Azure | OPNsense 20.1 | Unable to route trafic to internet

[Purneau]

Dear reader,

The past days I've spent trying to get the below to work. Unfortunately I couldn't find any specific explanation on how to make our setup work, so I hope anyone here can help me out.

What we try to achieve (in Azure):

One VNet: 172.20.0.0/24
Application subnet (172.20.0.80/28) containing an application server with IP 172.20.0.84

OPNsense installed on a FreeBSD VM with three interfaces:
"untrusted" interface - untrusted subnet 172.20.0.192/27 - internal IP 172.20.0.196 - also has an external IP assigned to this nic
"management" interface - management subnet 172.20.0.160/27 - internal IP 172.20.0.164
"trusted" interface - trusted subnet 172.20.0.144/28 - internal IP 172.20.0.148

We created a route table for the Application subnet to route all traffic (0.0.0.0/0) to the trusted interface of the firewall (172.20.0.148)

We want OPNsense to use the untrusted interface to go outside (e.g. www.google.com).
If we perform this command (curl www.google.com) on the shell of the OPNsense VM, that works fine.

We see the request coming in through the trusted interface and going out via the untrusted interface, but never anything returns.

We have the feeling that we miss something, either some specific configuration in OPNsense or an Azure dependency we overlook.

Any thoughts? Let me know if you need more information.

Thanks a lot in advance!