Certain TCP traffic not showing at the Azure Palo firewalls.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Certain TCP traffic not showing at the Azure Palo firewalls.

L1 Bithead

Certain TCP traffic not showing at the Azure Palo firewalls.

There are tcp traffic from on-prem to Azure test subnet vm.

The connection path is as below: on-prem user laptop -> onprem palo fw -> express route ->Azure Palo fw -> test vm.

There is no NSG on any of the interfaces at Azure side.

The RDP traffic from the on-prem user laptop can reach the test vm no problem (tcp 3389).

The smb (i.e. TCP 139) traffic from the on-prem user laptop can only shown at the on-prem fw log, showing it was allowed and went out the same path to the express route, but timeout status.

The smb traffic is not showing at the Azure palo fw. ( why the smb traffic disappeared after existing the on-prem fw?)

The only difference is the on-prem laptop (prd domain) and the azure vm (test domain) belong to different AD domain controllers, with the same domain name.

No drop packets on either palo fw.

4 REPLIES 4

Community Team Member

Hi @Vanessaxu ,

 

Is the traffic actually reaching the Azure fw or is it going lost in transit ? Can you check with a PCAP ?

Have you checked the global counters ? There might be drops there that don't show up in traffic log.

 

How to check global counters for a specific source and destination IP address 

 

Kind regards,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

L1 Bithead

not sure if reach Azure palo firewall since it's the Azure file sync service.  Not to a VM. 

did a pcap, can't see the traffic incoming either.

L1 Bithead

forced traffic to the test vm via VPN, the traffic shows on the Azure Palo firewall log. Seems the the express route blocks certain traffic. 

  • 1166 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!