diff --git a/.github/workflows/end-to-end-test.yml b/.github/workflows/end-to-end-test.yml
index f2815da..d80bb7a 100644
--- a/.github/workflows/end-to-end-test.yml
+++ b/.github/workflows/end-to-end-test.yml
@@ -59,7 +59,7 @@ jobs:
         uses: hashicorp/setup-terraform@v3
         with:
           terraform_version: latest
-          terraform_wrapper: true
+          terraform_wrapper: false
 
       - name: Setup Module Inputs
         run: |
@@ -77,8 +77,6 @@ jobs:
         run: |
           terraform -chdir="${{ matrix.rootModuleFolderPath }}" init
           terraform -chdir="${{ matrix.rootModuleFolderPath }}" plan -var-file="${{ matrix.configFilePath }}" -out=tfplan
-          terraform -chdir="${{ matrix.rootModuleFolderPath }}" show -json tfplan > tfplan.json
-        shell: pwsh
         env:
           ARM_TENANT_ID: ${{ vars.ARM_TENANT_ID }}
           ARM_SUBSCRIPTION_ID: ${{ vars.ARM_SUBSCRIPTION_ID }}
@@ -86,7 +84,9 @@ jobs:
           ARM_USE_OIDC: true
 
       - name: Plan Summary
+        if: always()
         run: |
+          terraform -chdir="${{ matrix.rootModuleFolderPath }}" show -json tfplan > tfplan.json
           $planJson = Get-Content -Raw tfplan.json
           $planObject = ConvertFrom-Json $planJson -Depth 100
 
diff --git a/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars b/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars
index 75ef8d8..42cbd5a 100644
--- a/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars
+++ b/templates/platform_landing_zone/examples/full-multi-region-nva/hub-and-spoke-vnet.tfvars
@@ -251,7 +251,7 @@ hub_and_spoke_vnet_virtual_networks = {
       subnets = {
         nva = {
           name           = "subnet-nva-$${starter_location_01}"
-          address_prefix = "$${primary_nva_subnet_address_prefix}"
+          address_prefixes = ["$${primary_nva_subnet_address_prefix}"]
         }
       }
     }
@@ -323,7 +323,7 @@ hub_and_spoke_vnet_virtual_networks = {
       subnets = {
         nva = {
           name           = "subnet-nva-$${starter_location_02}"
-          address_prefix = "$${secondary_nva_subnet_address_prefix}"
+          address_prefixes = ["$${secondary_nva_subnet_address_prefix}"]
         }
       }
     }
diff --git a/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars b/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars
index d31a74c..ab78db9 100644
--- a/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars
+++ b/templates/platform_landing_zone/examples/full-multi-region-nva/virtual-wan.tfvars
@@ -280,7 +280,7 @@ virtual_wan_virtual_hubs = {
       subnets = {
         nva = {
           name           = "subnet-nva-$${starter_location_01}"
-          address_prefix = "$${primary_nva_subnet_address_prefix}"
+          address_prefixes = ["$${primary_nva_subnet_address_prefix}"]
         }
       }
     }
@@ -297,15 +297,6 @@ virtual_wan_virtual_hubs = {
       location       = "$${starter_location_02}"
       address_prefix = "$${secondary_hub_address_space}"
     }
-    firewall = {
-      name     = "fw-hub-$${starter_location_02}"
-      sku_name = "AZFW_Hub"
-      sku_tier = "Standard"
-      zones    = "$${starter_location_02_availability_zones}"
-      firewall_policy = {
-        name = "fwp-hub-$${starter_location_02}"
-      }
-    }
     private_dns_zones = {
       resource_group_name            = "$${dns_resource_group_name}"
       is_primary                     = false
@@ -332,7 +323,7 @@ virtual_wan_virtual_hubs = {
       subnets = {
         nva = {
           name           = "subnet-nva-$${starter_location_02}"
-          address_prefix = "$${secondary_nva_subnet_address_prefix}"
+          address_prefixes = ["$${secondary_nva_subnet_address_prefix}"]
         }
       }
     }
diff --git a/templates/platform_landing_zone/modules/hub-and-spoke-vnet/locals.tf b/templates/platform_landing_zone/modules/hub-and-spoke-vnet/locals.tf
index 2bd7e43..9d2983f 100644
--- a/templates/platform_landing_zone/modules/hub-and-spoke-vnet/locals.tf
+++ b/templates/platform_landing_zone/modules/hub-and-spoke-vnet/locals.tf
@@ -2,7 +2,7 @@ locals {
   hub_virtual_networks = {
     for key, value in var.hub_virtual_networks : key => merge(value.hub_virtual_network, {
       ddos_protection_plan_id = local.ddos_protection_plan_enabled ? module.ddos_protection_plan[0].resource.id : try(value.hub_virtual_network.ddos_protection_plan_id, null)
-      firewall = merge(value.hub_virtual_network.firewall, {
+      firewall = try(value.hub_virtual_network.firewall, null) == null ? null : merge(value.hub_virtual_network.firewall, {
         firewall_policy = merge(value.hub_virtual_network.firewall.firewall_policy, {
           dns = merge({
             proxy_enabled = can(value.private_dns_zones.resource_group_name) && can(value.hub_virtual_network.firewall) ? true : try(value.hub_virtual_network.firewall.firewall_policy.dns.proxy_enabled, false)