WatchGuard Now Supported by Azure for Dynamic/Route-Based VPN

[Image credit: Norlando Pobre, https://www.flickr.com/photos/npobre/]

Microsoft now supports WatchGuard’s firewalls with the 11.12 firmware (fireware) for dynamic or route-based VPN.

There are two kinds of VPN gateway in Azure:

  • Static / policy-based: 1:1  connections, don’t support point-to-site VPN, or VNet-to-VNet VPN, website-to-VNet VPN, and really only good for the simplest of designs.
  • Dynamic / route-based: Multiple simultaneous connections, supports all of Azure’s VPN features, and enables complicated designs.

I always prefer route-based VPNs, because they don’t restrict what I can do in Azure. Up to recently, though, that caused a complication for me at work. My employer distributes WatchGuard’s Firebox (XTM) unified threat management firewall devices, and those devices were restricted to policy-based VPN. Good news!

  • WatchGuard released 11.12 of their software (which works on all devices) and this added policy-based (aka Dynamic) VPN support.
  • Microsoft just listed WatchGuard’s devices as being supported by Azure for route-based VPN.

You can find WatchGuard’s instructions for configuring a route-based VPN here.

FYI, the notable devices that still don’t have route-based support are:

  • Cisco ASA (!!!)
  • Barracuda NextGen Firewall X-series
  • Brocade Vyatta 5400 vRouter
  • Citrix NetScaler MPX, SDX, VPX

I guess you can get fired for buying Cisco after all!

Technorati Tags: ,,
Please follow and like us:

1 Comment on WatchGuard Now Supported by Azure for Dynamic/Route-Based VPN

  1. Jordan Widstrom // February 21, 2017 at 2:41 AM // Reply

    It looks like Cisco has added support for route-based IPSec VPNs on the latest release of ASA platform.
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa97/release/notes/asarn97.html
    http://www.cisco.com/c/en/us/td/docs/security/asa/asa97/asdm77/vpn/asdm-77-vpn-config/vpn-vti.pdf

    I plan to upgrade our ASA 5516 and try it out with a dynamic Azure VPN shortly.

Leave a comment

Your email address will not be published.

*