🟢 Intermediate
🔵 Advanced
Azure Networking
Azure Hub-Spoke
Network Topology
A complete technical guide — from IP addressing and VNet peering to Azure Firewall, UDRs, and secure Bastion access. CLI-first, lab-proven.
The Hub-Spoke topology is Azure’s go-to enterprise network architecture — and for good reason. It gives you centralized security, shared services, and clean workload isolation, all without rebuilding your network every time a new team needs a VNet. This guide walks through the full build, from scratch.
What’s Covered
Two levels — Intermediate for the foundation build, Advanced for security and routing:
🗺
IP Addressing PlanRFC 1918 design, subnet sizing, no-overlap rules
🔗
VNet PeeringBidirectional setup, gateway transit, peering states explained
🔥
Azure Firewall PremiumIDPS, TLS inspection, rule collection groups
🛣
User-Defined RoutesForce-tunnel all spoke traffic through the firewall
🔐
Azure BastionOne Hub deployment covers all spoke VMs
🌐
DNAT PublishingExpose internal services securely via firewall
Who Is This For?
This guide is for you if —
- You’re preparing for AZ-700 or AZ-305 and want hands-on depth
- You’re designing or reviewing an Azure network architecture at work
- You want real CLI commands, not just diagrams and theory
- You’ve set up VNets before but haven’t wired up centralized inspection
Everything in this guide was built and tested in a live Azure lab environment — the screenshots and CLI output are real. No filler, no fluff.