Our WVD architecture is based on a Forced Tunneling scenario. An Azure Route (UDR) 0.0.0.0/0 points to an Azure Fortigate firewall.
Internet traffic flows these hops:
WVD Host Pools
FortiGate firewall hosted on Azure
Virtual Network Gateway hosted on Azure
Site-To-Site VPN Tunnel
FortiGate Firewall hosted On-Premise
Internet
I created an additional Azure Route (UDR), to differentiate the KMS traffic and to send this triffic directly to Internet
To permit the WVD VMs to operate in absence of the On-Premise Firewall (DR scenario) I would like to create a rule to send the the traffic directed to *.wvd.microsoft.com directly to Internet.
Can I use an Azure Firewall or other Azure service to differentiate the traffic directed to *.wvd.microsoft.com and send it directly to Internet?
Thanks