Interfaces and routing for Forcepoint FlexEdge Secure SD-WAN in the Azure cloud

Interfaces and routing in the Azure cloud work differently than in physical networks. To understand how interfaces and networking work in the Azure cloud, we recommend that you familiarize yourself with the concept of Azure User Defined Routes.

For more information, see the following Microsoft Azure documentation:

• https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
• https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-vm#constraints

When you deploy Forcepoint FlexEdge Secure SD-WAN in the Azure cloud, the solution template automatically creates a security subnet, a front end subnet, and a back end subnet. The interface and routing configuration is similar to the configuration that is shown in this example: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-dmz-nsg-fw-udr-asm

The Secure SD-WAN Engine has one interface in the security subnet. The route table created by the solution template sends all traffic for the Secure SD-WAN Engine to the interface in the security subnet. The Secure SD-WAN Engine does not need to have interfaces in the front end subnet or the back end subnet to communicate with them.