Hub and Spoke RRS feed

  • Question

  • We have already started provisioning the environment and so far created:

    App Vnet (VNET1), App Service environment(ASE) with the WAF.

    VNET4 Has a 3rd paty firewall, Vnet2 have a Jumpbox  for accessing the webapp in ASE. Vnet3 a Linus VM for vunerability check.

    All this is about CIS compliance and that’s why the support guys must go thru a firewall VNET4 (a 3rd party one) with
    - IP / domain whitelisting
    - Anti-malware protection!!!

    So we are looking for a way for the support guys to access the prod environment resource (Web apps in the ASE) when they are on the VM which is protected by the firewall.  UDR - support guy->VNET4 (firewall) -> VNET 2 (Jumpbox VM) -> VNET 1 (webapp).
    And the client doesn’t want the traffic for its users to go thru the firewall but thru the WAF (App gateway) only.
     UDR - end user WAF -> webapp (both in VNET1)

    Now the questions is how to connect these VNETs for satisfying this UDRs?

    can we do setup Huba and spoke toplogy like Vnet4 is HUB and 
    Vnet 2 and Vnet 3 as-> Spoke vnets.

    but for connecting the web app in the VNET 1 there needs to be a connection b/w Vnet1 and Vnet 2.

     can I make VNet1 as Hub2 and peer VNet4 and VNet1? will this satisfys the UDRs?
    or is there any workaround?

    Monday, November 4, 2019 3:20 PM