https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/vm-series-on-azure-packets-received-0/m-p/537564#M1857 <P>Hi there,</P> <P>Which virtual router is Eth1/4 a member of? From your description it sounds like you have three virtual routers, default(?), Private and PrivateDMZ. Have you configured routing between them? Have you configured security policies to allow the required traffic between the VRs?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Tue, 04 Apr 2023 09:58:11 GMT seb_rupik 2023-04-04T09:58:11Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/vm-series-on-azure-packets-received-0/m-p/537328#M1856 <P>Hello</P> <P>&nbsp;</P> <P>I would like to have your support. I deployed the following architecture in Azure. We have only 1 VM-Series at the moment. Based on the PA document for Azure, I created a Private subnet in vNet Hub zone (similar as the transit zone in the PA documentation). I created DSI and Project vNet with peering with Hub vNeet. We deployed an Azure internal LB for traffic between DSI&amp;Project and Private vNet.&nbsp; The&nbsp; Frontend IP is 10.110.0.21 and the backend is the VM-series interface eth1/2 (10.110.0.4). I created route table for DSI and Project vNet with a default route to the IP address of LB (10.110.0.21).It's working without issue. From On-prem, I'm able to contact the servers in these zones.&nbsp;</P> <P>&nbsp;</P> <P>I added a new subnet (10.115.0.0/24) named "PrivateDMZ" in vNet Hub Zone and I created a new vNet "DMZ_PRIVATE" with peering with Hub Zone. I reproduced the same conf than before. I added entries in the Azure LB with Frondtend IP address 10.115.0.21 with backends the IP address of eth1/4 (10.115.0.4) I configured a route table for DMZ_PRIVATE vNet with a default route to&nbsp;10.115.0.21. On VM-Series, I created virtual router dedicated for Private zone and another one for PrivateDMZ. I added the probe on each vr. All statics routes have been added (I checked many times). On the Azure Load Balancer, the health seems to be good without issue. But, from on-prem, when I try to contact server in DMZ, the connection is fail even if the traffic is allowed. In the log, the packet received is 0.&nbsp;</P> <P>&nbsp;</P> <P>Do you know what is the issue and why it's not working ?</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jeromecarrier_0-1680351707036.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49211i34E91476C70E3F75/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="jeromecarrier_0-1680351707036.png" alt="jeromecarrier_0-1680351707036.png" /></span></P> <P>&nbsp;</P> <P>Prive LB conf</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jeromecarrier_1-1680351816984.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49212i974B3EB1E5EB3F92/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="jeromecarrier_1-1680351816984.png" alt="jeromecarrier_1-1680351816984.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="jeromecarrier_2-1680351837151.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/49213iE3AA3826AF5F2664/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="jeromecarrier_2-1680351837151.png" alt="jeromecarrier_2-1680351837151.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Sat, 01 Apr 2023 12:28:57 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/vm-series-on-azure-packets-received-0/m-p/537328#M1856 jeromecarrier 2023-04-01T12:28:57Z https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/vm-series-on-azure-packets-received-0/m-p/537564#M1857 <P>Hi there,</P> <P>Which virtual router is Eth1/4 a member of? From your description it sounds like you have three virtual routers, default(?), Private and PrivateDMZ. Have you configured routing between them? Have you configured security policies to allow the required traffic between the VRs?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Tue, 04 Apr 2023 09:58:11 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/vm-series-on-azure-packets-received-0/m-p/537564#M1857 seb_rupik 2023-04-04T09:58:11Z