Dec 01 2020 12:06 PM
Hello All ,
we will be building an Express route for our traffic from on -prem to Azure vnets .
We want all this traffic to be encrypted . We have a FW on-prem .
On Azure side , So we have to rely on Azure VPN GW ? or we can use another vendor device like Palo Alto FW inside Azure VNET ?
Also , if Azure VGW is the only option , how many tunnels can be terminated on it ? Any limit
Dec 13 2020 01:38 AM
Microsoft describes this exact scenario in the documentation: "VPN tunnels over Microsoft peering can be terminated either using VPN gateway, or using an appropriate Network Virtual Appliance (NVA) available through Azure Marketplace" I have successfully used a Cisco NVA for terminating end-to-end VPN between on-premises and Azure VNETs, for a client. So the answer is, yes you can use third party NVA to establish end-to-end VPN over Express Route.