Someone asked on Reddit about controlling access between vnets. I talked about a default route table but you can also use custom route tables for the vnets to control which vnets can talk to which other vnets enabling you to control vnet-to-vnet if required.

Even the video is 2 year old, still watching it. Thanks a lot John.

you are a wizard, you were able to explain to me Virtual WAN, when looking at the documentation I was not totally able to understand the capabilities of the product. Well done

I am networking support engineer right now. I cannot thank you enough for your great guidance to reach technical knowledge and feel motivated to reach more.

You are the best teacher ever ❤️❤️ thank you so much. Also People are lucky enough to have your lessons for free..🙏 And unlucky people who have not watched your videos yet, I wish they all should get their luck soon 😊

On a first glance I've dismissed VWAN on the grounds that I could do the same by other means. But this is big-enterprise stuff and there are so many things to explore in this topic that I would love to watch a "Azure Virtual WAN deep dive" in the near future. Who knows? :-)

Another amazing training video, great job John, I am getting ready for AZ-305 exam next week and these videos are so damn helpful, thanks a lot to spend so much to create these videos.

Great video, understood really the difference betweenn VWan and VPN Gateways

The Azure God doing it again. Thanks John!

Always very informative and simple in the explanations, thank you

Thank you John , love all your work! Thank you!

so in AWS terms, this is similar to Transit Gateway :)

Thank you , you are explaining things so well which were really hard to grasp🤟

Simply the best John !!!!

Excellent Video John. Really cleared my concept on Virtual WAN.

Hey John.... Amazing training... the best of the best trainer ever!!!

As usual a great video. Thank JohnTechSavill!!!

GREAT 😀😀😀😀

Thank you John!

brilliant explanation!

Awesomely Explained

Thank you. Great explanation!

Would you advise a VWAN for each Azure Tenant or would it better to use one VWAN to connect all business unit tenants as well as use one central firewall?

Very useful and helpful. Thanks.

Great explanation, thanks for sharing !!

Excellent 👌👌👌

Thanks John for the great explanation .In terms of S2S connectivity latency , I think there shouldn't be any difference between using it with vWAN ( hot potato routing that you mentioned ) and the traditional VNG S2S VPN , because MS is using anycast for their IPs globally , so your on-prem site will be connected to the nearest MS "POP" regardless if you are using vWAN or traditional VNG S2S connectivity. This should apply also to the SD-WAN tunnels as they will be using the same mechanism. So you can deploy the SD-WAN NVA on a VNET or on a Vhub and in terms of latency it should be the same. Please correct me if I am getting this wrong. Thanks

Awesome video

Nice update John, thank you.

Great Video John !!

what type of device would you have at the branch locations? A standard VPN device or is there a specialized SD-WAN device?

Another great video!

Great video, I do have a clarifying question, If you are using a product such as Silver Peak SD-WAN, why would we want to use vWAN to enable any-to-any communication? Wouldn't we just want vWAN to connect to our Azure resources?

Great video love your videos

these are really awesome.

Thanks for another great video John! appreciate everything you do for the community! Do you know when the User/P2S VPN for Azure virtual WAN will support forced tunneling?

Another great video again, thanks John. Quick question, are "premium" and "GlobalReach" mandates for the Express Route circuit connects to virtual WAN?

Thanks great video really usefull

Thanks John, best VWAN breakdown I've seen! If I was going to implement Azure firewall would you advise going the secure VWAN hub route as opposed to just using a hub VNET with Azure firewall?

I want to convert my normal hub and spoke to virtual wan. Vnet to Vnet communication happening via NVA Firewall right now. Suppose if I add existing hub vnet to virtual wan hub vnet and the old hub become shared spoke services as per documentation. I hope i can still use UDR at spoke to direct the traffic via old NVA ( shared service spoke) and egress/ingress internet.

Great Video!! Quick question on S2S . Can I route traffic coming from Site 1 to vent-a and site 2 to vnet-b.

Hi John, I really enjoy your videos, thank you! Question: I have vWAN in almost every region, it's great, it scales etc. Now I have a third-party vendor that needs access only to one VNET (which is a part of vWAN) via a routed VPN tunnel. I know there's a way to do custom routes, but it appears that I cannot have the vendor VPN in a custom routing table, is there a way to isolate this vnet-to-vendor-vpn connection without using NVA or secured hub?

Hi John, under what circumstances would we need more than one Virtual Wan under a single subscription - I can't think of a reason given that one Virtual WAN is able to connect multiple regions with a hub in each region? And can different Virtual WANs talk to each other?

I am confused on why the virtual wan is required ? because we can have express route plus site 2 site vpn tunnels on a single azure vnet also with virtual network gateway and the expressroute gateway , also if we need to connect the single vnet to different vnets we can make use of vnet peering between the vnets

Very good video about virtual wan! But I have a question; If you use encrypted expressroute via virtual wan, does global reach break that?

And regarding the IP addresses connected in the Virtual WAN Hub (VNET, P2S, S2S, Express Route), there can be no overlap of IPs, correct?

If I have an existing Azure VPN Gateway, can I still add and use a Virtual WAN?

thank you! just one question, if I put Firewall to the Hub, and one of locations want to reach out other location using ExpressRoute Global Reach, it will need to go over that inefficient route, right? I mean it can't use barely backbone network then, it has to reach out to Hub?

Hi John - You can have Express Route Standard, it doesnt have to be Premium according to the documentation?

Is there any way to NAT with Virtual WAN? If I connect a client site-to-site VPN I would want to NAT. If you cannot NAT, how can you get around possible network overlaps?

Why would we want to use IPSec over express route? Isn’t express route a dedicated connection?

Can we have VWAN Gateway in Tier0 ?

thank youj

Think VoIP quality is ok on VWAN?

What happens if a refund fails, or a vwan hub fails?

Azure WAN in one sentence?

This looks like a SASE solution by Microsoft