Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
197 questions
vNet one way Traffic route help
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 50%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Eric Schroeder
1
Reputation point
I have 3 subscriptions (One Production, 2 development). Since the development environments are managed by the developers we cannot allow traffic from those two vnets into production for security purposes. I would like to find a way to have all users (devs included) access to the main production but send one-way traffic to the dev subscription vnets without separate VPNs to each vnet GW. The goal would be so they can get into their environment but anything they do in there wont have traffic access back to Production.
I currently have three vpn profiles rolled out via Intune and AOVPN installed on everyone's machine since we have half the people working at home and 15+ offices to manage. I am thinking possibly moving it all over to Virtual WAN but I can see how to block traffic from the Dev subs after peering.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
SaiKishor-MSFT 17,216 Reputation points2021-09-29T17:28:32.43+00:00 @Eric Schroeder Thank you for reaching out to Microsoft Q&A.
II understand that you want to allow allow complete access to your Prod environment and allow only one-way traffic to your Dev environment. In general when Vnet are peered with each other, controlling access between them can be done by using Azure Network Security Groups which filter network traffic to and from Azure resources in an Azure virtual network.
I would also request you to provide a network diagram so we can further understand if you have any additional requirements. Thank you!
Sign in to comment