Route traffic through multiple Azure FWs in different Vnet

%3CLINGO-SUB%20id%3D%22lingo-sub-3288047%22%20slang%3D%22en-US%22%3ERoute%20traffic%20through%20multiple%20Azure%20FWs%20in%20different%20Vnet%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3288047%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20have%20a%20question%20about%20routing%20traffic%20through%20two%20Azure%20firewall%20in%20different%20Virtual%20networks(Vnets).%26nbsp%3B%3CSTRONG%3EAlso%2C%20both%20Firewalls%20and%20Vnets%20are%20in%20different%20regions.%3C%2FSTRONG%3E%3CBR%20%2F%3EIf%20there%20is%20a%20hub-Vnet%20with%20Az%20FW%20in%20a%20region%20f.e%20%22Westeurope%22%20and%20a%20spoke-Vnet%20with%20Az%20FW%20in%20a%20region%20f.e%20%22North%20Europe%22.%20Is%20it%20possible%20that%20you%20can%20rout%20traffic%20from%20Az-FW%20in%20Spoke%20to%20Az-FW%20in%20Hub%20then%20to%20internet%20and%20vice%20versa%20so%20that%20the%20traffic%20are%20going%20through%20both%20Az%20Firewalls%3F%3C%2FP%3E%3CP%3Eif%20yes%2C%20how%20could%20man%20configure%20the%20routing%20table%20and%20both%20Az%20FWs%20(my%20conideration%20may%20be%20through%20UDR%20or%20other%20solution!)%3F%3CBR%20%2F%3E%3CSPAN%3EA%20scenario%20would%20be%2C%20if%20i%20have%20a%20web%20app%20running%20in%20Subnet%20in%20Spoke%20and%20you%20have%20an%20App-Gateway%20in%20Hub%20and%20the%20requests%20are%20coming%20first%20to%20App-GW.%20How%20should%20man%20configure%20the%20routing%20from%20Az-FW%20in%20Spoke%20to%20Az-FW%20in%20Hub%20and%20vice%20versa%20so%20that%20the%20traffic%20is%20working%20well.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ERequest%20from%20internet%20to%20-%26gt%3B%20App-GW%20in%20Hub%26nbsp%3B%20to%20-%26gt%3B%20Az-FW%20in%20Hub%20to%20-%26gt%3B%20AzFW%20in%20Spoke%20to%20-%26gt%3B%20WebApp%20in%20App-Service%20in%20Spoke%3C%2FP%3E%3CP%3EThank%20you%2C%3C%2FP%3E%3C%2FLINGO-BODY%3E
Senior Member

Hello,

 

i have a question about routing traffic through two Azure firewall in different Virtual networks(Vnets). Also, both Firewalls and Vnets are in different regions.
If there is a hub-Vnet with Az FW in a region f.e "Westeurope" and a spoke-Vnet with Az FW in a region f.e "North Europe". Is it possible that you can rout traffic from Az-FW in Spoke to Az-FW in Hub then to internet and vice versa so that the traffic are going through both Az Firewalls?

if yes, how could man configure the routing table and both Az FWs (my conideration may be through UDR or other solution!)?
A scenario would be, if i have a web app running in Subnet in Spoke and you have an App-Gateway in Hub and the requests are coming first to App-GW. How should man configure the routing from Az-FW in Spoke to Az-FW in Hub and vice versa so that the traffic is working well.

Request from internet to -> App-GW in Hub  to -> Az-FW in Hub to -> AzFW in Spoke to -> WebApp in App-Service in Spoke

Thank you,

0 Replies