A company is designing a hybrid network architecture using Azure ExpressRoute. They need to ensure that all traffic between on-premises and Azure is encrypted and authenticated. Which configuration should they implement?
Trap 1: Use VPN Gateway over ExpressRoute
VPN Gateway cannot be used over ExpressRoute; it's a separate connection.
Trap 2: Use ExpressRoute Direct with BGP
ExpressRoute Direct provides dedicated bandwidth but no encryption.
Trap 3: Use Azure Firewall to inspect ExpressRoute traffic
Azure Firewall does not encrypt ExpressRoute traffic.
- A
Use VPN Gateway over ExpressRoute
Why wrong: VPN Gateway cannot be used over ExpressRoute; it's a separate connection.
- B
Use ExpressRoute Direct with BGP
Why wrong: ExpressRoute Direct provides dedicated bandwidth but no encryption.
- C
Use ExpressRoute with MACsec
MACsec enables encryption and authentication on ExpressRoute circuits.
- D
Use Azure Firewall to inspect ExpressRoute traffic
Why wrong: Azure Firewall does not encrypt ExpressRoute traffic.