Configure Azure Firewall in a Virtual WAN hub
A secured hub is an Azure Virtual WAN hub with Azure Firewall. This article walks you through the steps to convert a virtual WAN hub to a secured hub by installing Azure Firewall directly from the Azure Virtual WAN portal pages.
Before you begin
The steps in this article assume that you've already deployed a virtual WAN with one or more hubs.
To create a new virtual WAN and a new hub, use the steps in the following articles:
Important
Virtual WAN is a collection of hubs and services made available inside the hub. The user can deploy as many Virtual WANs as they need. In a Virtual WAN hub, there are multiple services like VPN, ExpressRoute etc. Each of these services is automatically deployed across Availability Zones (except Azure Firewall) if the region supports Availability Zones. To deploy an Azure Firewall with Availability Zones (recommended) in a Secure vWAN Hub, this article must be used.
Convert to secured hub
To view virtual hubs, go to your Virtual WAN Overview page. The Overview page for your virtual WAN shows a list of virtual hubs and secured hubs.
On the Overview page for your virtual WAN, select the hub that you want to convert to a secured hub.
On the virtual hub page, select Azure Firewall and Firewall Manager under the "Security" section on the left.
Select Next: Azure Firewall button at the bottom of screen to advance to the next page.
Select the Azure Firewall properties and status desired, then complete the wizard up to the Review + confirm tab:
Note
This procedure doesn't permit the use of Availability Zones for Azure Firewall.
After the hub has been converted to a secured hub, you can view the status for the Azure Firewall on the virtual hub Overview page. The status shows Secured.
View hub resources
From the virtual WAN Overview page, select the secured hub. On the hub page, you can view all the virtual hub resources, including Azure Firewall.
To view Azure Firewall settings from the secured hub, select on Azure Firewall and Firewall Manager under the "Security" section on the left:
Usage of Availability Zones for Azure Firewall in the Azure Virtual WAN Hub, can be checked accessing the security properties of the hub.
Configure additional settings
To configure additional Azure Firewall settings for the virtual hub, select the link to Azure Firewall Manager. For information about firewall policies, see Azure Firewall Manager.
To return to the hub Overview page, you can navigate back by clicking the path, as shown by the arrow in the following figure.
Upgrade to Azure Firewall Premium
At any time, it's possible to upgrade from Azure Firewall Standard to Premium following these instructions. This operation will require a maintenance window since some minimal downtime will be generated.
Next steps
For more information about Virtual WAN, see the FAQ.