Hub spoke architecture public access

C.J. Vieleers 106 Reputation points

I am hoping to get a conformation about a best practice concearning the hub spoke architecture.

We have a hub spoke architecture. It has a expressroute connection between the onprem network and Azure. The er gateway is in the hub network, so is a Azure Firewall. We have (sofar) 1 spoke network. In it is a azure private link to Synapse Analytics. Public access to Synapse is disabled, so its only available through its private ip through the hub spoke model. Now we have a SaaS service in Azure that needs to communicate with Synapse Analytics. The best way, we think, is through the Azure Firewall using its public ip and then perform a dnat action. Since the SaaS service and Azure firewall are on Azure, their public ip communication stays on the ms network. I would like to know if the above setup is indeed the best practise.


Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
590 questions
{count} votes

1 answer

Sort by: Most helpful
  1. C.J. Vieleers 106 Reputation points

    It can be any SaaS services that able to connect to a backend database service. In our specific case its Sas Viya.

    0 comments No comments