Default routes in Azure can be anything like forced tunneling and advertising 0.0.0.0/0 from on-prem, BGP based NVAs inside of Azure vWAN hubs, or a FW in the vWAN hub. Here’s how it compares across both Azure vWAN and the traditional Azure vNets.

Azure vWAN uses the concept of connections, which connects vNets to vWAN hubs and is where you configure the routes. Whereas traditional vNets make use of Route Tables where you configure the routes.

While these settings are more of less the same, the slight difference is that with with vWAN Propagate Default Route, this allows the default route of 0.0.0.0/0 only. Whereas with Propagate gateway routes in the vNet Route Table, default behavior will propagate all routes from the remote gateway, however if set to No, it can stop all routes learned by the gateway.

Azure vWAN vNet Connection

Propagate Default Route

Allows Virtual Hub to propagate a learnt default route to this connection. This flag enables default route propagation to a connection only if the default route is already learned by the Virtual WAN hub as a result of deploying a firewall in the hub or if another connected site has forced tunneling enabled. The default route does not originate in the Virtual WAN hub.

vNet Route Table

Propagate gateway routes

Select “no”, to prevent the propagation of on-premises routes to the network interfaces in associated subnets.