https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/55271#M2920 <P>Hi&nbsp;<SPAN>Nir,</SPAN></P><P><SPAN>i am not sure if it is sufficient, but have you configured the peerings as follows:</SPAN></P><P><SPAN>•Configure the VNet peering connection in the hub to allow gateway transit.<BR />•Configure the VNet peering connection in each spoke to use remote gateways.<BR />•Configure all VNet peering connections to allow forwarded traffic.</SPAN></P><P><SPAN><A href="https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke" target="_blank">https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke</A></SPAN></P><P>&nbsp;</P><P><SPAN>Matthias</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Jun 2019 09:22:52 GMT Matthias_Haas 2019-06-07T09:22:52Z https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/54364#M2919 <P>Hi,</P> <P>I have a customer who is building a Hub-And-Spoke infrastructure in Azure.&nbsp;</P> <P>We added a Cluster-HA in his HUB vNet in order to route all the traffic from spokes vNets via the Custer to On-Prem and vice versa.</P> <P>The customer has an Express Route in the HUB spoke to access the On-Prem networks. The Azure Virtual GW publish to On-Prem the networks of the HUB vNet.</P> <P>This is more an Azure questions , How can I make the Express Route Virtual GW to publish the spokes vNets to On-Prem ?</P> <P>I added a UDR on the GatewaySubnet to route traffic to the spokes via the CG Cluster but that route doesn't propagate to On-Prem.</P> <P>Someone told me that the Express Route Virtual GW should also see the Peered vNets subnets and publish them but we don't see it.</P> <P>&nbsp;</P> <P>If anyone did something similar in other customers , please advise,</P> <P>&nbsp;</P> <P>Regards,</P> <P>&nbsp;</P> <P>Nir&nbsp;</P> Sun, 26 May 2019 09:15:28 GMT https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/54364#M2919 Nir_Shamir 2019-05-26T09:15:28Z https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/55271#M2920 <P>Hi&nbsp;<SPAN>Nir,</SPAN></P><P><SPAN>i am not sure if it is sufficient, but have you configured the peerings as follows:</SPAN></P><P><SPAN>•Configure the VNet peering connection in the hub to allow gateway transit.<BR />•Configure the VNet peering connection in each spoke to use remote gateways.<BR />•Configure all VNet peering connections to allow forwarded traffic.</SPAN></P><P><SPAN><A href="https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke" target="_blank">https://docs.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke</A></SPAN></P><P>&nbsp;</P><P><SPAN>Matthias</SPAN></P><P>&nbsp;</P><P>&nbsp;</P> Fri, 07 Jun 2019 09:22:52 GMT https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/55271#M2920 Matthias_Haas 2019-06-07T09:22:52Z https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/55278#M2921 <P>Do you have BGP route propagation enabled? What do you see in effective routes?</P> Fri, 07 Jun 2019 13:12:29 GMT https://community.checkpoint.com/t5/Cloud-Firewall/publishing-routes-to-On-Prem-via-Express-Route/m-p/55278#M2921 Martin_Valenta 2019-06-07T13:12:29Z