Virtual networks
Here are some practices that should be followed in Azure, with regard to virtual networks:
- Use subnets for large IP address spaces
- Use Network Security Groups (NSG) to provide allow/deny rules for network traffic
However, it's best to avoid the following:
- Don't use split tunneling; instead, enable forced tunneling. An example of a split tunnel is like when you VPN to your corporate network from Starbucks, which you will then have access to all your corporate resources, but when you go to the internet it does not go through the VPN. When connected to a corporate network you want all your traffic to go through the VPN for security reason and to reduce risk, which is what happens when you enable forced tunneling.
Note
Virtual networks are the core component for making your resources secure, so plan them wisely. Implement Azure DMZ if required. While making gateway subnets, keep their scope as small as possible, to avoid IP wastage.
Note
The default system routes are usually all that...
