Secure vWAN with Azure firewall

konrad pelczar 1 Reputation point
2021-04-30T18:52:29.497+00:00

Hello,

I am planning to deploy secure vWAN w/Azure firewall. One of the requirements from business is that for' some' of the Vnets traffic shouldn't be filtered. Basically, the flow will be Branch --> expressRoute --> vWAN --> spoke (vnet). But for others, it would be Branch --> expressRoute --> vWAN w/ AZFW (some policy applied)--> spoke (vnet)

Is it possible to only filter for selectively spoke vnets when AZFW is deployed in the vWAN? Or is the AZFW when deployed in the secure vWAN by definition all traffic passes via vHUB and will be filtered.

I understand that an alternative would be to deploy a shared hub with the AZFW in the hub/spoke model but would rather have secure vWAN and only selectively filter traffic from some vnets and not all.

Thanks.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
662 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,427 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,281 Reputation points Microsoft Employee
    2021-05-05T12:16:17.303+00:00

    Hi Konradpelczar-6299,

    Your ask is possible. By placing the connection of spokes, Branch is appropriate association and propagation, custom routing table you can control the way how you can route the traffic between specific destination.

    Reference: https://video2.skills-academy.com/en-us/azure/virtual-wan/scenario-route-between-vnets-firewall

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.