Task 2: Deploy a Route Table and Create a UDR

In Task 2, you will deploy a Route Table and modify the Route Table by associating both protected subnets to use port2 of the FortiGate as the default route. These routes are referred to as User Defined Routes (UDRs).

Create and configure an Azure Route Table

  1. Navigate to your Resource Group

  2. Click “+ Create”

    azure-deploy-route-table-1

    You will be redirected to the Azure Marketplace.

  3. Search Route Table

  4. Select the “Route table” offering from Microsoft

  5. Click “Create”

  6. Click “Route table”

    azure-deploy-route-table-2

    You will be redirected to the Create Route table template.

    Under the Basics tab, the Subscription and Resource Groups should already be filled in with your assigned info. If not, see the screen shot below for details.

  7. Under Instance details, enter the following:

    • Region: West US 3
    • Name: route-table

  8. Click “Review + create”

    azure-deploy-route-table-3

  9. Click “Create”

    azure-deploy-route-table-4

  10. Click on the “Resource group” when the deployment is complete

    azure-deploy-route-table-5

  11. Click on “route-table”

  12. Click “Routes” under “Settings”

  13. Click “+ Add”

  14. Enter in the Add route panel

    • Route name: default
    • Destination type: Select IP Addresses
    • Destination IP address/CIDR ranges: 0.0.0.0/0
    • Next hop type: Select Virtual appliance
    • Next hop address: 192.168.1.36 (Confirm this is the same IP assigned to port2 on your FortiGate NVA).

  15. Click Add

    azure-deploy-route-table-6
    azure-deploy-route-table-7

    The new route called default is listed under the Routes section

    azure-deploy-route-table-8

  16. Add two more routes for snet-a and snet-b.

    • Route name: snet-a
    • Destination type: Select IP Addresses
    • Destination IP address/CIDR ranges: 192.168.1.128/27
    • Next hop type: Select Virtual appliance
    • Next hop address: 192.168.1.36 (Confirm this is the same IP assigned to port2 on your FortiGate NVA).

  17. Click Add

    • Route name: snet-b
    • Destination type: Select IP Addresses
    • Destination IP address/CIDR ranges: 192.168.1.160/27
    • Next hop type: Select Virtual appliance
    • Next hop address: 192.168.1.36 (Confirm this is the same IP assigned to port2 on your FortiGate NVA).

  18. Click Add

    azure-deploy-route-table-9

  19. Click “Subnets”

  20. Click “+ Associate”

  21. Enter in the Associate subnet panel

    • Virtual network: abc-server-vnet
    • Subnet: Select snet-a

  22. Click “OK”

  23. Enter in the Associate subnet panel

    • Virtual network: abc-server-vnet
    • Subnet: Select snet-b

  24. Click “OK”

    azure-deploy-route-table-10
    azure-deploy-route-table-11

  25. Click Overview

  26. View a summary of the Routes and associated Subnets

    azure-deploy-route-table-12

Remove the Public IP Addresses from the Linux VMs

  1. Navigate to your Resource Group

  2. Click on “linux-a-vm-ip”

  3. Click on “Disassociate”

  4. Click “Yes” to confirm disassociation

  5. Click on “Delete”

  6. Click “Yes” to confirm deletion

    azure-deploy-route-table-13
    azure-deploy-route-table-14
    azure-deploy-route-table-15
    azure-deploy-route-table-16

  7. Repeat for “linux-b-vm-ip”

Because the Route Table is associated to the VNET, directing traffic to the FortiGate using the Public IPs attached to the Linux VMs is not possible because traffic leaving Linux VMs will be forced to the FortiGate and there will be no awareness and the traffic will be dropped.

The following diagram is a representation of your current VNET with Linux VM deployment and FortiGate NVA

azure-secured-vnet