Hello,
I am planning to deploy secure vWAN w/Azure firewall. One of the requirements from business is that for' some' of the Vnets traffic shouldn't be filtered. Basically, the flow will be Branch --> expressRoute --> vWAN --> spoke (vnet). But for others, it would be Branch --> expressRoute --> vWAN w/ AZFW (some policy applied)--> spoke (vnet)
Is it possible to only filter for selectively spoke vnets when AZFW is deployed in the vWAN? Or is the AZFW when deployed in the secure vWAN by definition all traffic passes via vHUB and will be filtered.
I understand that an alternative would be to deploy a shared hub with the AZFW in the hub/spoke model but would rather have secure vWAN and only selectively filter traffic from some vnets and not all.
Thanks.