The following key points should be considered for a better understanding of user-defined routing:
- If the next hop type you have specified is a Virtual appliance, you must enable IP forwarding for the VM of the virtual appliance.
- User-defined routing can be used for forced tunneling in Site-to-Site VPN scenarios. For example, if you want all the internet traffic of Azure VMs to get redirected back to your on-premises for auditing and inspection.
- NSG is a very basic firewall that does not provide filtering, inspection, and so on, therefore you can use user-defined routing with a virtual appliance that will provide the new era security requirements when it comes to this part.
- You can find many network virtual appliances from many brands, such as Cisco, Fortinet, Citrix, Paloalto, F5, and so on, in the Azure Marketplace.