We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

How to Configure Automatic Connectivity to Azure Virtual WAN

  • Last updated on

VPN connections from a stand-alone Barracuda CloudGen Firewall to the Azure Virtual WAN hub can be provisioned automatically. The automatic configuration provides a robust and redundant connection by introducing two active-active IPsec IKEv2 VPN tunnels with the respective BGP setup and fully automated Azure Virtual WAN site creation on Microsoft Azure. The finished deployment allows for both branch-to-branch and branch-to-cloud connections.

vpn_hub.png

Before You Begin

Step 1. Configure Microsoft Azure Virtual WAN Service

  1. Log into the Azure portal: https://portal.azure.com
  2. In the left menu, click Create a resource and search for Virtual WAN.
  3. Click Virtual WAN.
     vwan2_01.png
  4. In the next blade, click Create.
  5. In the Create WAN blade, enter the Virtual WAN Name and the Resource Group.
    vwan2_02.png
  6. Click Create to finish Virtual WAN creation.

The CloudGen Firewall can now trigger the connection process to the Azure Virtual WAN.

Step 2. Trigger Virtual WAN connection

  1. Log into the CloudGen Firewall with CloudGen Admin.
  2. Go to CONTROL > Box.
  3. Click Microsoft Azure Virtual WAN and select Connect to Virtual WAN.
  4. Enter the required information to the dialog to start automatic creation of the site. The site will be created and is then available in the Azure Virtual WAN Settings.
    connect_fw.png
  5. Click Connect to start the automatic site configuration process on Microsoft Azure.

A VPN site entry is automatically created and the firewall starts to check for an available configuration every 30 seconds. To view the connection log, click Check Connection Status. Repeat as needed to update the status log messages.

Step 3. Associate Site to the Hub

The Virtual WAN VPN site must be associated to the geographically nearest Virtual WAN hub by the admin.

  1. Log into the Azure portal: https://portal.azure.com
  2. In your Azure Resource group, open your Azure Virtual WAN.
  3. In the left menu of the Virtual WAN blade, click VPN Sites.
  4. Select the check box of the Virtual WAN VPN site created by the firewall in Step 2 and click New hub association. The Associate site with one or more hubs blade opens.
    vwan2_03.png
  5. Select the Hub from the list.
  6. Select the check box for the hub and click Add an association.
    vwan2_04.png

Wait for the new hub association to complete. The firewall automatically picks up the new configuration and connects to the Virtual WAN.

Step 4. Verify Connectivity and Routing

For redundancy reasons, the CloudGen Firewall automatically creates two IPSec-IKEv2 VPN tunnels and the required BGP routes to the Microsoft Azure Virtual Hub. Both tunnels are in active-active mode. In case one tunnel fails, the routing is changed to automatically use the other tunnel.

  1. Log into the CloudGen Firewall.
  2. Go to VPN > Site-to-Site.
  3. Verify if two IPSec-IKEv2 tunnels are up and running.
    conn_routing.png
  4. Go to CONTROL > Network and open the BGP tab.
  5. Verify that, along with the VPN tunnels, all associated BGP autonomous systems and neighbors are present.
    conn_routing01.png

Step 5. Configure the Forwarding Firewall Rule Set

To manage and restrict network traffic from and to the Azure Virtual Hub, the forwarding firewall rule set needs to be adapted to allow traffic as required.

For more information, see How to Create a Pass Access Rule.

Next Steps

Attach an Azure Virtual Network to the Virtual WAN hub to use the VPN connection for branch-to-cloud connectivity.

Last updated on