I am struggling to get the active-active tunnel functional in the lab with a WatchGuard FireBox. I use the downloaded VPN site config from Azure for the parameters. When both instances are up only one seems to receive the correct routing (BGP), the other one has none. The net result of this that while on-prem connectivity to Azure works, Azure to on-prem fails. When I disable one of the virtual VPN interfaces it does work in both directions. But then I use only instance 0 or instance 1, not both. I looked at an example of the manual configuration with a different vendor (which is a Azure Virtual WAN partner) but they use only one instance it seems (Baracuda).
Is WatchGuard supported? What is the normal behavior, what can I expect? I can find very little real-life or end to end lab information/demos on this subject. Any help or pointers you can provide is much appreciated.