Hub and Spoke Architecture without Azure Firewall

Mahavir Saroj 201 Reputation points
2024-03-21T21:00:42.86+00:00

We are planning to deploy App gateway with WAF in Hub without Azure Firewall. I'm wondering how traffic will flow from hub to spoke... For eg-: If I want to send some traffic from one spoke to another spoke how HUB will route the traffic without having a firewall and its rule.... Can someone please explain?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,425 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Andreas Baumgarten 108.7K Reputation points MVP
    2024-03-21T21:14:09.35+00:00

    Hi @Mahavir Saroj ,

    the routing from hub vnet to peered spoke vnets is done automatically by using the default routing functionality of Azure.

    But if you want to communicate from spoke vnet to another spoke vnet (no direct peering between the spoke vnets) using the hub vnet you need a "routing device" in the hub vnet. This can be for instance an Azure Firewall or an NVA (Network Virtual Appliance).

    More details you will find here: Communication through an NVA


    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards

    Andreas Baumgarten

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.