Microsoft Virtual WAN question

Gleb Pestun 1 Reputation point
2021-09-13T00:57:29.02+00:00

Hi Experts,

I want to design the following: a Virtual WAN deployed with 2 HUBs in 2 x different regions. Both regions will have a similar topology - VNETs, Branches (via Site 2 Site VPNs) and Datacenter connectivity via Encryption enabled Express routes attached to the hubs. The concern I have is to be able to secure the traffic within the HUB (have a secured HUB) and preserve inter-region communication between the hubs. Is that possible to achieve?

Thanks

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
189 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,201 Reputation points
    2021-09-13T06:50:38+00:00

    @GlebPestun-7025 Thank you for reaching out to Microsoft Q&A.

    I understand that you want to have a Virtual Hub setup in 2 different Azure regions and preserve inter region connectivity along with securing the traffic within the Hub. Based on your need, the following topology will fit your needs:

    131400-image.png

    Here are more details on Security and Policy Control of Virtual WAN Hub which is achieved by adding a Firewall in the Hub as shown in the picture. Hope this helps.

    Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

    Remember:

    Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

    Want a reminder to come back and check responses? Here is how to subscribe to a notification.

    0 comments
  2. Gleb Pestun 1 Reputation point
    2021-09-13T07:47:08.983+00:00

    Thanks. There are few notes however that state that traffic basically cannot be secured inter HUB between regions for specific cases. I also could not find VNET to VNET between HUBs in different regions traffic flow support. Can you comment on this please?

    "
    Inter-hub processing of traffic via firewall is currently not supported. Traffic between hubs will be routed to the proper branch within the secured virtual hub, however traffic will bypass the Azure Firewall in each hub."

    "Inter-hub with firewall is currently not supported. Traffic between hubs will move directly bypassing the Azure Firewall in each hub. Traffic via a connection destined to a virtual network in the same region will be processed by the Azure Firewall in the secured hub."