topic Cannot route any traffic to my internal VNETs unless the incoming traffic is source NATed to the internal inerfaces in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/cannot-route-any-traffic-to-my-internal-vnets-unless-the/m-p/428099#M1305 <P>Hello everyone,&nbsp;</P><P>&nbsp;</P><P>I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer.&nbsp; I am having an issue with NAT where traffic from the outside will not route to my internal VNETs unless it is first Source NATed to the internal interfaces of the firewalls. The source IP needs to be retained for security reasons on the proxy and with it only logging the internal interfaces of the firewalls I cannot implement proper policy. When I set the source NAT to "none" I can see the sessions on the firewall and they show that the traffic is doing exactly what it should but nothing ever reaches the proxy. We have even gone as far as to move the proxy to the same subnet as the internal interfaces of the firewall. I am not sure if I am running up against some asymetrical routing or something else.</P><P>&nbsp;</P><P>Any help with this would be greatly appreciated. Thanks in advance.&nbsp;&nbsp;</P> Fri, 20 Aug 2021 14:27:34 GMT shane.cole 2021-08-20T14:27:34Z Cannot route any traffic to my internal VNETs unless the incoming traffic is source NATed to the internal inerfaces https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/cannot-route-any-traffic-to-my-internal-vnets-unless-the/m-p/428099#M1305 <P>Hello everyone,&nbsp;</P><P>&nbsp;</P><P>I am new to the Palo Azure environment. I have everything set up with 4 Palo VM instances between an external and internal load balancer.&nbsp; I am having an issue with NAT where traffic from the outside will not route to my internal VNETs unless it is first Source NATed to the internal interfaces of the firewalls. The source IP needs to be retained for security reasons on the proxy and with it only logging the internal interfaces of the firewalls I cannot implement proper policy. When I set the source NAT to "none" I can see the sessions on the firewall and they show that the traffic is doing exactly what it should but nothing ever reaches the proxy. We have even gone as far as to move the proxy to the same subnet as the internal interfaces of the firewall. I am not sure if I am running up against some asymetrical routing or something else.</P><P>&nbsp;</P><P>Any help with this would be greatly appreciated. Thanks in advance.&nbsp;&nbsp;</P> Fri, 20 Aug 2021 14:27:34 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/cannot-route-any-traffic-to-my-internal-vnets-unless-the/m-p/428099#M1305 shane.cole 2021-08-20T14:27:34Z