We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Automatic Connectivity to Azure Virtual WAN

  • Last updated on

Connecting Barracuda CloudGen Firewalls to a Microsoft Azure Virtual WAN hubs can be done automatically. The automatic configuration provides robust and redundant connection by introducing two active-active IPSec IKEv2 VPN tunnels with the respective BGP setup and fully automated Azure Virtual WAN site creation on Microsoft Azure. The finished deployment allows full connectivity between branch-office sites and resources in Azure Virtual Networks via the Azure VPN Hub.


Before You Begin

Step 1. Configure Microsoft Azure Virtual WAN Service

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click All Services and click Virtual WANs located in the OTHER category.
  3. Click Add to create a new Virtual WAN and fill out the required information.
  4. Click Create to finish Virtual WAN creation.
  5. Access your Virtual WAN via the respective Azure Resource group.
  6. Branch office CloudGen Firewalls can now be automatically added through the GloudGen Firewall configuration.

Step 2. Configure and Connect the CloudGen Firewall

The Azure Virtual WAN is now ready for automatic site creation via the Barracuda CloudGen Firewall. The configuration needs to be done directly on the firewall that should be connected to the Azure Virtual Hub.

  1. Log into the Barracuda CloudGen Firewall.
  2. Go to CONTROL > Box.
  3. Click Microsoft Azure Virtual WAN and select Connect to Virtual WAN.
  4. Enter the required information to the dialog to start automatic creation of the site. The site will be created and is then available in the Azure Virtual WAN Settings.
  5. Click Connect to start the automatic site configuration process on Microsoft Azure.
  6. To verify the connection status, click Check Connection Status.

Step 3. Associate Sites to the Hub

As soon as the automatically created site is available on the Azure Virtual WAN, it needs to be associated to the respective Azure Virtual WAN hub.

  1. Log into the Azure portal: https://portal.azure.com
  2. In your Azure Resource group, open your Azure Virtual WAN.
  3. Select Sites from the SETTINGS section.
  4. The Unassociated sites tab lists all automatically created site that are not yet associated to the Azure Virtual WAN hub.
  5. Select the desired site and click Confirm to associate this site to the hub.
  6. Once the site has been added to the hub, it will be listed in the Sites associated to hubs tab.
  7. The automatic site configuration now completed and the CloudGen Firewall is connected to Azure Virtual WAN.

Step 4. Verify Connectivity and Routing

For redundancy reasons, the Barracuda CloudGen Firewall automatically created two IPSec-IKEv2 VPN tunnels and the required BGP routes to the Microsoft Azure Virtual Hub. Bothe tunnels are in active-active mode while only one tunnel is tunneling data to the Azure Virtual WAN. The firewall automatically switches between the tunnels to ensure robust connectivity to Azure.

  1. Log into the Barracuda CloudGen Firewall.
  2. Go to VPN > Site-to-Site.
  3. Verify if two IPSec-IKEv2 tunnels are up and running.
  4. Go to CONTROL > Network and open the BGP tab.
  5. Verify that, along with the VPN tunnels, all associated BGP autonomous systems and neighbors are present.

Step 5. Configure the Forwarding Firewall Rule Set

To manage and restrict network traffic from and to the Azure Virtual Hub, the forwarding firewall rule set needs to be adapted to allow traffic as required.

For more information, see: Access Rules.

Next Steps

Attach an Azure Virtual Network to the Virtual WAN hub to use the VPN connection for branch to cloud connectivity.

Last updated on