terraform-azurerm-caf-enterprise-scale icon indicating copy to clipboard operation
terraform-azurerm-caf-enterprise-scale copied to clipboard

Published 20 hours ago verified publisher icon Azure

Vwan connectivity issue

Open vrrasann opened this issue 2 years ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform:

azure provider:

module:

Description

Describe the bug

Using the vwan to deploy with custom settings, unsecured vwan hub is created with vpn, without firewall

Created a hub to configure the firewall on the same subscription

Steps to Reproduce

  1. when users are trying to connect using point to site , the traffic routes to vpngateway at vwan hub
  2. but same traffic couldnt route to vhub network
  3. due to this the traffic from vpnuser is not getting routed to any other spokes the settings that we tried with other options on the peering link

Screenshots

Traffic forwarded from remote virtual network Allow (default) - not selected on the peering Block traffic that originates from outside this virtual network- select on the peering duet to which the traffic is not seems to be work properly

Additional context

vrrasann avatar Aug 03 '22 16:08 vrrasann

Hi @vrrasann... thank you for your question.

Without a full configuration it would be difficult to assist with this issue, however all network routing is left as defaults (by design) for resources configured by the module.

It's intended that all routing and firewall configuration is performed outside the module by our customers.

You can think of it in the way that the module helps by "performing the installation of these resources in your data center", whilst configuration of specific resources is assigned to dedicated teams with expertise in that area. So in this case, we would expect someone from the platform team with "NetOps" skills to be responsible for customizing routing by adding Route Table resources, etc. as needed.

As I believe you are trying to configure a "sidecar" virtual network for the Azure Firewall using a traditional "hub" network, this is an advanced configuration and not something we support with the module.

If there are specific resource settings you would like help configuring with custom values through the module, please let us know and we will do our best to assist.

krowlandson avatar Aug 08 '22 06:08 krowlandson

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 7 days. It will be closed if no further activity occurs within 7 days of this comment.

ghost avatar Aug 15 '22 08:08 ghost