No connectivity from Firebox to devices in Azure over BO VPN

Afternoon all,
I have a Firebox M390 (running 12.9 U1) with a BOVPN connection to Azure using a BOVPN Virtual Interface - the tunnel is up and traffic is flowing between devices either side of the VPN, the only issue is that the Firebox itself cannot connect to any VMs on the Azure infrastructure. I have enabled logging on the BOVPN -Allow in and out policies and am not seeing any traffic attempting to pass - any ideas please?


  • Options

    Perhaps the traffic is heading out from the firewall external IP addr, not an internal interface IP addr.
    Have you tried adding the external interface to your BOVPN setup?

  • Options

    If you are using BOVPN Vif configuration, try to configure a free IP address from your on-prem network in the BOVPN Vif / VPN Routes / Assign virtual interface IP addresses config.

    Firebox is now using this address when it is connecting to the remote Azure network devices through the VPN tunnel.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If the firebox doesn't own a network that it is sending traffic to, it'll try to send from an external interface IP by default.

    If you expose the policy for traffic generated by the firebox in global settings, you can create a new policy above the 'any from firebox' policy, and set the source IP in the NAT options to be from the network that the tunnel is using -- which should correct that without having to build another tunnel.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.