Adding a optional interface to Azure hosted Firebox
I have a Azure hosted Firebox (FB) that I need to add a optional interface to.
In Azure I've changed the VM size to one that supports the required number interfaces, created the additional subnet, created the NIC, created a routing table for this subnet, added the required routes to the other subnet routing tables, and attached the nic to the firebox. After starting the FB the additional interface is shown in WSM with the expected IP.
I've then created a VM attached to the optional network subnet and created a rdp rule allowing traffic through to the VM. However I can't connect through to the VM, traffic is seem in FSM and packet captures show the correct packets on the optional interface, but no reply (ack) is ever received.
I have another vm configured the same on the trusted subnet with the same rule setup, different external port obviously, and this works fine so am certain the vm is configure to accept the traffic on 3389 and that the policy in the FB is configured correctly.
Is anyone aware of a step by step guide for configuring an optional interface on a cloud firebox or can provide some sort of guidance on the setup process for a optional interface on an azure hosted FB? I've run through this setup 3 time now always with the same result, I suspect I'm missing something in one of the route tables, possible on the firebox itself but at this point have support and our SE stumped. MS support has indicated at a route needing to be added to the Linux OS hosting the firebox but the route table shown by the FB looks correct.
Comments
We found the solution with WG suports help (after 20 or so days), against the additional NIC in Azure under IP configuration we needed to enable 'IP Forwarding'
That usual helps to get packets forwarded
Yeah, and obvious now but easily missed
And this, i believe, has nothing to do with our technical skills, but rather a bad designed GUI interface.