- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-09-2023 11:30 AM
Does anyone have any information on what configurations are needed in the Template stack associated with the Cloud NGFW? Specifically I am looking for what the interface and vrouter settings will likely need to be, such as ethernet1/1 and 1/2 set to DHCP, vrouter next hop of X, or if we need to allow for the Azure load-balancer probe monitoring like for VM-based deployment.
08-10-2023 09:15 AM
I did some testing. The Azure plugin creates a special Cloud NGFW template/template stack (cngfw-az-_DEFAULT_TEMPLATE_). You don't get to use an existing template, or add an existing base template into the special template stack. In the special template, the only network options are security zones which are already pre-defined. Interested to see how creating another Cloud NGFW works.
I am currently encountering issues with how the Cloud NGFW accesses External Dynamic Lists (internal to the org) and forwarding logs to a Log Collector. It seems to give Panorama a "fake" management IP address, which complicates troubleshooting where management traffic for these services is coming from the Cloud NGFW.
But the policy administration is standard PAN, which is most appreciated, compared to Azure firewall. The Cloud NGFW onboarding also appears to take care of all the dynamic updates being installed as well. Looking forward to validating this solution.
09-06-2023 05:59 AM
Hi Jason,
Your findings regarding the template stack naming are 100% accurate. This is how the plugin distinguishes between a VM-series device and a Cloud NGFW.
Regarding the management IP address you see in Panorama, this address is not reachable externally and is only used by the service control plane.
As for the internal EDLs, are you using an internal FQDN to access them?
09-09-2023 05:23 PM
internal IP host, no DNS involved, to get to the web server hosting the internal EDL
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

