Fortinet Document Library

Version:


Table of Contents

Azure Cookbook

Resources

Upgrade Path Tool

Azure Cookbook

6.4.0
Download PDF
Copy Link

vWAN architecture diagram

The Azure vWAN architecture consists of the following important resources:

Resource

Description

vWAN

Virtual overlay of the Azure network. It contains resources that include all links to the vWAN hub.

Virtual hub

Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity from your on-premise network (vpnsite). An Azure region can only have one hub. Creating a vWAN hub from the portal creates a virtual hub virtual network (VNet) and a virtual hub VPN gateway.

A hub gateway is not the same as a virtual network gateway that is used for ExpressRoute and VPN gateway. For example, when using vWAN, you do not create a site-to-site connection from the on-premise site directly to the virtual network. Instead, you create a site-to-site connection to the hub so that the traffic always passes through the hub gateway. Your VNets do not need their own virtual network gateway. With vWAN, your VNets can take advantage of scaling easily through the virtual hub and virtual hub gateway.

Hub VNet connection

Used to connect the hub seamlessly to the VNet. You can only connect virtual networks within the same hub region to the vWAN hub.

Site

Used only for site-to-site connection. The site resource is vpnsite. It represents your on-premise VPN device and its settings.

The following Azure vWAN architecture diagram represents remote sites Tempe and Folsom, which connect to the vWAN hub. The hub network is connected to two VNets: B and C. Connecting to the vWAN hub enables the Tempe and Folsom sites to access both VNets in Azure and to connect with each other through the vWAN hub.

Redundant VPN tunnels from each branch to the vWAN hub enhance connectivity. Border Gateway Protocol (BGP) handles routing.

Resources

vWAN architecture diagram

The Azure vWAN architecture consists of the following important resources:

Resource

Description

vWAN

Virtual overlay of the Azure network. It contains resources that include all links to the vWAN hub.

Virtual hub

Microsoft-managed virtual network. The hub contains various service endpoints to enable connectivity from your on-premise network (vpnsite). An Azure region can only have one hub. Creating a vWAN hub from the portal creates a virtual hub virtual network (VNet) and a virtual hub VPN gateway.

A hub gateway is not the same as a virtual network gateway that is used for ExpressRoute and VPN gateway. For example, when using vWAN, you do not create a site-to-site connection from the on-premise site directly to the virtual network. Instead, you create a site-to-site connection to the hub so that the traffic always passes through the hub gateway. Your VNets do not need their own virtual network gateway. With vWAN, your VNets can take advantage of scaling easily through the virtual hub and virtual hub gateway.

Hub VNet connection

Used to connect the hub seamlessly to the VNet. You can only connect virtual networks within the same hub region to the vWAN hub.

Site

Used only for site-to-site connection. The site resource is vpnsite. It represents your on-premise VPN device and its settings.

The following Azure vWAN architecture diagram represents remote sites Tempe and Folsom, which connect to the vWAN hub. The hub network is connected to two VNets: B and C. Connecting to the vWAN hub enables the Tempe and Folsom sites to access both VNets in Azure and to connect with each other through the vWAN hub.

Redundant VPN tunnels from each branch to the vWAN hub enhance connectivity. Border Gateway Protocol (BGP) handles routing.