@YogiBear Thanks for the info. Again, there is no concept of "Encryption". In case you feel that a specific source or destination is malicious, you can go for Azure Firewall or NVAs and "FILTER" the traffic Azure Firewall
- You can use Azure Firewall for Inbound as well as Outbound traffic.
- By configuring Rules in Azure Firewall, you can either allow or deny traffic.
- This works at Layer 4(TCP/UDP) as well as Layer 7(Application)
- Overview: https://learn.microsoft.com/en-us/azure/firewall/overview
- Configure Azure Firewall rules : https://learn.microsoft.com/en-us/azure/firewall/rule-processing
- How to : https://learn.microsoft.com/en-us/azure/firewall/tutorial-hybrid-portal
- This talks about how to monitor traffic between 2 Spoke VNets.
- But the same logic can be applied to 2 subnets in same VNet as well NVA + Azure Load Balancer
- To filter traffic from Internet
-
- To filter traffic from OnPrem
-
- Refer : Design LoadBalancer Hope this helps. Please let me know if you require more info Cheers, Kapil