Setting up an OpenVPN Access server behind the Microsoft Azure firewall is currently not recommended. Previous experiences with this setup and consequent investigation together with Microsoft technical personnel have revealed an issue in the Microsoft Azure Firewall when used in combination with OpenVPN Access Server.
The problem is caused by the distributed nature of the firewall solution. Requests are sent through different systems and reach the Access Server web interface from different sources and session data is not maintained across these different requests. This makes it impossible for a web session to be started and maintained.
Microsoft has confirmed the issue and indicated that this distributed nature is a locked configuration that cannot be altered. No further information was made available to us at this time.
When you load the Access Server web interface when placed behind the Microsoft Azure Firewall, it will often fail to load elements like pictures and library files. The web interface will look visually broken, and attempts to log on will often fail, especially when using multi-factor authentication.
There is no known way to solve this other than to remove the Microsoft Azure Firewall solution.