Azure Firewall on VNet with VPN Gateway subnet and Peering not works

[waynemsft]

Hi,

We've tested Azure Firewall with pure cloud environment - 1 vnet, 3 subnets, and it works fine. However, when we tested Azure Firewall on hybrid cloud environment, we found odds things. We cannot ping private IP address of Azure Firewall correctly. Is there any existing issues/limitations related to such configuration? Thank you.

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: ac13cbf3-f230-7e85-d57d-cba3196a166c
• Version Independent ID: f4f0c94a-5a43-94e2-d8e5-19cf167c188a
• Content: Deploy and configure Azure Firewall using the Azure portal
• Content Source: articles/firewall/tutorial-firewall-deploy-portal.md
• Service: firewall
• GitHub Login: @vhorne
• Microsoft Alias: victorh

[TravisCragg-MSFT]

@Thanks for the feedback. We are actively investigating and will get back to you soon.

[yairt1974]

Azure Firewall public preview supports the link to the internet and spoke to spoke communication. We haven't tested hybrid links for public preview and are working to tentatively certify this scenario for GA.

[waynemsft]

Hi,

Another questions is about the AzureFirewallSubnet subnet. I saw a limitation on the subnet - it must contain at least 128 IP addresses (i.e., /25). May I know the reason/consideration for this limitation? Thank you.

[vhorne]

@waynemsft That's so that there are enough addresses available for auto-scaling to work.

[vhorne]

please-close

[TravisCragg-MSFT]

@waynemsft We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.