Virtual Geek

Tales from real IT system administrators world and non-production environment

Microsoft Azure Virtual WAN Part 1 - Create Virtual Network and subnets

Recently I had assigned a project and had to do the POC of deployment and configuration of Azure VWAN (Virtual WAN) with Secured hubs providing network connection between Virtual Machine situated in different region locations. Azure Virtual WAN is a managed networking service which brings together networking, connectivity, security, monitoring and routing features. Below is my simple diagram what I am going to configure in this article, In the first step for the connectivity I will be start creating few vNets (Virtual Network) and subnets on the Azure cloud.

Microsoft Azure Virtual WAN Part 1 - Create Virtual Network and subnets
Part 2 Create a Virtual WAN (VWAN) on Azure Portal
Microsoft Azure Virtual WAN Part 3 - Create secured virtual hub inside VWAN
Microsoft Azure Virtual WAN Part 3.1 - Create secured virtual hub inside Azure Firewall Manager
Microsoft Azure Virtual WAN Part 4 - Add Virtual Network connection | Hub vNet Peering
Microsoft Azure Virtual WAN Part 5 - Create Azure Virtual Machine (VM)
Microsoft Azure Virtual WAN Part 6 - Creating and configuring Azure Firewall Policies
Microsoft Azure Virtual WAN Part 7 - Configure security configuration | Route traffic to your secured hub | Test connectivity

Microsoft vWAN Firewall Virtual Hub secured virtual network virtual machine vm vnet azure firewall microsoft azure networking routing branch subnet nsg.png

For this deployment below are the VNETs I am going to deploy on Azure portal. For this VWAN deployment I am creating first Virtual Network in the below table and subsequently created other VNETs.

Virtual NetworkLocationAddress SpaceSubnet NameSubnet
vnet1-westusWest US10.0.0.0/16subnet1-vnet1-westus10.0.0.24
vnet2-westusWest US10.1.0.0/16subnet1-vnet2-westus10.1.0.24
vnet3-westeuropeWest Europe10.2.0.0/16subnet1-vnet3-westeurope10.2.0.24

The first step I am starting with creating a new Resource Group where all the Microsoft Azure resource services will be placed and deployed. Provide subscription, name, region location, tags for Resource Group and Review + Create it. 

Create a Resource Group basics microsoft Azure subscription region resource group services validation passed tags default directory free tier contact.png

Inside the Resource Group click on Create a new resource.

Microsoft Azure windows vwan virtual wan poc resource groups default directory create resource virtual network vnet open query delete recommendations policies security costs filter free tier contact username password.png

Azure Virtual Network (VNET) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources. such as Azure Virtual Machines (VM) to securely communicate with each other, the internet and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.

Search for Virtual Network in the search bar. Choose Virtual Network from list, It is Azure Service, create a logically isolation section network virtual switch in Microsoft Azure and securely connect it outward. 

Microsoft Azure portal create a resource virtual network azure service web app sql database function app virtual wan devops kubernetes storage account containers hub firewall.png

Virtual Network is a logically isolated section in Microsoft Azure with networking service. You can securely connect it to your on-premises datacenter or a single client machine using an IPsec connection. Virtual Networks make it easy for you to take advantage of the scalable on-demand infrastructure of Azure while providing connectivity to data and application on-premises, including systems running on Windows server, mainframes and UNIX

Use Virtual Network to:

  • Extend your datacenter
  • Build distributed applications
  • Remotely debug your applications

Click Create button. On the Basics tab of VNET provide Subscription, Resource Group under Project details. In the Instance details give Name to vnet and chosen Region location as per the above given table. Click Next: IP Addresses > button.

Microsoft Azure portal virtual network vwan virtual wan hub poc plans workspace hpc pack web app basics resource gorups subscription region instance.png

On the IP Addresses tab The virtual network's address space specified as one or more address prefixes in CIDR notation (eg, Specify IPv4 address space. (I am using as per the table above). You can create a virtual network that's dual-stack (supports IPv4 and IPv6) by adding an IPv6 address space. You can also add IPv6 support later, after creating the virtual network. 

The subnet's address range in CIDR notation (e.g It must be contained by the address space of the virtual network. Click on the default subnet and rename it as per the table.

I am not selecting NAT gateway. Use of a NAT gateway is recommended for outbound internet access from a subnet. You can deploy a NAT gateway and assign it to a subnet after you create the virtual network. Simplify connectivity to the internet using a network address translation gateway. Outbound connectivity is possible without a load balancer or public IP addresses attached to your virtual machines.

Create service endpoint policies to allow traffic to specific azure resources from your virtual network over service endpoints. You can enable one or more service endpoints for this subnet.

Click Next: Security > Button.

The Azure Bastion service is a new fully platform-managed PaaS service that you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address. 

A DDoS protection plan is a paid service that offers enhanced DDoS mitigation capabilities via adaptive tuning, attack notification, and telemetry to protect against the impacts of a DDoS attack for all protected resources within this virtual network. Basic DDoS protection is integrated into the Azure platform by default and at no additional cost.

Azure Firewall is a managed cloud-based network security service that protects your Azure Virtual Network resources.

Review + Create Virtual Network.

Microsoft Azure portal virtual network vnet ipv4 address space ip addresses subnet new nat gateway security cidr vwan virtual wan hub vwan firewall manager azfw fw services endpoint basics ddos protection bastionhost.png

After pressing on create VNET goes into deployment, you can go to the resources once it is created.

Microsoft Azure deployment microsoft.virtualnetwork virtual network vnet inbput output template vwan virtual wan redeploy hub secured firewall resource group services.png

Using the same Azure Virtual Network creation steps I have created other VNETs as per the table in different Regions.

Microsoft Azure create virtual network wizard validation passed basics ip addresses security tags review create subscription region location subnet tags ddos bastion host firewall.png

Here is the view inside Resource Groups, other created VNETs.

Microsoft Azure Portal vwan poc virtual wan resource group tags events resource visualizer deployments security policies properteis locks vnet virtual network region location delet csv open query.png

Useful Articles
Create key vault and secrets with access policies in Microsoft Azure
Working With Azure Key Vault Using Azure PowerShell and AzureCLI
Use Key Vault secret identifier url to get the secret value using Powershell
Use a Azure VM system assigned managed identity to access Azure Key Vault
Create Azure Key Vault Certificates on Azure Portal and Powershell
Export certificates from Azure Key Vault using PowerShell

Go Back


Blog Search

Page Views


Follow me on Blogarama