AWS / Azure Articles

Announcements
Customer Notice: Panorama Certificate Expiration on June 16 2017.  Read More >

Multiple Public IP Support for VM-Series on Microsoft Azure

by mkeil on ‎03-20-2017 05:49 AM - edited on ‎03-28-2017 12:26 AM by (694 Views)

 

Details

Multiple public IP support in Microsoft Azure is now generally available in all Azure public regions. As a reminder, multiple public IP support allows you to assign one/more public IP(s) to any interface (NIC) of the VM-Series instance in Azure, eliminating the current need for a NAT VM for some deployment scenarios. Learn more about Multiple public IP support here.

Note:

  • This Microsoft Azure update also includes Microsoft Azure Load Balancer enhancements that will allow traffic to be distributed across any IP address on any interface of the VM-Series, (i.e. Azure Load Balancer does not target eth0 only any longer). For more details on how to manually scale out security to protect web applications using VM-Series and Application Gateway: https://github.com/PaloAltoNetworks/azure-applicationgateway>
  • For each public IP assigned to an interface, Microsoft Azure also assigns a private IP to the VM-Series interface. When the first public IP (i.e. primary public IP) is configured on the interface, the firewall gets the equivalent private IP via DHCP. Any additional, i.e. secondary, public IP (or private IP) assigned to a VM-Series interface must be manually configured as static IP addresses inside VM-Series on the corresponding interface.

Once you start using the multiple public IP feature, a NAT VM is not required in front of any Internet facing use cases as was previously needed. If you are using a NAT VM then you can reassign the NAT VM’s public IP directly on the VM-Series firewall public facing interface in the Azure Portal.  For example, one or more public IP’s can be the untrust interface (eth1) in the diagram below.

 

resource group.png

 

Now multiple services or applications can be hosted from the same interface, or from separate interfaces. For example, application 1 is served from the VM-Series eth1 interface, and application 2 can be served from eth2 interface. For highly available designs and scalability, it is recommended to use Azure-native load balancers like Azure Application Gateway or Azure Load Balancer, as discussed here.

Register now
Ask Questions Get Answers Join the Live Community
Contributors