Hi @Technical | Nth Degree , thank you for your question. I can understand your struggle and I hope we'll be able to provide with better answers.
- For a site-to-Site, a tunnel is established between your Azure VPN Gateway and your VPN appliance on-premises (onsite location), and all your clients working from your onsite location are using the same tunnel to reach to Azure. when it comes to the P2S which is also manage by the same VPN Gateway, each client connection to Azure using the P2S connection has his own tunnel.
- Azure doesn't offer such thing as Sandbox to test your future architecture, but you can build a test environment yourself and test all the requirements you are expecting to have in your production environment. However, the environment will be charged as the same as the production environment.
- As research, below are few links that will definitely help set your foot on the ground:
- Site-to-Site: https://learn.microsoft.com/en-us/azure/vpn-gateway/tutorial-site-to-site-portal
- Point-to-Site: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-about
- On-premises VPN devices compatible with Azure VPN Gateway: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
- Planning for a VPN Gateway: https://learn.microsoft.com/en-us/azure/vpn-gateway/design
Please do not hesitate to "Accept the Answer" if the information I have provided here, and surely do not hesitate to ask more questions if you need to.