Azure internet routing

Question

I've got a strange one. 
 
 I've deployed Azure "out of the box" following this doc: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122504/xg-firewall-on-azure-how-to-deploy 
 
 From the VM, I can ping the Sophos device, but I can't ping the internet 
 However, from the Sophos I can ping the internet 
 I've gone through every single Azure setting I can find, and everything looks correct compared to another environment I have setup in a similar config 
 Sophos XG has a trial license applied 
 Packet capture shows everything appears to be correct. 10.100.2.1 is the VM, 10.100.0.4 is the WAN port, 10.100.1.254 is the LAN port. 
 I have one firewall rule, LAN -> WAN, Any/Any and the default SNAT rule enabled with MASQ

Stuart James · Accepted Answer

Found the solution. Had to add a static route to the /16 subnet to go to the Sophos LAN subnet on .1 
 
 I have absolutely no idea why Sophos don't do this as part of their deployment. Hopefully this helps someone else.

Azure internet routing

Top Replies