Trying to get the Palo Altos to register as healthy. Can anyone provide some assistance on NAT policies, or configurations for getting TCP 80 checks from ALB to Palo Altos to ALB which sits in front of two App servers?
ALB (Palo Altos)
ALB (App Servers)
What are the health checks telling you about why they are failing ? (there should be a reason code that you can match to the documentation)
how ids your NAT configured currently?
The health check failure states 'Request Timed Out'.
For NAT policies on the FW, I use Address Objects and map the FQDN of the ALBs. I can succesfully resolve the FQDN of the ALB which points to the Palo Altos, but I cannot resolve the ALB for the App Servers from the Palo Alto. They are in different VPCs.
Palo1 Palo2 = Can resolve from FW
App1 App2 = Can't resolve from FW
I think it has something to do with the Palo not being able to resolve the FQDN of the ALB positioned 'lower' in the stack sitting above the App Servers.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!