On prem WG VPN tunnel to Azure NVA WG for On-Prem network extension?

We are working on extending our on-premises network to Azure and we seem to be having issues with the network and routing. I am used to creating a normal Azure S2S VPN and utilizing Azure for most of the routing. In this case our Network engineers have setup a BOVPN from the on-prem WG FW to a Firebox NVA in our main VNET/subnet and a connection to each Azure subnet within needs a new NVA nic deployed and connected to their respective subnets. I understand the goal here is to have everything pass through the firewall, but this has been a nightmare for me building Azure solutions. Is there anyone who understands how to do this properly, or has a similar infrastructure and can point me in the right direction? Thanks Everyone


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @AzureEngineWM

    In general, this involves.
    -adding the nic in Azure. You may need to reboot the firewall to have the NIC show up in the firewall (as it will need to re-read the json file it gets that info from.)
    -Setting the new interface up on the firebox cloud.
    -Make sure IP forwarding is enabled on the NIC in Azure's settings.

    If you're running into any issues, I'd suggest opening a support case using the support center link on the top right of this page -- our support team can look into your specific issue and assist.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.