With the NAT VM no longer being required and you can assign a public address to NIC1 I have a question on the NAT process concerning only connectivity from resources to the interent. Do you need to configure a source nat policy or do you just forward traffic to 0.0.0.0/0 via a static route to the .1 address of the subnet on NIC1 and the Azure environment will do the translation? It is my understanding you only assign the public IP address to the VM NIC and do not assign this to an interface within the Palo Alto configuration?
For outbound, just add a static route that forwards trafffic as you suggest. I *think* you can just forward it to eth 1/1 (an not mention the ip address of the subnet) of the fw -- assuming eth1/1 is what NIC1 is connected to.
The NIC in Azure has the public IP and the firewall doesn't even see it. It only see the private address.
I was not able to get this to work without putting a source nat policy in and after I put that in internet access is available.
to-interface ethernet1/1 ;
translate-to "src: ethernet1/1 x.x.x.x (dynamic-ip-and-port) (pool idx: 1)";
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!