The first step in routing traffic to the firewall is to create a route table.

To record the private and public IP address of app-vnet-firewall, enter and select Firewall in the search bar in the Azure portal.

Select app-vnet-firewall.

Select Overview.

Record the Private IP address.

In the Overview pane select on fwpip

Record the Public IP address.

Next, In the search bar, enter and select Route table. Click + Create.

On the Basics tab, enter the required information as listed in the table below:

Property Value
Subscription -- Select your subscription
Resource group -- RG1
Region -- East US
Name -- app-vnet-firewall-rt

Select Review + create and then select Create.

Now, to associate the route table to the subnets, enter and select Route tables in the search bar.

Select app-vnet-firewall-rt.

Select Subnets.

Select + Associate.

On the Associate subnet page, enter the required information as listed in the table below:

Property Value
Virtual network -- app-vnet (RG1)
Subnet-- frontend

Select OK.

Repeat the steps above to associate the app-vnet-firewall-rt route table to the backend subnet in app-vnet.

Lastly, to create a route in the route table enter and select Route tables in the search bar.

Select app-vnet-firewall-rt.

Select Routes.

Select + Add.

On the Add route page, enter the required information as listed in the table below:

Property Value
Route name -- outbound-firewall
Destination type -- IP addresses
Destination IP addresses/CIDR range -- 0.0.0.0/0
Next hop type -- Virtual appliance
Next hop address -- private IP address of the firewall recorded earlier

Select Add.

Now the outbound traffic from the front end and backend subnet will route to the firewall.