Hi,
UPDATE 2024-03-18: Below are the configuration settings I used to successfully connect Firebox to Azure VPN Gateway S2S with IPsec / IKE policy set to Default. Copying here for better visibility.
BOVPN Virtual Interface: BovpnVif.1
Remote Endpoint Type: Cloud VPN or Third-Party Gateway
Restrict tunnel MTU:
VPN Routes
Route 1
Route To: 10.20.1.0/24
Metric: 1
Dynamic Routing
Configured: No
Local IP Address:
Remote IP Address:
Phase 2 Settings
Perfect Forward Secrecy: Disabled
IPSec Proposals
Proposal 1
Name: ESP-AES256-GCM
Type: ESP
Authentication: None
Encryption:
Key Expiration: 8 hours
Multicast Settings
Multicast over tunnel: Disabled
Origination IP:
Group IP:
Send multicast traffic on:
Receive multicast traffic on:
BOVPN Gateway Settings
IKE Version: IKEv2
Credential Method: Pre-shared Key
Endpoints
Endpoint 1
Local Interface: External
Local ID: <FireboxIP> (IP Address)
Remote IP Address: <AzureVPNIP>
Remote ID: <FireboxIP> (IP Address)
Phase 1 Settings
NAT Traversal: Enabled (20 second interval)
Dead Peer Detection: Traffic-Based (20 second timeout, 5 max retries)
Auto Start: Yes
Transforms
Transform: 1
Authentication: SHA2-256
Encryption: AES (256-bit)
SA Life: 8 hours
Key Group: Diffie-Hellman Group 2
When you created your Site to Site connection, did you leave IPsec / IKE policy set to Default, or did you select Custom?
Please reference document below for default parameters:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#ipsec
Please reference below WatchGuard KB article for help configuring:
Another thing that can be helpful is to navigate to your VPN Gateway in the portal, click Connections blade, click on your Site-to-Site connection, and then click on Download configuration button at the top. It will ask you to select manufacturer (pick one like Cisco/Juniper/Ubiquiti), device, firmware version, and then you can download text file with configuration details.
NOTE: There are no WatchGuard options, however, what you can do is open up the text file for one of the other manufacturers and you will see the various parameters. By looking at these it can help you to know what you need to enter in your WatchGuard.
Please click Accept Answer if the above was helpful.
Thanks.
-TP