User defined Routes through a firewall

I'm using ARM templates and having difficulty in setting up a UDR from a ubuntu VM to firewall.

Firewall has two interfaces (1) 10.0.1.4 (vnet 10.0.1.0/24)  and (2) 10.0.2.4 (vnet 10.0.2.0/24). I enabled forwarding through the ARM template on the firewall.

I'm creating two ubuntu VMs and one VM will be in subnet 10.0.1.0/24 and another one in 10.0.2.0/24. As a result VM1 gets IP 10.0.1.5 and VM2 gets 10.0.2.5. I'm also adding the gateway IP in each Ubuntu VM route 'route add' command in linux.

Now when I ping, the packets still go through system routes on Azure but not through firewall. Here are the templates:

Firewall ARM template:

    {

        "apiVersion": "2015-06-15",

        "type": "Microsoft.Network/networkInterfaces",

        "name": "[concat(variables('nicName'), copyindex())]",

        "location": "[variables('location')]",

        "tags": {

          "displayName": "[concat('NetworkInterfaces', copyindex())]"

        },

        "copy": {

          "name": "VMSeriesniccount",

          "count": "[parameters('nicCount')]"

        },

        "properties": {

          "ipConfigurations": [

            {

              "name": "[concat('ipconfig', copyindex())]",

              "properties": {

                "enableIPForwarding": true,

                "privateIPAllocationMethod": "Dynamic",

                "subnet": {

                  "id": "[variables(concat('subnet',copyindex(),'Ref'))]"

                }

              }

            }

          ]

        }

      },

Ubuntu VM ARM template:

    "vmaIpAddress": {

      "type": "string",

      "defaultValue": "10.0.1.4",

      "metadata": {

        "description": "IP address for virtual appliance."

      }

    },

    "RouteTableName": {

      "type": "string",

      "defaultValue": "UDR-RouteTableName",

      "metadata": {

        "description": "Name for subnet route table."

      }

    },

    "backEndSubnetPrefix": {

      "type": "string",

      "defaultValue": "10.0.2.0/24",

      "metadata": {

        "description": "CIDR address prefix for the back end subnet."

      }

    }

[.]

    {

      "apiVersion": "2015-05-01-preview",

      "type": "Microsoft.Network/routeTables",

      "name": "[parameters('RouteTableName')]",

      "location": "[resourceGroup().location]",

      "tags": {

         "displayName": "Route Table"

      },

      "properties": {

         "routes": [

         {

            "name": "[concat(variables('vmName'),'-routes')]",

            "properties": {

               "addressPrefix": "[parameters('backEndSubnetPrefix')]",

               "nextHopType": "VirtualAppliance",

               "nextHopIpAddress": "[parameters('vmaIpAddress')]"

            }

         }

        ]

      }

    },

    {

      "apiVersion": "2015-05-01-preview",

      "type": "Microsoft.Network/virtualNetworks",

      "name": "[variables('virtualNetworkName')]",

      "location": "[variables('location')]",

      "properties": {

        "addressSpace": {

          "addressPrefixes": [

            "[variables('addressPrefix')]"

          ]

        },

        "subnets": [

          {

            "name": "[variables('subnet0Name')]",

            "properties": {

              "addressPrefix": "[variables('subnet0Prefix')]"

            }

          },

          {

            "name": "[variables('subnet1Name')]",

            "properties": {

              "addressPrefix": "[variables('subnet1Prefix')]",

              "routeTable": {

                "id": "[resourceId('Microsoft.Network/routeTables', parameters('RouteTableName'))]"

              }

            }

          }

        ]

      }

    },