WatchGuard Now Supported by Azure for Dynamic/Route-Based VPN

Microsoft now supports WatchGuard’s firewalls with the 11.12 firmware (fireware) for dynamic or route-based VPN.

There are two kinds of VPN gateway in Azure:

  • Static / policy-based: 1:1  connections, don’t support point-to-site VPN, or VNet-to-VNet VPN, website-to-VNet VPN, and really only good for the simplest of designs.
  • Dynamic / route-based: Multiple simultaneous connections, supports all of Azure’s VPN features, and enables complicated designs.

I always prefer route-based VPNs, because they don’t restrict what I can do in Azure. Up to recently, though, that caused a complication for me at work. My employer distributes WatchGuard’s Firebox (XTM) unified threat management firewall devices, and those devices were restricted to policy-based VPN. Good news!

  • WatchGuard released 11.12 of their software (which works on all devices) and this added policy-based (aka Dynamic) VPN support.
  • Microsoft just listed WatchGuard’s devices as being supported by Azure for route-based VPN.

You can find WatchGuard’s instructions for configuring a route-based VPN here.

FYI, the notable devices that still don’t have route-based support are:

  • Cisco ASA (!!!)
  • Barracuda NextGen Firewall X-series
  • Brocade Vyatta 5400 vRouter
  • Citrix NetScaler MPX, SDX, VPX

I guess you can get fired for buying Cisco after all!

Technorati Tags: ,,

One thought on “WatchGuard Now Supported by Azure for Dynamic/Route-Based VPN”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.