Azure Pfsense + Application Gateway + vNet Peering
-
I am stumped. Setup Hub and Spoke
192.168.1.0/0/24 - Pfsense (Hub)
192.168.2.0/ 26 - Application Gateway (Hub)
172.30.3.0/24 - Webserver (Spoke vNet Peered)vNet Peer Config: Configuration
Configure virtual network access settings
Allow virtual network access from Hub to Spoke
EnabledPfsense NAT
192.168.1.5 (With PiP) forward to 192.168.2.5 (AG Private Front End IP)Intended traffic flow: pfsense -> app gateway -> webserver
Current Route Tables:
Dest. 0.0.0.0/0 Route Internet Subnet Association: 192.168.1.0/24
Dest. 192.168.1.0/24 Route Virtual NetworkWhy can I not access webserver site on port 80?
NSG Allow all on port 80
Pfsense Allow all on port 80
App Gateway Listener on Port 80 to server backend pool private ip 172.30.3.4 (Works with no Pfsense and Route Tables when using AG Public Front End IP)I tried following this reference guide but it doesn't seem to work:
https://docs.microsoft.com/en-us/azure/architecture/example-scenario/gateway/firewall-application-gateway#hub-and-spoke-topologyHas anyone else tried creating something similar?
-
Turns out global vNet peering on the LB function of Application Gateways is not supported. This is a Azure Application Gateway limitation and not related to Pfsense: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-troubleshoot-peering-issues. Posting this on 10/5/2020 if anyone else runs into this issue, I hope this helps