BugZero found this defect 1664 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
11/30/2022
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
All
Fireware
12.x
12.0.x
12.1.x
12.1
12.1.1
12.1.3
12.10.x
12.2.x
12.3.x
12.4.x
All
Configured WatchGuard FireCluster devices that terminate a VPN tunnel to a third-party appliance might encounter tunnel failure after a FireCluster failover event. Tunnel failure occurs on failover if the third-party endpoint does not accept gateway rekeys, and has been reported with Azure and Zscaler appliances. The current FireCluster VPN sync between members only does so for the established Phase 2 portion of a negotiated VPN tunnel. This design makes sure that VPN tunnels between two WatchGuard endpoints continue to work upon FireCluster failover events.
For Azure VPN configuration instances, use Firebox Cloud as a termination point. Initiate Phase 1 & 2 VPN rekey from the current cluster member to restart the VPN negotiation to the third-party VPN endpoint.