Hello everyone,

I'm currently architecting secure connectivity between two separate business entities, both of which reside in Azure, one in the UK and another in a European region.

Both entities have their own Cloudguard clusters setup in the usual manner with frontend/backend subnets in what we call the "Perimeter" VNET.

Ordinarily, we would seek to use IPSEC VPN across the internet to pass traffic between any two separate entities however as these two entities have a close business relationship, we've agreed we'd prefer to pull this traffic back within our respective private network space and seek to establish VNET peering between our Perimeter VNETs.

This method would remove the need for IPSEC VPN, the obvious overheads it would bring and as mentioned, keep the traffic within private network space.

I've scoured the Cloud Architecture docs/diagrams and nothing seems to address this question.

We are essentially looking to link both sets of gateways using their internal frontend IPs, potentially using BGP in the process to exchange routes whilst still permitting each gateway to control inbound/outbound traffic ACLs (as per a normal IPSEC VPN).

Does anyone know if this type of scenario would be supported?

Huge thanks in advance!