BOVPN Virtual interface rules & odd behaviour
Just setting up a BOVPN to Azure and noticed something odd. It creates its standard any / any rule, which works fine, but if you add a deny rule above it, it is just ignored. Do virtual interfaces only work with BOVPN policy generated rules? This would be very limiting as we want don't want everything coming through the tunnel to fall into the same rules.
Also, (something i've raised with TAC, but maybe someone has seen this). We are seeing inbound ports 135 & 445 being dropped. Its not logged anywhere and it works outbound.
Can also see the traffic hitting the tunnel at the other end.. then it just vanishes.
WatchGuard M4600 (x2 Cluster)
WatchGuard M640 (x2 Cluster)
Firmware : 12.8