Home > Blog > Subnetting in Azure

Subnetting in Azure: Virtual Network Guide

Azure Virtual Networks (VNets) work similarly to AWS VPCs. Let's look at how to subnet an Azure VNet properly.

Choosing Your VNet CIDR Block

Common Azure VNet CIDR blocks:

10.0.0.0/16     - Most common, classic RFC 1918
172.16.0.0/16    - If avoiding conflicts
192.168.0.0/24    - Only if very small

Recommendation: Use 10.0.0.0/16 or 172.16.0.0/16.

💡 Avoid conflicts: If you connect to on-premises, make sure your VNet doesn't overlap with your local network ranges.

Standard Azure Architecture

VNet: 10.0.0.0/16

GatewaySubnet:    10.0.0.0/27    (required for VPN/ExpressRoute)
Azure Firewall:  10.0.1.0/26
Public LB:     10.0.2.0/27
Private LB:   10.0.3.0/27
App Subnet 1:  10.0.10.0/24    (web tier)
App Subnet 2:  10.0.11.0/24    (API tier)
Data Subnet:   10.0.20.0/24    (database)
Management:   10.0.30.0/24    (bastion/admin)

Special Azure Subnets

GatewaySubnet

Always name it exactly "GatewaySubnet"
Must be /27 or larger (use /27)
Required for: VPN Gateway, ExpressRoute

AzureFirewallSubnet

Must be exactly /26 or larger
Must be named exactly "AzureFirewallSubnet"
Don't put VMs here - it's just for the firewall

Subnet Sizing Comparison

SubnetCIDRUsableWhen to Use
/296Point-to-point links
/2730Gateway, small subnets
/2662Firewall subnet
/24254Standard tier subnet

Azure vs AWS: Key Differences

FeatureAWSAzure
Default size/16/16 or /12
Min subnet/28/29
Reserved IPs55 (same)
AZ per subnet1 required1 required

Planning for Hybrid Cloud

If connecting on-premises:

On-premises: 192.168.0.0/16
Azure VNet: 10.0.0.0/16  (no overlap ✓)

Make sure there's NO overlap or VPN won't work!

👉 Plan Your Azure Subnets

← Back to Blog | Privacy Policy | Contact Us