I am implementing this scenrio
Here is the flow of traffic
internet->App Gateway(public ip)->VM Series-> ILB->Web Servers(4)
I only have 1 firewall appliance for now.
Azure application gateway connects with Palo Alto VM Series over port 80.
Application gateway keeps on thinking that firewall VM is unhealthy.
There is no custom probe configured in the template above.
So it expects HTTP 200 but is not getting it.
AppGateway only supports HTTP and HTTPS in the backend.
Perhaps this error is due to missing configuration in the firewall.
What type of configuration do I need to do in the firewall to return valid response over port 80 so it appears healthy to app gateway.
I have define UnTrust and Trust zones
I have configured the Interfaces
I have configured NAT with a static route.
I created a linux VM in the same subnet as the internal load balancer and web servers.
I can curl successfully to the website and get HTTP 200.
I have verified that VM Series firewall VM does allow
What needs to happen in the firewall VM it it respond with http 200 to the health checks from application gateway?
If this is a default build in Github then you should be able to reach out to Palo Alto NEtworks TAC for support. The GitHub Read me page will list the support policy of whether the GitHub template you are deploying is community supported or Officially TAC supported.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!