AKS Egress lockdown using Azure Firewall sitting on a different VNET Connected with Azure WAN

Muthukumar, Harinarayanan 6 Reputation points
2022-12-20T14:17:32.66+00:00

Hi ,

I am trying to implement Egress traffic lock down for our AKS Clusters and below is my simple setup details .

  1. I have a AKS Cluster deployed in VNET-01
  2. I have a Azure Firewall Deployed in VNET-02
  3. Both VNET-01 and VNET-02 are linked via Azure WAN (Hubs)
  4. I have configured UDR on the AKS Subnet to send all traffic 0.0.0.0/0 to Azure Firewall Private IP sitting on VNET-02

This solution doesn't seem to work and upon some research I found this article https://video2.skills-academy.com/en-us/azure/virtual-network/virtual-networks-udr-overview#user-defined which claims this is not possible . Would be helpful if I could understand what is causing this behavior and also how do other enterprises using Azure WAN overcome it . Peering the network manually seems to be working but peering all the VNET's manually dosent look like a proper solution .

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
600 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,963 questions