Hi,

we have a hub and spoke design of our Azure environment. We force by overwriting system defined routes so that any traffic to and from VM's in spoke subscriptions is routed via the Hub located PaloAlto Firewalls. In front of them there's a Azure Load Balancer. So for now what we do, we configure per each service a Public IP on the Load Balancer. Is this according with best practice or how to handle this ?