add note about auto-learn

vhorne · vhorne · commit 3eb28ec97222 · 2024-01-30T12:36:17.000-08:00
diff --git a/articles/firewall/snat-private-range.md b/articles/firewall/snat-private-range.md
@@ -179,6 +179,9 @@ You can use the Azure portal to specify private IP address ranges for the firewa
 
 You can configure Azure Firewall to auto-learn both registered and private ranges every 30 minutes. These learned address ranges are considered to be internal to the network, so traffic to destinations in the learned ranges aren't SNATed. Auto-learn SNAT ranges requires Azure Route Server to be deployed in the same VNet as the Azure Firewall. The firewall must be associated with the Azure Route Server and configured to auto-learn SNAT ranges in the Azure Firewall Policy. You can currently use an ARM template, Azure PowerShell, or the Azure portal to configure auto-learn SNAT routes.
 
+> [!NOTE]
+> Auto-learn SNAT routes is availalable only on VNet deployments (hub virtual network). It isn't availble on VWAN deployments (secured virtual hub). For more information about Azure Firewall architecture options, see [What are the Azure Firewall Manager architecture options?](../firewall-manager/vhubs-and-vnets.md)
+
 ### Configure using an ARM template
 
 You can use the following JSON to configure auto-learn. Azure Firewall must be associated with an Azure Route Server.
