Azure Bastion is a fully managed service that allows you to securely connect to your virtual machines (VMs) in Azure via the Azure portal using Remote Desktop Protocol (RDP) and Secure Shell (SSH).
This eliminates the need to set up a VPN or configure a jumpbox to access your VMs, making resource management more convenient and secure.
Azure Bastian is offered in 2 different SKUs.
The IP-Based Connection feature, which allows you to connect to your on-premises, non-Azure, and Azure virtual machines using a private IP address and is supported by Secured Hub VWAN, is available in the Standard SKU.
Azure Bastion is a browser-based bastion service that is accessible via the Azure Portal via the Internet. Bastion does not support tunnelling internet traffic through Azure Firewall/Network Appliance and all it requires is direct internet connectivity back to the Azure control plane.
You might be wondering if, instead of going through steps 1 and 2, we could just mention UDR to Bastion Subnet, which would come before the route. This is when you should be aware that Bastion Subnet does not currently support UDR.
That's all. We are now ready to use Azure Bastion to test our connectivity to the VM.
Finally, we can SSH to our VM via bastion.
If there is an issue connecting to the VM, you can test your connectivity using "Connection Troubleshoot" to see if anything is missing.
Similarly, the architecture works with traditional Hub-Spoke topology, where the FW in the Hub VNET is responsible for passing traffic to the Spoke VNET.