- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Outbound internet access not working on Azure VMSS...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Outbound internet access not working on Azure VMSS scale set
We have an Azure VMSS scale set deployed with an internal and external load balancer. We are having issues getting internal hosts to access the internet. I created a HIDE NAT as follows:
Original src=10.40.1.5, Original dest=ANY, Original service=ANY
Translated src=VMSS firewall object (HIDE)
I also have a policy rule permitting both the original src and the scale set access to ANY dest on ANY port
When I try to go to the Internet form host 10.40.1.5 I see the traffic come into the vmss on eth1 and leave on eth0 (translated) but I get no return traffic from the Internet.
Is there something additional (besides the HIDE NAT) that we need to configure on the VMSS? Or is the issue outside the VMSS (in Azure).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1) Set a default route to the azure network controller (IP x.x.x.1) on the external interface.
2) Set the correct IP network security settings in azure.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can also refer to the Admin Guide for Azure VMSS where all possible traffic patterns described:
Specifically Outbound traffic configurations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi J_Saun,
In Translated Source - Create Dynamic Object with name as "LocalGatewayInternal" and give HIDE NAT. (Remove the Object of VMSS Hide NAT)
Translated src=LocalGatewayInternal (HIDE)
Make sure you have fetched the Topology in VMSS and Routes towards Internal servers.
Regards, Prabu