You are the architect of the ACME shipping group. You are responsible for improving an existing network design from a security perspective. Currently, there are 3 VMs on a virtual network that is behind a network security group that communicates on several ports including RDP, SSH, HTTPS, and several custom ports. You need to force all traffic to go through a central point to ensure the traffic is valid and secure. Which technology would you recommend implementing?
Next Generation Firewall (NGFW) with User Defined Routing (UDR) is the best way to achieve this as the public IPs will sit on the NGFW with additional security measures. UDR will ensure that all traffic to and from the VMs will go through the NGFW. Web Application Firewall will not suffice as this does not support RDP/SSH. Azure DNS will not suffice as this is used to map a public IP address to a domain name. Adding a second Network Security Group will not suffice as there are already one in place, adding another one will not be able to validate traffic and confirm it is secure.