Interfaces and routing for Forcepoint NGFW in the Azure cloud
Interfaces and routing in the Azure cloud work differently than in physical networks. To understand how interfaces and networking work in the Azure cloud, we recommend that you familiarize yourself with the concept of Azure User Defined Routes.
For more information, see the following Microsoft Azure documentation:
- https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview
- https://docs.microsoft.com/en-us/azure/virtual-network/virtual-network-network-interface-vm#constraints
When you deploy Forcepoint NGFW in the Azure cloud, the solution template automatically creates a security subnet, a front end subnet, and a back end subnet. The interface and routing configuration is similar to the configuration that is shown in this example: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-dmz-nsg-fw-udr-asm
The NGFW Engine has one interface in the security subnet. The route table created by the solution template sends all traffic for the NGFW Engine to the interface in the security subnet. The NGFW Engine does not need to have interfaces in the front end subnet or the back end subnet to communicate with them. Multiple interfaces are not supported.