A few weeks ago the Azure Firewall went into public preview. Today’s post will be around taking it for a spin in a hub & spoke deployment.
First off, what will the architecture of our deployment look like?
- A central hub, where we’ll deploy the Azure Firewall. This will consist of the address space 172.16.0.0/12.
- Two spokes, each with their own address space (10.[1/2].0.0/16) where a UDR will send all traffic to the Azure Firewall (172.16.254.4).
- In each VNET, we’ll deploy a “SUBNET000” in which we’ll setup a vm to do our basic connectivity testing.
- Each spoke is connected with a bidirectional VNET peering with the spokes. Both spokes can only talk to each other over the HUB.
- The Azure firewall will be configured to allow traffic within the 10.0.0.0/8 range.