Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
564 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 36%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@EnterpriseArchitect Thank you for reaching out to Microsoft Q&A.
I understand that you want to setup a Hub and Spoke architecture with an Azure FW in the Hub and force all traffic through it.
In order to do that, you need to:
- Peer the Hub and Spoke vnets
- Create a UDR on the spokes to force all traffic to be sent to the Azure firewall.
- And then for the spokes to use the hub gateway to communicate with remote networks, you must:
Configure the peering connection in the hub to allow gateway transit.
Configure the peering connection in each spoke to use remote gateways.
Configure all peering connections to allow forwarded traffic.
Here are a couple of Hub and Spoke architectures for your reference-
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/hybrid-networking/hub-spoke?tabs=cli
https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/hub-spoke-network-topology
Hope this helps. Please let us know if you have further questions/concerns and we will be glad to assist further. Thank you!