Azure Network Security Archives - Azure Security Architect https://azuresecurityarchitect.com/category/azure-network-security/ For all your cloud security needs Tue, 16 Apr 2024 19:52:54 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 214478653 Azure Hub Spoke Best Practices https://azuresecurityarchitect.com/azure-network-security/azure-hub-spoke-best-practices/ https://azuresecurityarchitect.com/azure-network-security/azure-hub-spoke-best-practices/#respond Tue, 16 Apr 2024 19:22:10 +0000 https://azuresecurityarchitect.com/?p=192 The HUB VNET contains the Firewall Subnet, the Gateway VPN Subnet (which has a SITE TO SITE VPN) and the workload Subnet A. The Spoke VNET contains other workloads in […]

The post Azure Hub Spoke Best Practices appeared first on Azure Security Architect.

]]> The HUB VNET contains the Firewall Subnet, the Gateway VPN Subnet (which has a SITE TO SITE VPN) and the workload Subnet A. The Spoke VNET contains other workloads in Subnet B.

Once you set it up this way (Gateway Subnet, Firewall Subnet, and Hub Subnet A), then, all traffic anyway goes through the Gateway-VPN-Subnet.

ROUTING so that ALL TRAFFIC goes through the Firewall?

  1. All you have to do is attach a ROUTE (ROUTE-FW) with the NEXT HOP as the Firewall Subnet to the Gateway Subnet.
  2. And you have another Route for Subnet B – one that also has the next hop as the Gateway Subnet  AND disables BGP routing.
  3. This will ensure that traffic from Subnet B (which is a spoke PEERED with the HUB), goes through the firewall. Also, traffic from Subnet A – also goes through the Firewall.
azure hub spoke firewall
azure hub spoke firewall

The post Azure Hub Spoke Best Practices appeared first on Azure Security Architect.

]]> https://azuresecurityarchitect.com/azure-network-security/azure-hub-spoke-best-practices/feed/ 0 192