{"id":20264,"date":"2016-12-08T09:47:45","date_gmt":"2016-12-08T09:47:45","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=20264"},"modified":"2016-12-08T09:49:38","modified_gmt":"2016-12-08T09:49:38","slug":"watchguard-now-supported-by-azure-for-dynamicroute-based-vpn","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=20264","title":{"rendered":"WatchGuard Now Supported by Azure for Dynamic\/Route-Based VPN"},"content":{"rendered":"<p>Microsoft now supports WatchGuard\u2019s firewalls with the 11.12 firmware (fireware) for dynamic or route-based VPN.<\/p>\n<p>There are two kinds of VPN gateway in Azure:<\/p>\n<ul>\n<li><strong>Static \/ policy-based<\/strong>: 1:1\u00a0 connections, don\u2019t support point-to-site VPN, or VNet-to-VNet VPN, website-to-VNet VPN, and really only good for the simplest of designs.<\/li>\n<li><strong>Dynamic \/ route-based<\/strong>: Multiple simultaneous connections, supports all of Azure\u2019s VPN features, and enables complicated designs.<\/li>\n<\/ul>\n<p>I always prefer route-based VPNs, because they don\u2019t restrict what I can do in Azure. Up to recently, though, that caused a complication for me at work. My employer distributes WatchGuard\u2019s Firebox (XTM) unified threat management firewall devices, and those devices were restricted to policy-based VPN. Good news!<\/p>\n<ul>\n<li>WatchGuard released 11.12 of their software (which works on all devices) and this added policy-based (aka Dynamic) VPN support.<\/li>\n<li>Microsoft just <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-about-vpn-devices\" target=\"_blank\">listed WatchGuard\u2019s devices<\/a> as being supported by Azure for route-based VPN.<\/li>\n<\/ul>\n<p>You can find WatchGuard\u2019s instructions for configuring a route-based VPN <a href=\"http:\/\/watchguardsupport.force.com\/publicKB?type=KBArticle&amp;SFDCID=kA22A000000XZogSAG&amp;lang=en_US\" target=\"_blank\">here<\/a>.<\/p>\n<p>FYI, the notable devices that still don\u2019t have route-based support are:<\/p>\n<ul>\n<li>Cisco ASA (!!!)<\/li>\n<li>Barracuda NextGen Firewall X-series<\/li>\n<li>Brocade Vyatta 5400 vRouter<\/li>\n<li>Citrix NetScaler MPX, SDX, VPX<\/li>\n<\/ul>\n<p>I guess you can get fired for buying Cisco after all!<\/p>\n<div id=\"scid:77ECF5F8-D252-44F5-B4EB-D463C5396A79:1a96a999-aca6-48f6-b5c0-81b38316216a\" class=\"wlWriterEditableSmartContent\" style=\"float: none; margin: 0px; display: inline; padding: 0px;\">Technorati Tags: <a href=\"http:\/\/technorati.com\/tags\/Azure\" rel=\"tag\">Azure<\/a>,<a href=\"http:\/\/technorati.com\/tags\/Networking\" rel=\"tag\">Networking<\/a>,<a href=\"http:\/\/technorati.com\/tags\/Security\" rel=\"tag\">Security<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft now supports WatchGuard\u2019s firewalls with the 11.12 firmware (fireware) for dynamic or route-based VPN. There are two kinds of VPN gateway in Azure: Static \/ policy-based: 1:1\u00a0 connections, don\u2019t support point-to-site VPN, or VNet-to-VNet VPN, website-to-VNet VPN, and really only good for the simplest of designs. Dynamic \/ route-based: Multiple simultaneous connections, supports all &hellip; <a href=\"https:\/\/aidanfinn.com\/?p=20264\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;WatchGuard Now Supported by Azure for Dynamic\/Route-Based VPN&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":18936,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[5],"tags":[170,80,190],"class_list":["post-20264","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-azure","tag-azure","tag-networking","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/aidanfinn.com\/wp-content\/uploads\/2015\/09\/8437956869_66d8b38f1b_z_d1.jpg","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/20264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=20264"}],"version-history":[{"count":2,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/20264\/revisions"}],"predecessor-version":[{"id":20268,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/posts\/20264\/revisions\/20268"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=\/wp\/v2\/media\/18936"}],"wp:attachment":[{"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=20264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=20264"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aidanfinn.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=20264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}