topic Re: Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen in Next-Generation Firewall Discussions

topic Re: Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/598666#M3796 <P>Hello Roberto,</P> <P> </P> <P>After adding the ms-office365-base app to the security policy rules and the session end reason became "threat".<BR />We then identified that the URL security profile was blocking login.microsoftonline.com, so we added the URL to the custom URL category used.<BR />The issue is now resolved and the root cause was that the app identification related to the traffic to the Azure API server (login.microsoftonline.com) changed from ssl to ms-office365-base when upgrading from PAN-OS 10.1 to 10.2.</P> Tue, 24 Sep 2024 17:01:17 GMT SunilduttJ 2024-09-24T17:01:17Z Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/577258#M2652 <P>I have a palo alto VM- 300 firewall(active/passive) with version 10.1.11-h4.which is hosted in France central azure region 2 availability zone and the azure environment.</P> <P>While doing Azure HA failover validation on active/passive firewalls and validation passed.</P> <P>When we upgrade the panos version 10.2.8 for both active passive firewalls. But hear we are getting validation getting failed.</P> <P>We have raised the case with tac and engineering team. We have already had multiple sessions with Engineering and palo alto , whereby they have tested several code modifications but still they are not able to fix the issue. Please find below screenshot for reference. </P> <P>PAN-OS :- 10.1.11-h4 :- <SPAN>Azure authentication test is passed</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PANOS-10.1.11-h4.png" style="width: 636px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57628iBB7D9E08FFE8AD61/image-dimensions/636x224/is-moderation-mode/true?v=v2" width="636" height="224" role="button" title="PANOS-10.1.11-h4.png" alt="PANOS-10.1.11-h4.png" /></span></P> <P> </P> <P>PAN-OS :- 10.2.8 :- <SPAN>Azure authentication test is Failed.</SPAN></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="PANOS-10.2.8.png" style="width: 649px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/57629iDE5C90F0C31787CC/image-dimensions/649x135/is-moderation-mode/true?v=v2" width="649" height="135" role="button" title="PANOS-10.2.8.png" alt="PANOS-10.2.8.png" /></span></P> <P> </P> <P>If the same kind of problem is occurring in your PRD environment. which you or the TAC engineering team fixed it . <SPAN>Request you please assist us. </SPAN></P> <P> </P> <P><LI-WRAPPER></LI-WRAPPER></P> Wed, 14 Feb 2024 15:56:38 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/577258#M2652 SunilduttJ 2024-02-14T15:56:38Z Re: Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/598662#M3794 <P>Hi, I have the same problem. </P> <P> </P> <P>Did you resolve the issue? </P> Tue, 24 Sep 2024 15:40:33 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/598662#M3794 Roberto.Parra 2024-09-24T15:40:33Z Re: Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/598666#M3796 <P>Hello Roberto,</P> <P> </P> <P>After adding the ms-office365-base app to the security policy rules and the session end reason became "threat".<BR />We then identified that the URL security profile was blocking login.microsoftonline.com, so we added the URL to the custom URL category used.<BR />The issue is now resolved and the root cause was that the app identification related to the traffic to the Azure API server (login.microsoftonline.com) changed from ssl to ms-office365-base when upgrading from PAN-OS 10.1 to 10.2.</P> Tue, 24 Sep 2024 17:01:17 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/active-passive-failover-validation-was-performed-using-azure-ha/m-p/598666#M3796 SunilduttJ 2024-09-24T17:01:17Z