-Azure VPN gateways provide cross-premises connectivity between customer premises and Azure. Hub-Spoke topology is recommend network design using for workload running on Azure. The hub virtual network acts as a central point of connectivity to many spoke virtual networks. The hub can also be used as the connectivity point to your on-premises networks. The spoke virtual networks peer with the hub and can be used to isolate workloads.
-Can use Azure Firewall to control network access in a hybrid network using rules that define allowed and denied network traffic. Virtual Network using ash hub will be deployed Azure Firewall and VPN Gateway. Peering configuration between Hub VNet and multip Spoke VNet must be create with Gateway transit peering property that lets one virtual network use the VPN gateway in the peered virtual network for cross-premises or VNet-to-VNet connectivity. In hub-and-spoke network architecture, gateway transit allows spoke virtual networks to share the VPN gateway in the hub, instead of deploying VPN gateways in every spoke virtual network.
– Configure a Customize user-defined routes (UDR) on the hub gateway subnet and on spoke subnet for routing traffic between on-premise and Azure VNet go through by Azure Firewall.
1/Create On-premise VNet to represents an on-premises network:
– Add address space and subnet use for on-premise client
– Add new subnet for virtual gateway used
2/Create Hub VNet:
– Add address space and Azure Firewall Subnet
3/Create Spoke VNet Used For Production Workload:
4/Create And Configure Rules Azure Firewall:
– Create rule for connect to app using HTTP and RDP to VM
5/Create VPN Gateway On Hub VNet:
6/Create VPN Gateway For On-Premises VNet:
7/Configure Peering Between Hub And Spoke VNet:
– Click on Hub VNet > Peerings
– Click Add
8/Create The Route Table And UDR:
– A route from the hub gateway subnet to the spoke subnet through the firewall IP address
– A default route from the spoke subnet through the firewall IP address
9/Create The VPN Connections Between 2 VPN Gateways:
– Verify connection between 2 VPN Gateways
10/Deploy VM On On-Premise VNet and Spoke VNet:
-Client VM on On-Premise VNet can browsing to HTTP Web of Prod App VM on Spoke VNet by VPN connection