Route LAN traffic to the internet via Sophos Firewall
You can route LAN traffic to the internet via Sophos Firewall on Microsoft Azure.
Requirements
A deployed Sophos Firewall on Microsoft Azure. See Deploy Sophos Firewall on Microsoft Azure.
Configuration
To route LAN traffic to the internet via the firewall, do as follows:
- Sign in to Microsoft Azure portal.
-
Go to Virtual machines. You can also search for it in the search box.
-
Click the firewall you want to configure and take note of the virtual network.
-
You must turn off the firewall before you proceed. To do this, click Stop and click Yes.
-
When the firewall is turned off, click the firewall's resource group.
-
Click the firewall's LAN interface. For example,
PortA
. - Go to Settings > IP configurations.
-
Click ipconfig.
In Edit IP configuration, configure the following settings:
-
On the search box at the top, search for
Route tables
and click Route tables. -
Click Create and configure the following settings:
- Subscription: Select the subscription associated with your Microsoft Azure portal account.
- Resource group: Select the same resource group as the firewall.
- Region: Select the same region as the firewall.
- Name: Enter a name.
- Propagate gateway routes: Select Yes.
-
Click Review + create.
A validation test starts. If it fails, check your configuration.
-
When the validation test succeeds, review the details and click Create.
The deployment process takes a few minutes to complete.
-
When the deployment is complete, click Go to resource to see the details.
-
Go to Settings > Subnets.
-
Click Associate.
In Associate subnet, configure the following settings:
-
Go to Routes.
-
Click Add.
In Add route, configure the following settings:
- Route name: Enter a name.
- Destination type: Select IP addresses.
- Destination IP addresses/CIDR ranges: Enter
0.0.0.0/0
. - Next hop type: Select Virtual appliance.
- Next hop address: Enter the firewall's LAN IP address noted in step 8.
- Click Add.
All traffic from the LAN subnet going to the internet is now routed via PortA
(LAN) of the firewall.