Bastion Host on Azure

Hello @HITESH AGARWAL ,

Azure Bastion service is a fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over TLS.
UDR is not supported on an Azure Bastion subnet. For scenarios that include both Azure Bastion and Azure Firewall/Network Virtual Appliance (NVA)/Load Balancer in the same virtual network, you don’t need to force traffic from an Azure Bastion subnet to Azure Firewall/NVA/LB because the communication between Azure Bastion and your VMs is private. All connections to Azure Bastion are enforced through the Azure Active Directory token-based authentication with 2FA, and all traffic is encrypted/over HTTPS. So connecting to your VMSS Instance using Bastion where your connection can go through the Load Balancer placed infront of VMSS is not possible.
As of now, we block adding a UDR on Azure Bastion Subnet due to multiple reasons. We do plan to explore support for force tunneling scenario going forward. Unfortunately, we don't have any assertive ETA at this point in time. One of the main reason is that adding an incorrect UDR can prevent Bastion normal operation.

Please refer : https://video2.skills-academy.com/en-us/azure/bastion/bastion-faq#udr
https://azure.microsoft.com/en-gb/blog/accessing-virtual-machines-behind-azure-firewall-with-azure-bastion/

Please feel free to share your feedback here requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

Kindly let us know if you need any further assistance on this issue from our end.

----------------------------------------------------------------------------------------------------------------

Please don’t forget to "Accept the answer" wherever the information provided helps you, this can be beneficial to other community members.