Create a Route Table
Search for Route tables in the portal โ + Create.
Fill in:
Property Value
Resource group RG1
Region East US
Name app-vnet-firewall-rt
Click Review + create โ Create.
3. Associate the Route Table with Subnets
Open the route table (app-vnet-firewall-rt).
Under Settings โ Subnets โ + Associate.
Associate with frontend subnet.
Repeat and associate with backend subnet.
4. Create a Route in the Route Table
In the same route table, go to Routes โ + Add.
Configure:
Property Value
Route name outbound-firewall
Destination type IP addresses
Destination CIDR 0.0.0.0/0
Next hop type Virtual appliance
Next hop address Private IP of the firewall
Key Takeaways
Azure automatically applies system routes, but user-defined routes (UDRs) let you override them.
Routing outbound traffic through an NVA (like Azure Firewall) enforces security policies.
Subnet-level associations allow fine-grained control over traffic flow.
Route tables are a critical piece in designing secure cloud networking.
Final Thoughts
This exercise gave me hands-on experience with network routing and security in Azure. Configuring user-defined routes ensures that workloads donโt bypass firewall policies, which is essential for secure architectures in production.
If youโre exploring Azure networking, Iโd recommend diving into custom routing and firewalls earlyโitโs a skill youโll need for almost every enterprise-grade deployment.
Would you have routed traffic differently, maybe using NSGs or Application Gateway instead of Firewall? Iโd love to hear your approach in the comments! Next step for me: Extend this project by adding monitoring with Azure Monitor and logging firewall activity to see what traffic gets blocked or allowed.Thanks for reading! If you found this useful, drop a
or follow me here on Dev.to for more Azure hands-on projects.Continue reading...
