The public IP provided by Azure would not be seen on the vSRX. What you need to do is configure the vSRX interface with its corresponding private IP, and then when you try to send traffic via this interface out to the internet, the Azure performs translation of the private IP to the public IP assigned to this interface on the Azure portal.
Hi Pranita. Thank you for the response. The issues seems to be that i can't see an interface on the vSRX that matches up to the interface ive added via azure. If i look for ports on the GUI i can see ge 0/0/0 and ge 0/0/1
How many interfaces have you configured on the Portal for this vSRX? I am assuming 3 (including the one that is default). Could you share a screenshot fo the Portal, Networking page?
I am interested in how you are confirming that the interface from the Portal isn't seen on the vSRX. Did you try comparing the MAC address?
Here is how you can do that:
1. Check the MAC address of the interface by browsing to the properties of the interace on the Portal:
Dashboard > vSRX VM - Networking > Interface > Properties
2. Compare this value to the MAC address of all three interfaces using the command :
show interfaces <interface_name> extensive
If this confirms that the interface does not exist, then I request you to try rebooting the vSRX, or deleting the interface from the portal and reattaching the same.
However, if you see the MAC on the vSRX, then you simply need to configure that interface with the private IP on the Portal and you are good to go. Also note, that it is recommended to have the revenue interfaces ge-0/0/0, ge-0/0/1 etc to be in a separate routing instance than that of the fxp0 interface.
I just checked and it seems out ge-0/0/0 and ge-0/0/1 interfaces do indeed match up to the 2 additional NICs i'd added in Azure.
So in order for us to get the external access sorted, i simply set the vSRX NIC to have the private IP of the azure NIC which has the public IP associated? Items then hitting the public IP will then get translated to the private IP of the vSRX?
Let us say that ge-0/0/0 has the public IP configured on the Azure and its private IP is 172.24.2.4/24. Then you need configuration similar to below:
set interfaces ge-0/0/0 unit 0 family inet address 172.24.2.4/24
set security zones security-zone untrust host-inbound-traffic system-services ssh set security zones security-zone untrust host-inbound-traffic system-services ping set security zones security-zone untrust host-inbound-traffic protocols all set security zones security-zone untrust interfaces ge-0/0/0.0
set routing-instances custom instance-type virtual-router set routing-instances custom routing-options static route 0.0.0.0/0 next-hop 172.24.2.1 set routing-instances custom interface ge-0/0/0.0
Azure reserves the first host address of any subnet. So if the subnet is 172.24.2.0/24, the gateway for vSRX will be 172.24.2.1.