Virtual Firewall - Azure

Question

Virtual Firewall - Azure

HB 0

Hello

We have a custom virtual firewall inside of our Azure environment. We created a BGP/IPSEC tunnel to a vendor. The BGP connects fine, no issues between our virtual firewall to the vendors cisco firewall in their environment. Tunnel stays up. The issue is when we ping there is no traffic going to them, even though all rules are setup between the two. The vendor does not see the traffic coming in through their BGP interface and we see the traffic leaving our network. Upon reading various articles, it seems could Azure be blocking GRE? Can someone please explain to me why? then how to resolve?

Thank you

Anthony LAVABRE 1,665 Reputation points

2024-12-27T17:37:31.9333333+00:00

Bonjour,

Il me semble qu’Azure ne prend pas en charge le protocole GRE dans ses réseaux virtuels (VNet).

Vous pouvez vérifier es journaux de diagnostic sur votre pare-feu virtuel pour analyser le trafic sortant.

Avez vous essuyé de configurer un tunnel IPSEC simple sans encapsulation GRE ?

Vous pouvez sinon essayer d’utiliser Azure VPN Gateway pour gérer le VPN IPSEC/BGP. Azure VPN Gateway ne prend pas en charge GRE, mais fonctionne très bien pour les connexions basées sur IPSEC.

Bien à vous,
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2025-01-02T05:44:36.82+00:00
@HB ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I see Andreas Baumgarten has addressed your queries.

Refer : https://learn.microsoft.com/en-us/answers/questions/1316651/does-azure-allow-gre-tunnel-from-internet-to-termi

This feature is already requested by other customers, which is under review by Microsoft PG teams, but we don't have any ETA as of yet. You can upvote the feature in the below feedback forum:

https://feedback.azure.com/d365community/idea/874be986-8426-ec11-b6e6-000d3a4f0789

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

1 answer

Your answer

Anthony LAVABRE 1,665 Reputation points

2024-12-27T17:37:31.9333333+00:00

Bonjour,

Il me semble qu’Azure ne prend pas en charge le protocole GRE dans ses réseaux virtuels (VNet).

Vous pouvez vérifier es journaux de diagnostic sur votre pare-feu virtuel pour analyser le trafic sortant.

Avez vous essuyé de configurer un tunnel IPSEC simple sans encapsulation GRE ?

Vous pouvez sinon essayer d’utiliser Azure VPN Gateway pour gérer le VPN IPSEC/BGP. Azure VPN Gateway ne prend pas en charge GRE, mais fonctionne très bien pour les connexions basées sur IPSEC.

Bien à vous,
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
KapilAnanth-MSFT 49,536 Reputation points Microsoft Employee Moderator

2025-01-02T05:44:36.82+00:00

@HB ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I see Andreas Baumgarten has addressed your queries.

Refer : https://learn.microsoft.com/en-us/answers/questions/1316651/does-azure-allow-gre-tunnel-from-internet-to-termi

This feature is already requested by other customers, which is under review by Microsoft PG teams, but we don't have any ETA as of yet. You can upvote the feature in the below feedback forum:

https://feedback.azure.com/d365community/idea/874be986-8426-ec11-b6e6-000d3a4f0789

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

Answer 1

Andreas Baumgarten 123.4K MVP Volunteer Moderator

Hi @HB ,

In Azure networks Generic Routing Encapsulation (GRE) packets are blocked. As far as I know there is no official explanation from Microsoft about the "why GRE is blocked".

Source: What protocols can I use in virtual networks?

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards

Andreas Baumgarten

Share via

Virtual Firewall - Azure

1 answer

Your answer