question

MohammedThahifBK-3336 avatar image
0 Votes"
MohammedThahifBK-3336 asked MohammedThahifBK-3336 commented

vWAN between diff subscriptions

Hello,

We are trying to implement vWAN for primary & DR region.Both the vWAN hub will sit under a different subscription.
I know for the fact , hub to hub connection by default enabled under a single vWAN. CAn this be achieved if vWANs are under different subscription?

If not, what other options we have?


Regards
Thahif

azure-virtual-networkazure-virtual-wan
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered MohammedThahifBK-3336 commented

Hello @MohammedThahifBK-3336 ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you are trying to implement vWAN for disaster recovery and would like to connect the virtual hubs in vWANs deployed in different subscriptions via hub-to-hub connectivity.

You can use Virtual WAN to connect a VNet to a virtual hub in a different subscription/tenant but connecting a Hub in VWAN A to a Hub in VWAN B via the normal VWAN hub to hub mechanism is not currently supported today.
Doc for connecting cross-tenant VNets to a Virtual Wan hub : https://docs.microsoft.com/en-us/azure/virtual-wan/cross-tenant-vnet

If you wish you may also leave your feedback in the below forum requesting this feature. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.
https://feedback.azure.com/d365community/forum/8ae9bf04-8326-ec11-b6e6-000d3a4f0789

The only workaround I can think of is to connect vHub in VWAN A to vHub B using VPN gateway of the Virtual Hubs.
Refer : https://docs.microsoft.com/en-us/azure/virtual-wan/connect-virtual-network-gateway-vwan

Kindly let us know if the above helps or you need further assistance on this issue.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MohammedThahifBK-3336 avatar image MohammedThahifBK-3336 ·

Thanks @GitaraniSharmaMSFT-4262 for the response.

"The only workaround I can think of is to connect vHub in VWAN A to vHub B using VPN gateway of the Virtual Hubs"

Can this be achieved using Site-to-SIte vpn between 2 NVAs sitting in each hub? We are planning to implement Fortigate NVAs in each hub.


Regards
Thahif

0 Votes 0 ·
GitaraniSharmaMSFT-4262 avatar image GitaraniSharmaMSFT-4262 MohammedThahifBK-3336 ·

Hello @MohammedThahifBK-3336 ,

Yes, you can achieve the site to site VPN between 2 NVAs sitting in each hub.

You can deploy select NVAs directly into the Virtual WAN hub in a solution that is jointly managed by Microsoft Azure and third-party Network Virtual Appliance vendors. All routing scenarios supported by Virtual WAN are supported with NVAs in the hub. Not all NVAs in Azure Marketplace can be deployed into the Virtual WAN hub.
For a full list of available partners, please refer : https://docs.microsoft.com/en-us/azure/virtual-wan/about-nva-hub

Fortinet Next-Generation Firewall (NGFW) is supported but looks like it is in preview.
To access the preview of Fortinet NGFW deployed in the Virtual WAN hub, reach out to azurevwan@fortinet.com with your subscription ID. For more information about the offering, please see the following Fortinet blog post.

186927-image.png

Regards,
Gita


0 Votes 0 ·
image.png (201.3 KiB)
MohammedThahifBK-3336 avatar image MohammedThahifBK-3336 GitaraniSharmaMSFT-4262 ·

@GitaraniSharmaMSFT-4262 - thanks this helps.

1 Vote 1 ·