1. GcpHttpLbAppID skillet to create the Palo Alto Networks App-ID for the Azure Application Gateway Health Probe. 2. move_rule_rest skillet to move the rule to its proper location above the actual application rule and commit.
The skillet is intended for anyone deploying a VM-Series firewall behind the GCP HTTP(s) Load Balancer.
PAN-OS Supported: v8.1 and v9.0 Cloud Provider(s) Supported: GCP Type of Skillet: XML and REST Purpose: Config
The GCP Application Load Balancer HTTP(s) Load Balancer sends an extensive amount of traffic to the firewall that can be hard to differentiate from the valid application traffic. By implementing a specific App-ID, the probe traffic can be filtered specifically to focus on either the probe traffic when troubleshooting configuration or excluded when reviewing valid application traffic. This skillet will configure the following firewall items:
App-ID specific to the GCP HTTP(s) Load Balancer
Objects taken as input for the subnets containing the HTTP(s) Load Balancer
Allow rule for traffic from the HTTP(s) Load Balancer subnet specifically utilizing the App-ID
'move rule' skillet to move the rule to its proper location and perform a final commit