Hello Caldeira Coutinho Diogo,
Regarding your questions about routing in Azure Virtual WAN:
S2S Peers Routing: If your vHub has multiple S2S connection peers, each with different routing configurations, and none of them have the 'Propagate Default Route' option enabled, the 0.0.0.0/0 route (default route) will not be automatically propagated to these S2S peers. Without the propagation of the default route, the S2S peers will not receive the route to send traffic destined for the internet.
Filtering 0.0.0.0/0 Route in vHub: The vHub employs a mechanism to filter out the 0.0.0.0/0 route. By default, the vHub's route table does not allow the propagation of the default route to the connected S2S peers. This is done to avoid accidentally sending all the traffic from the S2S peers to the internet through the vHub. The default behavior is to rely on explicit routing configurations for traffic forwarding.
Routing from SDWAN NVA to Security NVA: To enable the SDWAN branches to connect to the internet via the SDWAN NVA within the vHub and then through the Security vNet NVA, you need to configure routing accordingly. Here's a suggested approach:
a. Deploy the SDWAN NVA inside the vHub. b. Configure the SDWAN NVA with a default route (0.0.0.0/0) pointing towards the Security vNet NVA. c. In the Security vNet, configure the necessary routing to forward traffic from the SDWAN NVA to the internet.
By setting up the routing as described above, the SDWAN branches will send their internet-bound traffic to the SDWAN NVA within the vHub. The SDWAN NVA will then forward the traffic to the Security vNet NVA, which will further route it to the internet.
Please note that the specific configuration steps may vary depending on the NVA devices you are using and their capabilities. It's recommended to consult the documentation or support resources provided by the NVA vendors for detailed guidance on setting up this routing scenario.