Module 4 - Secure Hub

Module 4: Create and configure a Secure Hub to route traffic to the internet

This module is being updated. Some of the instructions and screenshots may not be applicable anymore. However, the concept is still valid and can be applied.


Now that the Tier-0 and Tier-1 routers are configured, it’s time to see if workloads can access the internet. The key takeaway here is to setup a Secured vWAN Hub to allow internet egress and ingress (if necessary) for the VMs on AVS.

In this section you will learn how to:

  • Create a secure VWAN hub

  • Configure Azure Firewall with a public IP

  • Configure Azure Firewall

Before we start the steps, let’s validate if the AVS VMs can access internet. In the previous section, you accessed VM1 from the vCenter portal. Verify that from VM1 that you can not

  • Access by name. On the server, type:

  • Access by IP. On the server, type:


You may also use utilities such as ping or nslookup to validate.

Module 4 Task 1

Module 4: Deploy Virtual WAN

Module 4 Task 2

Module 4: Propagate Default Route

Module 4 Task 3

Task 3: Configure Azure Firewall policies