You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-wan/virtual-wan-global-transit-network-architecture.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: cherylmc
6
6
7
7
ms.service: virtual-wan
8
8
ms.topic: conceptual
9
-
ms.date: 03/02/2023
9
+
ms.date: 09/25/2023
10
10
ms.author: cherylmc
11
11
12
12
---
@@ -83,12 +83,13 @@ Branch-to-VNet is the primary path supported by Azure Virtual WAN. This path all
83
83
84
84
### ExpressRoute Global Reach and Virtual WAN
85
85
86
-
ExpressRoute is a private and resilient way to connect your on-premises networks to the Microsoft Cloud. Virtual WAN supports Express Route circuit connections.
87
-
The following ExpressRoute circuit SKUs can be connected to Virtual WAN: Local, Standard, and Premium.
86
+
ExpressRoute is a private and resilient way to connect your on-premises networks to the Microsoft Cloud. Virtual WAN supports Express Route circuit connections. The following ExpressRoute circuit SKUs can be connected to Virtual WAN: Local, Standard, and Premium.
88
87
89
-
ExpressRoute Global Reach is an add-on feature for ExpressRoute. With Global Reach, you can link ExpressRoute circuits together to make a private network between your on-premises networks. Branches that are connected to Azure Virtual WAN using ExpressRoute require the ExpressRoute Global Reach to communicate with each other. Global Reach is not required for transitivity between site-to-site VPN and ExpressRoute connected branches.
88
+
There are two options to enable ExpressRoute to ExpressRoute transit connectivity when using Azure Virtual WAN:
90
89
91
-
In this model, each branch that is connected to the virtual WAN hub using ExpressRoute can connect to VNets using the branch-to-VNet path. Branch-to-branch traffic won't transit the hub because ExpressRoute Global Reach enables a more optimal path over Azure WAN.
90
+
* You can enable ExpressRoute to ExpressRoute transit connectivity by enabling ExpressRoute Global Reach on your ExpressRoute circuits. [Global Reach](../expressroute/expressroute-global-reach.md) is an ExpressRoute add-on feature that allows you to link ExpressRoute circuits in different peering locations together to make a private network. ExpressRoute to ExpressRoute transit connectivity between circuits with the Global Reach add-on will not transit the Virtual WAN hub because Global Reach enables a more optimal path over the global backbone.
91
+
92
+
* You can use the Routing Intent feature with private traffic routing policies to enable ExpressRoute transit connectivity via a security appliance deployed in the Virtual WAN Hub. This option doesn't require Global Reach. For more information, see the [ExpressRoute section](how-to-routing-policies.md#expressroute) in routing intent documentation.
92
93
93
94
### Branch-to-branch (b) and Branch-to-Branch cross-region (f)
94
95
@@ -130,7 +131,6 @@ Orchestration of Azure Firewalls in virtual WAN hubs can be performed by Azure F
130
131
131
132
For more information on deploying and orchestrating Next-Generation Firewall Network Virtual Appliances in the Virtual WAN hub, see [Integrated Network Virtual Appliances in the Virtual Hub](about-nva-hub.md). For more information on SaaS security solutions that can be deployed in the Virtual WAN hub, see [software-as-a-service](how-to-palo-alto-cloud-ngfw.md).
132
133
133
-
134
134
:::image type="content" source="./media/virtual-wan-global-transit-network-architecture/secured-hub.png" alt-text="Diagram of secured virtual hub with Azure Firewall." lightbox="./media/virtual-wan-global-transit-network-architecture/secured-hub.png":::
135
135
136
136
**Figure 5: Secured virtual hub with Azure Firewall**
0 commit comments