04-27-2021 09:24 PM
On public cloud Azure, why we need to translate source address also for Destination NAT?
When i am translating source with trust interface IP it is working fine but when i am keeping the address as original it is not working.
Kindly let me know is there any limitation on Public cloud for that we require source translation as well?
04-27-2021 10:47 PM
This mainly depends on how the routing is configured. Azure is very kind and adds routes of peered vNets and so on. Unfortunately this is not what we need when using a NVA.
Check the effective route on the servers, and overwrite the routing accordingly. Asynchronous routing has to be prevented.
04-28-2021 05:23 AM
It's due to the return path routing. If you were using a single firewall or an HA pair, you would need to have your 0/0 route pointing back to the firewall to maintain symmetry. Typically, it is recommended to use an App Gateway in front of the firewalls which can insert the XFF header if the traffic is HTTP.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!