There was missing a route from our on-premises firewall, which was the reason for this not working. Sorted out now, many thanks for the inputs.
Access Private Endpoints from on-premise with Azure Firewall & S2S VPN
Greetings,
Something I thought should be relatively simple, seems to be a bit more of a struggle than first expected.
Summary;
Hub & Spoke subscriptions setup. Azure Firewall in Hub Subscription.
S2S VPN connected against Hub-VNET.
Want to be able to access Private Endpoints from our on-premise network.
Private Endpoints live in a spoke VNET/Subnet.
In the GatewaySubnet I have added routes with next hop Virtual Appliance with Azure Firewall IP, for the /16 IP range that is assigned to the spoke VNET. I have also created /32 routes for the Private Endpoint IPs. (Shouldn´t this route the traffic from on-prem through the FW?)
In the subnet where the private endpoints are located, I have enabled the "Private endpoint network policy".
I have tried to create Application Rules in the firewall, from a on-prem IP to the ..azurewebsites.net & database.windows.net FQDNs.
I can´t see any of the traffic in the Azure Firewall logs. Nothing blocked, nothing allowed. Even if I have the explicit /32 routes in the GatewaySubnet.
Starting to get out of ideas on what to try. Any thoughts?
Many thanks!