Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
713
Views
0
Helpful
2
Replies

NGFWv with Azure Gateway Loadbalancer

Go to solution
S.IIZUKA
Level 1
Level 1

‎11-21-2022 06:51 PM

Hello Experts,

I am trying to deploy NGFWv with Azure Gateway Loadbalancer.
https://blogs.cisco.com/security/scale-security-on-the-fly-in-microsoft-azure-cloud-with-cisco-secure-firewall

Azure Gateway Loadbalancer needs two VXLAN tunnels, one for external(Internet) and one for internal(VM workloads).
But in NGFWv, only one VTEP can be configured.

Does anyone have configured NGFWv with Azure Gateway Loadbalancer?
I googled for some examples or cnfiguration guide but couldn't find any information.

Kind regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎12-05-2022 10:49 AM

Hello,

This is the configuration guide for load balancer : https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/ftdv-gsg/m-ftdv-azure-gsg.html

I have not tested this in lab, but i have checked this internally - The minimum version for thie feature is 7.2. However VNI for FTD in Azure will be supported only from 7.3 and above. So basically you cannot do vxlan with gateway load balancer until ver 7.3. There have been some errors around it and it might be a good idea to wait for version 7.3.

You can still try following the above guide and also a this reference video for AWS( similar config for Azure as well ) - https://www.youtube.com/watch?v=EuXrVc2hpNk



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------


Regards
Divya Jain
 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Divya Jain
Cisco Employee
Cisco Employee

‎12-05-2022 10:49 AM

Hello,

This is the configuration guide for load balancer : https://www.cisco.com/c/en/us/td/docs/security/firepower/quick_start/consolidated_ftdv_gsg/ftdv-gsg/m-ftdv-azure-gsg.html

I have not tested this in lab, but i have checked this internally - The minimum version for thie feature is 7.2. However VNI for FTD in Azure will be supported only from 7.3 and above. So basically you cannot do vxlan with gateway load balancer until ver 7.3. There have been some errors around it and it might be a good idea to wait for version 7.3.

You can still try following the above guide and also a this reference video for AWS( similar config for Azure as well ) - https://www.youtube.com/watch?v=EuXrVc2hpNk



-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Secure Firewall (formerly known as NGFW) through our live Ask the Experts (ATXs) session. Check out Cisco Network Security ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-network-security-ask-the-experts-resources/ta-p/4416493] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------


Regards
Divya Jain
 

0 Helpful

Go to solution
S.IIZUKA
Level 1
Level 1
In response to Divya Jain

‎12-06-2022 01:52 AM

Thank you.
I check the release note of 7.3(released on Nov29!!) and found it as new feature.
Cisco Secure Firewall Threat Defense Release Notes, Version 7.3 - Features and Functionality [Cisco Secure Firewall Threat Defense] - Cisco
Paired proxy VXLAN for the threat defense virtual for the Azure Gateway Load Balancer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents