I am deploying a new firewall for a PoC however I am having some issues. I have deployed and activated the server on Azure, I am using VM-Series. However despite on the Azure side there being no restrictions, there server is not able to connect to the internet for updates.
I must be missing something basic in understand/setup so any pointers would be great.
is the server in the same vnet and subnet as the internal interface and how have you set the default gateway of the server?
most commonly the internal interface of the palo will be dhcp client and the server behind has a default gateway to x.x.x.4
Set the palo external interface also to dhcp client and enable dynamic port/ip NAT and only assign the interface (don't set an IP)
see if that helps
So Logs show traffic is allowed and the NAT is also being applied.
however after all that nothing worked, so I deployed another Palo ALto instance but this time it had a public IP on the management interface. it worked,
Added a public IP on the server I was working on and internet connectivity worked. My question is why? Azure does nat'ing for you, it should not need a public IP to get out to the internet? Does anyone know why?
Sounds like a routing/policy issues with the original PAN you deployed. I wouldnt recommend having the management interface internet facing unless you lock it down to source IP's. However you can change the services, so they use a different interface to reaching out and grabbing updates, etc.
If you're adventurous
it blocks almost everything so be careful.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!