Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to deploy Meraki vMX & Azure firewall on Azure.
Please note that the community members in Microsoft Q&A are well versed with Azure products but the same may not be the case for 3rd party NVAs.
I would suggest you to leverage the 3rd party's forums or reach out to their support for any architectural assistances.
With that said,
- The architecture/design would totally depend on your requirement
- From Azure end, you can use the Azure Firewall as NVA and to filter the traffic to/from OnPREM as well Internet bound.
- Here's a list of all supported features with various SKUs:
- May I ask why you would want to use two NVAs here?
- Also, are you planning to use NVA first, and AzFW next to inspect traffic?
- Or AzFW first and NVA second.
- Also, are you planning to use NVA first, and AzFW next to inspect traffic?
- In either case, you just have to use the Route Tables with UDRs to forward traffic to the NVA/AzFW.
- If you are going to use AzFW first and your NVA second, make sure you consider forced tunneling to route All (0.0.0.0/0) traffic using the UDR
you may have a default route advertised via BGP or using User Defined Route (UDR) to force traffic to an on-premises edge firewall or other network virtual appliance (NVA) to process network traffic before it's passed to the Internet. To support this configuration, you must create Azure Firewall with Forced Tunnel configuration enabled
Also Refer : Azure Firewall and network virtual appliances
Cheers,
Kapil