Can’t connect to Azure VM via pfSense

... or via a port forward either. I'm trying to set up an Azure environment where I have 3 webserver VMs behind a pfSense firewall instance. I'm running into a 2 brickwalls which I suspect to be one and the same.

Basically, my Azure VMs do not receive any traffic on their private IPs, unless it originates from one of my Azure vnets. I have a network security group configured to be 100% wide open on a test machine (with a private IP but no public IP) and that makes no difference.

  1. In a regular WAN/LAN setup, with VMs behind the pfSense, port forwards do not work. I can sit in the pfsenses console running TCPDUMP, and watch the connection come in on the WAN, go out on the LAN... and then that's it. It doesn't make it to the VMs. Outbound traffic from the VMs goes out the pfSense firewall perfectly fine, the VMs have no problem getting internet access. It seems something to with external traffic coming into the Azure subnet or the VMs NICs.

  2. I have an IPSec VPN connection, from my Azure environment, to a local network, connecting to a pfSense. I've been using it successfully for database backups from the VMs to a local server, so again the traffic originating from the Azure VMs has no problem getting to where ever it needs to go. But when I try to get from my subnet (even directly from my local pfSense) to the Azure VMs, the same thing happens - absolutely nothing.

Anyone have any thoughts on what I'm missing here? I'm starting to lose my mind. Azure networking is wierd.

submitted by /u/lukeskyscraper
[link] [comments]

Read more here:

Content Attribution

This content was originally published by /u/lukeskyscraper at Microsoft Azure, and is syndicated here via their RSS feed. You can read the original post over there.

%d bloggers like this: