Azure XG instance and web server running in Azure

Question

Hi, 
 I've deployed Sophos XG to Azure virtual network and created routing table so that all traffic goes through Sophos XG. Behind firewall I have old preconfigured (used before fw implementation) linux web server connected to XG lan interface and I can resolve web server internal ip address from azure vnet and local lan using site to site tunnel but not from outside. 
 I don't know how to continue from there. 
 the web server must obviously be accessible from outside. What would be best practice to enable outside access to web server and protect other VM's behind firewall. 
 XG instance has his own public address assigned to wan interface, and web server has his own public ip attached to nic.Other machines behind fw don't need to accessible from outside. 
 
 Thanks, 
 Carlo

LuCar Toni · Answer

Sounds like you are missing the Default Routes: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122504/xg-firewall-on-azure-how-to-deploy

Carlo · Answer

I think I've solved my issue. 
 
 several things was misconfigured: 
 
 Alias interface 
 Azure network security groups 
 DNAT (because alias interface was pointing to nowhere) 
 
 You need to create alias interface to assign public ip using this tutorial 
 
 https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/126506/sophos-xg-firewall-how-to-create-multiple-public-ip-on-the-xg-public-interface-in-azure 
 
 For NSG is not enough to remove from nic but I needed to create new NSG and allow inbound and outband traffic to subnet wan. 
 Found this tutorial for similar setup 
 https://www.youtube.com/watch?v=4pESXPx-Tgk 
 
 Lastly I had to reconfigure DNAT 
 Now I can resolve web server public ip, and also access admin portal from wan on different public ip.

Thank you, 
 Carlo

Azure XG instance and web server running in Azure

Top Replies

Submitted a Tech Support Case lately from the Support Portal?