![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 97%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,236 questions
Thanks for the info.
I am afraid this routing scenario will not be possible.
And I am not able to find any documents that describes such configurations.
If your requirement is to VNET to VNET traffic to go OnPREM firewall,
- You should not use Hub-Spoke Architecture
- Instead, have two VPN Gateways in each VNETs and connect the VNETs to the OnPrem
- Let's call the VNETs VNET1 and VNET2
- Enable BGP across VNET1 <----> OnPrem and VNET2 <----> OnPrem
- Once this is done, all the traffic from VNET1 destined to VNET2 will go via OnPrem
- Where you can filter the traffic via your OnPrem Firewall
- Similarly, all the traffic from VNET2 destined to VNET1 will go via OnPrem
- Practically, the network flow becomes,
- VNET1 <----> OnPrem <----> VNET2
- Where "<---->" indicates a S2S Connection.
Alternatively, my suggestion would be to deploy Azure Firewall or NVA in the Hub VNET in a Hub Spoke scenario
This way, all traffic between HubVNET and SpokeVNET would go via the Azure Firewall or NVA
Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Thanks,
Kapil