Spoke to Spoke via 2 Azure Firewalls

Azure HUB(spoke)<->HUB(spoke)

The Original (manual) setup: Connecting two HUB(spoke)<->HUB((spoke) on two different subscriptions with 2 Azure firewalls on each side:

Each Subscription belonged to its own AzureAD (Entra) and it worked as shown in the image below:

I wrote the Terraform code to perform the deployment and it does work (for the most part), https://github.com/soyroberto/terrahubspoke

except I had to do the peering manually as the service principal althought having permissions didn't perform the action in Terraform.

Documentation is not exactly long or detailed about it and almost everybody ran over the same issue. To be tested further in the future (TF Vnet peering). Move the networking code to the 'i' directory

References:

https://learn.microsoft.com/en-us/azure/firewall/firewall-multi-hub-spoke#routing-on-the-spoke-subnets
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#system-routes
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections
https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections

Spoke to Spoke via 2 Azure Firewalls

Comments

More from this blog

Vibecoding in practice - An online Dictionary en español

The Power BI Supercharge: How Fabric, OneLake, and DirectLake Change the Game

How to Create a Secure Cloud Setup for Australian Health Data Compliance

The Art and Science of AI Image Generation

From Code to Cloud: A Beginner's Guide to Data Analytics with Python & Azure Fabric

Command Palette

Comments

More from this blog