PfSense in Azure
-
I have a appliance in Azure with an OpenVPN and RDP configured. It is installed on a separate subnet and all is working well. Access to resources through OpenVPN works just fine to other subnets.
The appliance has one NIC with IP-forwarding enabled in Azure. UserDefinedRouting is enabled for the subnets with VMs.
Is it OK to configure the Azure NSG for the appliance to allow all inbound traffic and let the rules in pfSense handle all traffic? This is all new for me and a sanity check is appreciated.
One concern is that I can access a VM with the external IP and RDP if enabled on the VMs NSG/NIC. I thought that all the routing was supposed to go through the appliance and not use Azure default routes. It should not work, I think…
I started out with this blog post:
https://www.opsgility.com/blog/2016/07/14/rethinking-paradigms-in-networking-firewalls-in-the-public-cloud/