We are trying to create a new Barracuda NGF and WAF Integration into our Microsoft Azure infrastructure.
1. Full MS-Azure infrastructure, exists out of only one MS-Azure Virtual Network and three two separate MS-Azure subnets.
2. We placed the Barracuda NGF device in (MS-Azure-Subnet-1) and the Barracuda WAF in (MS-Azure-Subnet-2).
3. Azure VN-subnet 3 hold a dedicates MS-IIS (test) HTTP/HTTPS Web-server.
4. Followed all steps documented in: https://campus.barra...ll-integration/
5. Created a dedicate MS-Azure Routing Table:
Default-gateway: (redirect all network traffic (0.0.0.0/0 > virtual-device > IP address Barracuda NGF VM) and linked to the Barracuda WAF (back-end) device
After testing, All HTTP/HTTPS traffic coming into the Barracuda NGF (front-end) device does not automatically get forward to the Barracuda WAF (back-end) device. Only after changing in the Barracuda NGF the forwarding rule-set - Connection Method from: "Original Source IP" to "Dynamic SNAT" all incoming HTTP/HTTPS traffic successfully gets forward to the Barracuda WAF (back-end) device.
However, now in the Barracuda WAF access logs, we only see as original source IP, the IP address of the Barracuda NGF (front-end) device.
Does anyone had the same infrastructure setup issues?
In addition, above Barracuda imp. documentation states only to use for NGF Connection Method: the "Original Source IP" and not the "Dynamic SNAT" setting, is this setting correct?
Second: does anybody knows how to change as requested in the same document the "default gateway IP address" of the Barracuda WAF device, this option is in MS-Azure WAF (VM) by default grayed out?
Alternatively, can this simply be solved by issuing a dedicated MS-Azure Routing table for the Barracuda WAF device that automatically forwards all network traffic (0.0.0/0) to the Barracuda NGF (front-end) device?