We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Troubleshooting Azure Multi IP

  • Last updated on

Unable to create a Service

Problem Statement

The Barracuda Web Application Firewall service creation fails because Microsoft Azure was not able to allocate Private IP to instance.

Reason

Azure service principal details configured on the unit does not have adequate privileges VNET.

The details of the error is available on Azure activity logs.

{ "error":{ "code":"LinkedAuthorizationFailed", "message":"The client '94f4c94a-xxxx-xxxx-xxxx-xxxxxx3e3a5c' with object id '94f4c94a-xxxx-xxxx-xxxx-xxxxxxe3a5c' has permission to perform action 'Microsoft.Network/networkInterfaces/write' on scope '/subscriptions/XXf7137e-xxxx-xxxx-xxxx-xxxxxxe46fb8/resourceGroups/RG-WAF-PRD/providers/Microsoft.Network/networkInterfaces/WAF03P_nic00'; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the linked scope(s) '/subscriptions/78f7137e-01a0-4730-898d-98ac9be46fb8/resourceGroups/RG-VNET/providers/Microsoft.Network/virtualNetworks/VN-PRD-WE/subnets/SN-PRD-WE'." } }

In the above error, even though the service principal configured has the IP allocation permissions on NIC "WAF03P_nic00" attached to the VM, it does not have the permissions to make changes to the subnet "SN-PRD-WE" which is configured under a different resource group "RG-VNET".

Solution
  • Service Principal should have READ and WRITE permissions for the RESOURCE GROUP where WAF is deployed and the VNET it’s using. 
  • Configure new service principal on the units.
Last updated on