Setup:
Azure virtual network, address space 10.7.0.0/16.
Perimeter subnet - 10.7.0.0/29
- Firewall appliance 10.7.0.4
Inside Subnet - 10.7.1.0/24
- Host1 (10.7.1.4)
UDR routes traffic from Inside subnet to firewall appliance
- Destination: 0.0.0.0/0 Next-Hop: 10.7.0.4Type: Virtual Appliance
No Network Security Groups are in use.
Issue:
Host (10.7.1.4) on subnet 10.7.1.0/24 cannot browse the Internet. Note when I tracert from host I see the firewall is the first hop (UDR is working):
PS C:\Users\demouser> tracert www.homestead.com
Tracing route to www.homestead.com [108.167.135.50]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.7.0.4
2 * * * Request timed out.
Also I see the traffic being allowed on the firewall:
pass/1467663836
Jul 6 03:38:19 WAN 10.7.1.4:63396 108.167.135.50:80 TCP:SEC
Packet capture from firewall shows host trying to set up TCP session.
12 9.086574 10.7.1.4 108.167.135.50 TCP 66 63438 → 80 [SYN, ECN, CWR] Seq=0 Win=65535 Len=0 MSS=1418 WS=256 SACK_PERM=1
Then it re-transmits several times. So it seems like firewall is doing it's job but I'm guessing maybe there is not a path back to the host? Any thoughts as to what may be going wrong and how to troubleshoot further would be very appreciated. I'm banging my
head up against a wall at this point...