Enterprise-grade Azure network infrastructure spanning four access tiers with DMZ, application, database, and dev layers secured by Azure Firewall, DDoS Protection, and WAF policies. Traffic flows from Internet through Azure Firewall and Application Gateway into segmented VLANs (Web Servers 10.0.2.0/24, App Servers 10.0.3.0/24, Database Servers 10.0.4.0/24, Dev Servers 10.0.5.0/24), each protected by dedicated NSGs and connected via Traffic Manager and VPN Gateway. Management layer provides centralized monitoring via Azure Monitor, Log Analytics, Sentinel, Key Vault, and Azure Bastion for secure administrative access. This architecture demonstrates defense-in-depth with network segmentation, DDoS mitigation, and comprehensive observability across a production-ready vnet-prod (10.0.0.0/8) within rg-network-prod resource group. Fork this diagram on Diagrams.so to customize subnets, add additional NSG rules, or adapt for multi-region failover scenarios.