Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Azure App Service Vnet outbound networking
« previous
next »
Print
Pages: [
1
]
Author
Topic: Azure App Service Vnet outbound networking (Read 277 times)
ksodroski
Newbie
Posts: 1
Karma: 0
Azure App Service Vnet outbound networking
«
on:
July 08, 2024, 05:36:43 pm »
Hi everyone,
We're trying to replace our Azure Firewall with OpnSense to filter and inspect the outbound traffic from our azure app services.
In azure, a subnet that's used for Azure App Services must have a subnet "delegation," which means that no other service/device/nic can be connected to that subnet.
When using azure firewall, creating a routing rule that forwards to the virtual appliance in this subnet works without issue: outbound traffic is correctly filtered with rules.
When trying to replicate this with OpnSense, even if we disable the firewall functionality, we're unable to get any response back.
Example subnet:
AppService Delegation: 10.1.1.0/24
Frontend (WAN, but is called lan in Azure due to the way the task creates it): 10.1.0.0/24
Backend: 10.1.2.0/24 - Appliance ip -> 10.1.2.5
Routing rule for AppService Delegation: 0.0.0.0/0 -> 10.1.2.5
With the firewall enabled and default rules, we can see the backend interface blocking traffic. When adding an "allow all" rule, we see these connections no longer being blocked, but the app service is unable to receive a response.
When we allow all traffic through the backend interface, we can see the traffic is no longer blocked, and it looks like the request is correctly being forwarded by the app service delegation, but never receives a response back.
Has anyone dealt with this configuration before? I've scoured the internet for quite a while without seeing anyone talk about this configuration. I even started looking at pfsense to see if they have a tutorial, but all tutorials seem to deal with VMs where the opnsense backend nic is connected to the same subnet that components are connected to.
Any help would be much appreciated.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Azure App Service Vnet outbound networking