You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/virtual-wan-global-transit-network-architecture.md
+14-9Lines changed: 14 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,7 +69,7 @@ Azure Virtual WAN supports the following global transit connectivity paths. The
69
69
70
70
* Branch-to-VNet (a)
71
71
* Branch-to-branch (b)
72
-
* ExpressRoute Global Reach and Virtual WAN
72
+
* ExpressRoute Global Reach and Virtual WAN
73
73
* Remote User-to-VNet (c)
74
74
* Remote User-to-branch (d)
75
75
* VNet-to-VNet (e)
@@ -137,32 +137,37 @@ For more information on deploying and orchestrating Next-Generation Firewall Net
137
137
138
138
Virtual WAN supports the following global secured transit connectivity paths. While the diagram and traffic patterns in this section describe Azure Firewall use cases, the same traffic patterns are supported with Network Virtual Appliances and SaaS security solutions deployed in the hub. The letters in parentheses map to Figure 5.
139
139
140
+
* Branch-to-VNet secure transit (c)
141
+
* Branch-to-VNet secure transit across Virtual hubs (g), supported with [Routing Intent](../virtual-wan/how-to-routing-policies.md)
140
142
* VNet-to-VNet secure transit (e)
143
+
* VNet-to-VNet secure transit across Virtual Hubs (h), supported with [Routing Intent](../virtual-wan/how-to-routing-policies.md)
144
+
* Branch-to-Branch secure transit (b), supported with [Routing Intent](../virtual-wan/how-to-routing-policies.md)
145
+
* Branch-to Branch secure transit across Virtual Hubs (f), supported with [Routing Intent](../virtual-wan/how-to-routing-policies.md)
141
146
* VNet-to-Internet or third-party Security Service (i)
142
147
* Branch-to-Internet or third-party Security Service (j)
The VNet-to-VNet secured transit enables VNets to connect to each other via the Azure Firewall in the Virtual WAN hub.
151
+
The VNet-to-VNet secured transit enables VNets to connect to each other via security appliances (Azure Firewall, select NVA and SaaS) deployed in the Virtual WAN hub.
147
152
148
153
### VNet-to-Internet or third-party Security Service (i)
149
154
150
-
The VNet-to-Internet enables VNets to connect to the internet via the Azure Firewallin the virtual WAN hub. Traffic to internet via supported third-party security services doesn't flow through the Azure Firewall. You can configure Vnet-to-Internet path via supported third-party security service using Azure Firewall Manager.
155
+
The VNet-to-Internet enables VNets to connect to the internet via the via security appliances (Azure Firewall, select NVA and SaaS) in the virtual WAN hub. Traffic to internet via supported third-party security services doesn't flow through a security appliance and is routed straight to the third-party security service. You can configure Vnet-to-Internet path via supported third-party security service using Azure Firewall Manager.
151
156
152
157
### Branch-to-Internet or third-party Security Service (j)
153
158
154
-
The Branch-to-Internet enables branches to connect to the internet via the Azure Firewall in the virtual WAN hub. Traffic to internet via supported third-party security services doesn't flow through the Azure Firewall. You can configure Branch-to-Internet path via supported third-party security service using Azure Firewall Manager.
159
+
The Branch-to-Internet enables branches to connect to the internet via the Azure Firewall in the virtual WAN hub. Traffic to internet via supported third-party security services doesn't flow through a security appliance and is routed straight to the third-party security service. You can configure Branch-to-Internet path via supported third-party security service using Azure Firewall Manager.
Branches can be connected to a secured virtual hub with Azure Firewall using ExpressRoute circuits and/or site-to-site VPN connections. You can connect the branches to the virtual WAN hub that is in the region closest to the branch.
163
+
Branches can be connected to a secured virtual hub with Azure Firewall using ExpressRoute circuits and/or site-to-site VPN connections. You can connect the branches to the virtual WAN hub that is in the region closest to the branch. Configuring [Routing Intent](../virtual-wan/how-to-routing-policies.md) on Virtual WAN hubs allows for branch-to-branch same hub or branch-to-branch inter-hub/inter-region inspection by security appliances (Azure Firewall, select NVA and SaaS) deployed in the Virtual WAN Hub.
159
164
160
165
This option lets enterprises leverage the Azure backbone to connect branches. However, even though this capability is available, you should weigh the benefits of connecting branches over Azure Virtual WAN vs. using a private WAN.
The Branch-to-VNet secured transit enables branches to communicate with virtual networks in the same region as the virtual WAN hub as well as another virtual network connected to another virtual WAN hub in another region.
170
+
The Branch-to-VNet secured transit enables branches to communicate with virtual networks in the same region as the virtual WAN hub as well as another virtual network connected to another virtual WAN hub in another region (inter-hub traffic inspection supported only with [Routing Intent](../virtual-wan/how-to-routing-policies.md)).
166
171
167
172
168
173
### How do I enable default route (0.0.0.0/0) in a Secured Virtual Hub
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments