AKS Egress lockdown using Azure Firewall sitting on a different VNET Connected with Azure WAN
Hi ,
I am trying to implement Egress traffic lock down for our AKS Clusters and below is my simple setup details .
- I have a AKS Cluster deployed in VNET-01
- I have a Azure Firewall Deployed in VNET-02
- Both VNET-01 and VNET-02 are linked via Azure WAN (Hubs)
- I have configured UDR on the AKS Subnet to send all traffic 0.0.0.0/0 to Azure Firewall Private IP sitting on VNET-02
This solution doesn't seem to work and upon some research I found this article https://video2.skills-academy.com/en-us/azure/virtual-network/virtual-networks-udr-overview#user-defined which claims this is not possible . Would be helpful if I could understand what is causing this behavior and also how do other enterprises using Azure WAN overcome it . Peering the network manually seems to be working but peering all the VNET's manually dosent look like a proper solution .