Thank you. yours words inspire us to do more and serve you with the best.

You are most welcome

Thanks, keep watching!

Thank you.. If you want to check the connectivity from spoke 1 to spoke 2 you can ping spoke 1 to spoke 2 or vice versa.

Thanks, keep watching!

Glad you liked it! 😊 Please do let us know what videos you'll like to see next?

In order for traffic to go through the firewall, even if not all subnets have associated route tables, you can configure the default route on the firewall to forward all traffic to the appropriate destination. By setting up the default route, any traffic that does not have a specific route defined will be sent to the firewall for further processing and inspection. This ensures that all network traffic passes through the firewall, regardless of the subnet's individual route table configuration. Hope this helps. Regards Team K21Academy

Hey thanks! Do let us know what would you love to watch next?

Thank you for your kind words, we appreciate your support!

Glad you liked it!

To give you a short overview In a scenario where there is a Traffic Manager and App Services as its backend pools, Azure Firewall can be used to intercept traffic for malicious content by deploying it in the same virtual network as the App Services. This will allow Azure Firewall to inspect all traffic going to and from the App Services, and block any traffic that is found to be malicious. We cover this practical implementation during our sessions. To know more? Join our FREE Class: bit.ly/4a9v9cq

Thanks @@K21Academy Does this mean, in this specific scenario a VNET is mandatory for App service setup?

Thank you, keep watching!

Indeed!

Thanks, keep watching!

Glad it was helpful!

We are using the hub as a firewall. This Firewall is common for 2 machines that are acting as 2 work machines in different machines. So if we are connecting one with public IP to other with private, then only one will be working at a time either. then there is no use of creating 2 separate work machines.

Hey! Thanks for the feedback. Do let us know what videos you'd like to see next?

Thanks, keep watching!

Thanks, keep watching!

Thank you! Cheers!

Thanks, keep watching!

Thanks, keep watching!

Thanks, keep watching!

Thanks, keep watching!

No, you do not need to configure Network Security Group (NSG) rules to allow internet access. When VM-work does not have a public IP and the traffic is passing through Azure Firewall, it means that the access to VM-work is restricted to internal network traffic only. In this setup, VM-work is not directly accessible from the internet, and its inbound traffic is controlled by the Azure Firewall. So if you setup NSG rules then also it will not show any response to it. Hope this helps! Regards Team K21Academy

internet is allowed by default on Azure Vms while creating

Thanks, keep watching.

Thanks, keep watching!

He was Deployed the HUB ( Firewall ) Subnet on a different region and all other two Spoke subnets was deployed on other two different regions. Inorder to communicate the Spoke Subnets to Firewall subnets we have to enable the Regional VNET Peering , then only Spoke Subnets on Different regions can communicate with Firewall Subnets. In Azure , Azure Firewall Deployment Under each VNETS is not a logical solution as it is bit Costly. That is the reason why he was created a Single firewall under firewall Subnet on Different region and routed all the Spoke Subnet Traffic towards to Firewall Subnet and attached the Spoke subnets on Routing tables. Which means any traffic that is originating from the Spokes subnet to any destinations will be routed to Azure Firewall and based on the Firewall rules ( Network/Application rules) the services will be allow/deny by firewall.

@@praveenkumarp1357 Azure VPN gateway is the major Trap, when you start creating your network and depending to it you need the VPN gateway as the core, and you realize later on the cost it incur that your whole mesh network is dependent to it you cannot just turn it off. that is why others are switching to SDNetworking, trashing the azure vpn gateway out of the scene. I maybe wrong about this, I would be happy someone could shed some light into this.

Yes, Azure Firewall supports IKEv2 VPN for on-premises to Azure VPN connections. However, it is important to note that the Azure Firewall VPN Gateway is still required to create the connection.

@@K21Academy Thank you

Thank you, keep watching!

Hey, thanks to you too! Do let us know what videos you'd like to watch next?

​@@K21Academy im looking for azure application gateway with multiple listners and backend pool

Thanks for the suggestion. Stay tuned!