Forwarding Request to Azure Firewall From F5 LTM
I have a requirement to setup a virtual server which can send the request to Azure Firewall when request comes to a particular subnet for example:
Source Subnet: 10.10.10.0/24 >> This is internal subnet so when users from this subnet comes to F5 I want them to get redirected to the Azure Firewall fofurther processing and going to the internet. As I have disabled the internet for the users in this subnet and qualys scanner is not working on their VM's so they want to look for other alternatives and client asked my to see the possibility of this setup. Please share your thoughts on this and let me know if there is any other way to achieve this.
You can absolutely do this by establishing a forwarding VS on your BIG-IP and setting the BIG-IP default gateway to the Azure FW. If you do not want the Azure FW to be the BIG-IP's default gateway, then add a route for the clients to reach the internet. Matching a forwarding VS tells the packet to consult the TMOS routing engine. If your BIG-IP default gateway is the Azure FW, your egress packets will always flow there.