Hello @saurabh ,
Does the Azure Bastion service require a public IP to work?
Yes, Azure Bastion requires a public IP in order to function. You can follow this documentation to configure a Bastion Host via Portal.
Also if one has to use Bastion to connect to a Azure BM in a vnet, does at anytime the traffic will traverse the public internet ?
Yes. The traffic from portal to Azure Bastion edge will traverse over HTTPS (443, Internet). The diagram below from the Azure Bastion documentation will help you understand the traffic flow.
Hope this helps! Please let me know if you have any additional questions. Thank you!
Hello @saurabh , currently it is not possible to connect over Azure Bastion with S2S VPN configured. The team is currently working on IP connect feature which will allow such type of connections and it will be coming out soon.