A secured hub is an Azure Virtual WAN hub with Azure Firewall. This article walks you through the steps to convert a virtual WAN hub to a secured hub by installing Azure Firewall directly from the Azure Virtual WAN portal pages.
Before you begin
The steps in this article assume that you've already deployed a virtual WAN with one or more hubs.
To create a new virtual WAN and a new hub, use the steps in the following articles:
Virtual WAN is a collection of hubs and services made available inside the hub. The user can deploy as many Virtual WANs as they need. In a Virtual WAN hub, there are multiple services like VPN, ExpressRoute etc. Each of these services is automatically deployed across Availability Zones (except Azure Firewall) if the region supports Availability Zones. To deploy an Azure Firewall with Availability Zones (recommended) in a Secure vWAN Hub, this article must be used.
View virtual hubs
The Overview page for your virtual WAN shows a list of virtual hubs and secured hubs. The following figure shows a virtual WAN with no secured hubs.
Convert to secured hub
On the Overview page for your virtual WAN, select the hub that you want to convert to a secured hub.
Once in the hub properties, select Azure Firewall and Firewall Manager under the "Security" section on the left:
Select Next: Azure Firewall button at the bottom of screen:
Select the Azure Firewall properties and status desired, then complete the wizard up to the Review + confirm tab:
Note
As reported at the beginning of the article, the procedure described in this article will not permit the usage of Availability Zones for Azure Firewall.
After the hub has been converted to a secured hub, Azure Firewall status will be reported as in the image below:
View hub resources
From the virtual WAN Overview page, select the secured hub. On the hub page, you can view all the virtual hub resources, including Azure Firewall.
To view Azure Firewall settings from the secured hub, select on Azure Firewall and Firewall Manager under the "Security" section on the left:
Usage of Availability Zones for Azure Firewall in the Azure Virtual WAN Hub, can be checked accessing the security properties of the hub, as shown in the screenshot below:
Configure additional settings
To configure additional Azure Firewall settings for the virtual hub, select the link to Azure Firewall Manager. For information about firewall policies, see Azure Firewall Manager.
To return to the hub Overview page, you can navigate back by clicking the path, as shown by the arrow in the following figure.
Upgrade to Azure Firewall Premium
At any time, it's possible to upgrade from Azure Firewall Standard to Premium following these instructions. This operation will require a maintenance window since some minimal downtime will be generated.
Next steps
For more information about Virtual WAN, see the FAQ.
Demonstrate the skills needed to implement security controls, maintain an organization’s security posture, and identify and remediate security vulnerabilities.