LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Prerequisites
  • Step 1 - Creating a new cloud connection
  • Step 2 - Creating a new local network gateway
  • Step 3 - Creating a new connection

Was this helpful?

  1. Configuration guides
  2. Cloud Connector

Microsoft Azure

This guide will show you how to connect your Microsoft Azure cloud to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

PreviousGoogle CloudNextOther Public Cloud providers

Last updated 3 months ago

Was this helpful?

Prerequisites

You need a virtual network gateway in Azure. If you don't have one, .

Step 1 - Creating a new cloud connection

Click + Add new, enter the Cloud name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Cloud at any time.

Example of configuration:

  • Cloud/Branch subnet - Subnet of your Azure virtual network gateway

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Azure virtual network gateway

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048 (PFS2048)

Step 2 - Creating a new local network gateway

Set the configuration as follows:

  • Endpoint - IP address

  • IP address - IP of your GoodAccess Gateway

  • Address spaces - Subnet of your GoodAccess Gateway

The remaining settings are up to you.

Click Review + create and then Create.

Step 3 - Creating a new connection

Go to Virtual network gateways (you can use the searchbar), and select your virtual network gateway.

Go to Connections, click + Add, and set the configuration as follows:

  • Connection type - Site-to-site (IPsec)

The remaining settings are up to you.

Click Next : Settings >, and set the configuration as follows:

  • Virtual network gateway - Choose from the dropdown

  • Local network gateway - Choose from the dropdown

  • IKE Protocol - IKEv2

  • IPsec / IKE policy - Custom

  • IPsec SA lifetime in seconds - Tunnel Lifetime (Phase 2)

  • DPD timeout in seconds - Dead Peer Detection Delay

The remaining settings are up to you.

Click Review + create, and then Create.

You have now successfully connected your Azure resources to GoodAccess.

Firewall rules

Make sure you allow connections from your GoodAccess Gateway private subnet to the resources in your Virtual Network (VNet) (e.g., virtual machines, databases, etc.).

Depending on your Azure security setup, you may need to allow this communication in:

  • Network Security Groups (NSGs)

  • Azure Firewall

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Azure - Virtual network gateway > Connections

Log in to the , and go to Local network gateways (you can use the searchbar), and click + Create.

Shared key (PSK) - Shared Secret

IKE Phase 1 & 2 - Must match configuration from GoodAccess

🖥️
follow this tutorial by Microsoft
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
Azure Portal
(Step 1)
(Step 1)
Creating a new local network gateway
Setting up a new local network gateway
Creating a new connection
Creating a new site-to-site connection
Setting up a new site-to-site connection
Azure Portal with key steps to creating a new local network gateway.
Azure Portal with key steps to configuring a new local network gateway.
Azure Portal with key steps to creating a new connection.
Azure Portal with key steps to creating a new site-to-site connection.
Azure Portal with key steps to configuring a new site-to-site connection.