MicrosoftHi Tom,
thank you very much for your blog post. 👍 I really appreciate it! I have some questions about the traffic management regarding the Azure Extended Zones.
If we have the AVD Session Host VMs in the Azure Extended Zone and customers need to control the outbound and/or inbound traffic precisely and need a dedicated firewall ruleset, how can this be implemented? Because you mentioned in your blog post: “You can deploy […] Azure Firewall […] to provide this access.”. But an Azure Firewall is part of the service offerings for Azure Extended Zones as the following table illustrates (https://learn.microsoft.com/en-us/azure/extended-zones/overview#service-offerings-for-azure-extended-zones). Does that mean we have to create an “AzureFirewallSubnet” in the Azure VNet of the Extended Zone (Los Angeles) and create the Azure Firewall in “westus” (Metadata) region, deploying the Azure Firewall instance into this subnet? Is this possible? What does that mean for the latency? How can we use Azure Extended Zones in combination with a restrictive traffic management to make sure only whitelisted URLs and IP addresses are accessible? Any recommendations?
Thank you.
