@Aayush Apologies for the delay in response and all the inconvenience caused because of the issue.
Since it was holiday season there was a delay in response from our internal team as well which took some time.
As per discussion what they mentioned is as below:
Hub-spoke model in general is for dividing workloads into separate spaces and allowing restricted access.We generally use spoke and hub arch to isolate the traffic from other vnets.
SAP deployments using the Azure virtual Ddatacenter architecture will be implemented using a hub and spoke model. The hub VNet is the central point for connectivity where an Azure Firewall or other type of network virtual appliances (NVA) is implemented to inspect and control the routing of traffic to the spoke VNet where your SAP applications reside.
Same has been mentioned in this article as well.
The Azure Virtual Network (VNet) service securely connects Azure resources to each other. In this architecture, a VNet connects to an on-premises environment through a gateway deployed in the hub of a hub-spoke topology. The spoke is the VNet used for the SAP applications and the database tiers.
General guidelines for SAP on Azure is here.
The above might be general guidelines so if you are looking for information or guideline specific to your environment our Technical Support should be able to help you out better since they might have the required tools and ways to access your environment and suggest you accordingly.I would recommend you to contact azure support. If you have a support plan, requesting you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support.
Hope it helps!!!
Please "Accept as Answer" if it helped so it can help others in community looking for help on similar topics.