Routing in an Azure Virtual Network Subnet is determined by the Subnet's Effective Routing Table. The Effective Routing Table
is a combination of built-in system routes and the routes in the User Defined Route (UDR) Table.
 Note |
You can view the Effective Routing Table under VM NIC properties.
|
You can view and edit the User Defined Routing table. When the system routes and the user defined routes are combined to form
the Effective Routing Table, the most specific route wins and ties go to the User Defined Routing table. The System Routing
Table includes a default route (0.0.0.0/0) pointing to Azure’s Virtual Network Internet Gateway. The System Routing Table
also includes specific routes to the other defined subnets with the next-hop pointing to Azure’s Virtual Network infrastructure
gateway.
To route traffic through the Firepower Threat Defense Virtual, routes must be added/updated in the User Defined Routing table
associated with each data subnet. Traffic of interest should be routed by using the Firepower Threat Defense Virtual IP address
on that subnet as the next-hop. Also, a default route for 0.0.0.0/0 can be added with a next hop of the Firepower Threat Defense
Virtual IP if needed.
Because of the existing specific routes in the System Routing Table, you must add specific routes to the User Defined Routing
table to point to the Firepower Threat Defense Virtual as the next-hop. Otherwise, a default route in the User Defined table
would lose to the more specific route in the System Routing Table and traffic would bypass the Firepower Threat Defense Virtual.