Forum Discussion
Azure Firewall query
Hi Community, Our customer has a security layer subscription which they want to route and control all other subscription traffic via. Basically, they want to remove direct VPeers between su...
For your case, would suggest:
- Use Azure Virtual WAN as the routing backbone to connect all VNets and subscriptions.
- Deploy Azure Firewall inside the Virtual Hub to inspect and control traffic centrally.
- Route internet-bound traffic through the firewall and down to your S2S VPN to the Palo Alto firewalls.
- For inbound public access, assign Azure Public IPs to specific VMs and configure DNAT rules in Azure Firewall.
This setup gives you:
- Centralized control and inspection
- Simplified routing via Virtual WAN
- Flexibility for hybrid connectivity and public access