Routing traffic to another IP (belongs to my country)

Hi Captain56022,

Thanks for posting question in Microsoft Q&A.

I want this Azure VM to access only these three websites, which currently block any connection that does not originate from my country.

You want your Azure VM to access only three websites, but those sites block traffic coming from Azure IP addresses because they're outside your country. To get around this, your VM needs to go out to the internet using your on-premises public IP the one that the websites trust.

Steps:

• VM subnet UDR: 0.0.0.0/0 → Next hop Virtual network gateway
• Enable BGP on VPN; Fortigate advertises 0.0.0.0/0
• Azure Firewall App Rule: Allow HTTPS (443) from VM subnet to the 3 FQDNs only, Deny All below

Your VM can now reach the geo-blocked sites securely, and nothing else on the internet is accessible.

Reference:

• VPN Gateway Forced Tunneling
• Azure Firewall Hybrid

To meet your requirement, you don’t need full forced tunneling. You only need to route traffic for those three specific websites through your on-prem Fortigate (so they use your country IP), while all other websites continue to use the normal Azure outbound IP. This is done using selective routing.

1. Find the public IP address of each website using nslookup.
2. In the VM subnet route table, add one UDR per website:<website-IP>/32 → Next hop: Virtual network gateway
3. On your Fortigate firewall, allow outbound access to those IPs. This ensures those sites see your country IP.

Do not add a default route; this keeps the rest of the internet traffic going out directly from Azure as usual.

Please do not forget Accept and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.