Azure multi-tier network infrastructure with DDoS Protection, Front Door, Azure Firewall, and Application Gateway + WAF securing inbound traffic across Core, Distribution, and Access layers. Traffic flows from Internet through Front Door and Azure Firewall to Application Gateway, then to Web, App, and Database subnets, each protected by dedicated NSGs and organized within vnet-prod (10.0.0.0/8). Management layer integrates Azure Monitor, Log Analytics, Key Vault, Azure AD, and Sentinel for centralized observability and security governance. This architecture demonstrates defense-in-depth with multiple security boundaries, high availability via Traffic Manager and load balancing, and compliance-ready monitoring for enterprise workloads. Fork and customize this diagram on Diagrams.so to match your subscription topology, add ExpressRoute failover paths, or adjust subnet CIDR ranges. Consider adding Azure Policy assignments and private endpoint configurations for enhanced network isolation.