ALB Health Checks -> Palo Alto -> ALB

L1 Bithead

ALB Health Checks -> Palo Alto -> ALB

Trying to get the Palo Altos to register as healthy. Can anyone provide some assistance on NAT policies, or configurations for getting TCP 80 checks from ALB to Palo Altos to ALB which sits in front of two App servers? 

 

ALB (Palo Altos)

   |

Palo Altos

   |
ALB (App Servers)

   | 
App Servers

Tags (3)
Community Manager

Re: ALB Health Checks -> Palo Alto -> ALB

What are the health checks telling you about why they are failing ? (there should be a reason code that you can match to the documentation)

 

how ids your NAT configured currently?


Help the community: Like helpful comments and mark solutions
Reaper out
L1 Bithead

Re: ALB Health Checks -> Palo Alto -> ALB

The health check failure states 'Request Timed Out'.

 

For NAT policies on the FW, I use Address Objects and map the FQDN of the ALBs. I can succesfully resolve the FQDN of the ALB which points to the Palo Altos, but I cannot resolve the ALB for the App Servers from the Palo Alto. They are in different VPCs. 

 

      ALB
Palo1 Palo2   = Can resolve from FW

 

     ALB
App1 App2  =  Can't resolve from FW

 

I think it has something to do with the Palo not being able to resolve the FQDN of the ALB positioned 'lower' in the stack sitting above the App Servers. 

 

 

 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!