Forced tunneling for VNet peered network

I have a VNet with on-premise S2S VPN and forced tunneling configured. This is the hub for my hub-spoke network where the spoke networks are Vnet peered to the Hub. I would like to know how I can enforce 'forced tunneling' for the peered spoke Vnets. Do I need to create a route in each subnet for 0.0.0.0/0 traffic with next hop 'Virtual network gateway'?

Solution

Do I need to create a route in each subnet for 0.0.0.0/0 traffic with next hop 'Virtual network gateway'?

Yes, you should add the route rule AddressPrefix "0.0.0.0/0" and NextHopType VirtualNetworkGateway for each of subnets. Then any outbound connections from these subnets to the Internet will be forced or redirected back to an on-premises site via the S2S VPN tunnels.

Ref: Configure forced tunneling using the Azure Resource Manager deployment model

Unattended authentication using Azure Active Directory- UserCredential not accepting username and password
The type or namespace name 'Storage' does not exist in the namespace 'Microsoft.WindowsAzure'
Azure Function App - No continuous deployment setting for "Flex Consumption" hosting plan?
Why does my Azure App service have a very slow reponse from an endpoint?
Creating multiple function apps with one Flex Consumption plan
ASP.NET Core Authorization with Microsoft Entra ID
How to get client IP address in Azure Functions C#?
unable to StartCopyFromUriAsync a blob between 2 storage accounts
MSgraph cannot find string in attachment value using Azure Automation
Visual Studio 2022 caches old tenant id, can't get rid of it
Msgraph-sdk-python get sharepoint site id from name
using multiple storage accounts locally using azurite at the same time
Adding Graph API application permission via Terraform shows corrupted IDs instead of scope names
Azure DevOps Wiki page usage analytics
How to fix worker runtime metadata for Azure .net8 isolated worker model functions?
Download attachment content using Microsoft Graph API using Java
Is it possible to assign a Power BI Pro License to an Azure Service Principal? Deploy .bim in PBI Service without Premium Workspace
How to grant permissions to my application to use Microsoft Fabric services?
Copy ARM template from REPO to BLOB task fails "unable to download content"
Azure Devops Pipeline trigger from a different repo does not work
Issue with adding delegated Graph API permission to Enterprise app with Terraform
Azure VM metadata missing / emtpy publicIpAddress
Python: List containers in the Azure Data Lake Storage
azure blob storage account - log file is not generated as per setup
SAS token mismatch on Azure DPS with Azure IoT Edge
Is there a query to run so I can get a list of users who has NOT logged in, in the past 30 days?
How can I set the MQTT keepalive in the Azure IoTHub C SDK?
AzureWebJobsStorage Managed Identity not working
Resource move is not supported for resource types 'microsoft.visualstudio/account'
Invalid configuration value detected for fs.azure.account.key with com.crealytics:spark-excel