📘 Case Study

Secure Azure Hybrid Cloud with SD-WAN, Centralized Firewalling & Dynamic BGP Routing

👤 Client Profile

A global enterprise with distributed operations across corporate sites, remote offices, and Azure-hosted workloads. The organization required secure, high-performance cloud connectivity with centralized inspection and dynamic routing to enforce consistent policy and ensure application availability across regions.

⚠️ Challenges

• Needed intelligent, application-aware SD-WAN overlays with dynamic path selection into Azure
• Required Azure VWAN for scalable region-to-region connectivity and simplified route control
• Mandated centralized security inspection for all flows (north-south, east-west, internet)
• Required secure segmentation for Prod, Dev, Staging, and Third-Party environments
• Needed seamless ExpressRoute + SD-WAN integration into Azure without static routing
• Sought provisioning automation and centralized management to reduce complexity

✅ Solutions Delivered

• Deployed SilverPeak (Aruba) SD-WAN virtual appliances in Azure with dynamic overlay termination into dedicated VNets
• Enabled application-aware routing with overlay labels and real-time path optimization
• Centralized policy configuration and appliance templates via SilverPeak Orchestrator
• Deployed Palo Alto VM-Series firewalls in Security VNets using multi-NIC architecture for segmented trust zones
• Enabled dynamic BGP routing on PAN NGFWs with Azure Route Server and VWAN hubs
• Integrated Azure Gateway Load Balancer (GWLB) for inline scaling and high availability
• Used Azure Virtual WAN to interconnect all workload, SD-WAN, and security VNets
• Connected Azure regions using VWAN hubs for inter-region workflows and disaster recovery
• Routed ExpressRoute traffic through PAN firewalls for full security inspection and policy enforcement
• Used Terraform to provision Azure resources including VNets, route tables, and load balancers

🚀 Results & Impact

🛰️ Enabled dynamic, application-aware SD-WAN routing with intelligent path selection across remote and cloud sites
🔁 Eliminated static routing with full BGP integration between SilverPeak, PAN NGFWs, and Azure VWAN hubs
🌍 Connected Azure regions via VWAN for resilient inter-region traffic, DR, and app failover
🛡️ Achieved centralized firewall inspection for all Azure flows (north-south, east-west, and internet)
☁️ Seamlessly integrated ExpressRoute and SD-WAN into Azure with full routing visibility and control
📦 Standardized branch provisioning and overlay configs using SilverPeak Orchestrator templates
⚙️ Accelerated Azure IaaS deployment using Terraform for repeatable provisioning workflows

🛠️ Technologies Used

• SD-WAN: SilverPeak / Aruba EdgeConnect, Overlay Labels, App-Aware Routing
• Orchestration: SilverPeak Orchestrator (Template-Based Config, Monitoring)
• Firewall & Security: Palo Alto VM-Series (Multi-NIC, BGP, GWLB, NAT)
• Cloud Networking: Azure VWAN, Azure Route Server, Azure UDRs
• Hybrid Connectivity: Azure ExpressRoute, Gateway Load Balancer (GWLB), Azure Load Balancer
• Automation: Terraform (Azure VNet, LB, Route Table Deployment)