Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Route LAN traffic to the internet via Sophos Firewall

You can route LAN traffic to the internet via Sophos Firewall on Microsoft Azure.

Requirements

A deployed Sophos Firewall on Microsoft Azure. See Deploy Sophos Firewall on Microsoft Azure.

Configuration

To route LAN traffic to the internet via the firewall, do as follows:

  1. Sign in to Microsoft Azure portal.
  2. Go to Virtual machines. You can also search for it in the search box.

    Microsoft Azure Virtual machines service.

  3. Click the firewall you want to configure and take note of the virtual network.

    Firewall virtual network.

  4. You must turn off the firewall before you proceed. To do this, click Stop and click Yes.

  5. When the firewall is turned off, click the firewall's resource group.

    Firewall resource group.

  6. Click the firewall's LAN interface. For example, PortA.

  7. Go to Settings > IP configurations.
  8. Click ipconfig.

    In Edit IP configuration, configure the following settings:

    1. Allocation: Select Static.
    2. Take note of the Private IP address.

      Firewall LAN configuration.

    3. Click Save.

  9. On the search box at the top, search for Route tables and click Route tables.

    Route tables service.

  10. Click Create and configure the following settings:

    1. Subscription: Select the subscription associated with your Microsoft Azure portal account.
    2. Resource group: Select the same resource group as the firewall.
    3. Region: Select the same region as the firewall.
    4. Name: Enter a name.
    5. Propagate gateway routes: Select Yes.
  11. Click Review + create.

    A validation test starts. If it fails, check your configuration.

  12. When the validation test succeeds, review the details and click Create.

    The deployment process takes a few minutes to complete.

  13. When the deployment is complete, click Go to resource to see the details.

    Route tables deployment complete.

  14. Go to Settings > Subnets.

  15. Click Associate.

    In Associate subnet, configure the following settings:

    1. Virtual network: Select the same virtual network as the firewall.
    2. Subnet: Select the LAN subnet.

      Associate subnet.

    3. Click OK.

  16. Go to Routes.

  17. Click Add.

    In Add route, configure the following settings:

    1. Route name: Enter a name.
    2. Destination type: Select IP addresses.
    3. Destination IP addresses/CIDR ranges: Enter 0.0.0.0/0.
    4. Next hop type: Select Virtual appliance.
    5. Next hop address: Enter the firewall's LAN IP address noted in step 8.
    6. Click Add.

All traffic from the LAN subnet going to the internet is now routed via PortA (LAN) of the firewall.