![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(163.2, 43%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESC%3C/text%3E%3C/svg%3E)
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello Sahil Chaudhry
Your current setup will not work as expected because of how Azure Private Endpoints and VNet peering behave.
A Private Endpoint creates a private IP in the target VNet (VNET-D) and is only reachable through that VNet or directly peered VNets.
Transitive peering is not supported in Azure. So VNET-A → VNET-B → VNET-C → VNET-D does not allow traffic to flow across all hops.
Even though you have UDRs pointing traffic to the firewall, the Private Endpoint traffic cannot traverse multiple peered VNets because Azure does not allow transitive routing between peered VNets.
To make this work, you have one main option:
Direct Peering:
- Peer VNET-A directly with VNET-D.
- Ensure DNS resolution for the Private Endpoint works (use Azure Private DNS Zones linked to VNET-A and VNET-D).
- Update UDRs if needed to route traffic through the firewall (if you want inspection).
Kindly let us know if the above helps or you need further assistance on this issue.
Please click Accept Answer and upvote if the above was helpful.
Thanks.